Exploiting Dynamic Scheduling for VM-Based Code Obfuscation

“…In this paper, we implement the virtualization process by stack virtual machine [24]. If we utilize VM to simulate the normal execution of the program, it is necessary to build the structure of the stack and register in the WebAssembly environment.…”

Section: Implementation Detailsmentioning

confidence: 99%

Leveraging WebAssembly for Numerical JavaScript Code Virtualization

et al. 2019

Self Cite

View full text Add to dashboard Cite

Code obfuscation built upon code virtualization technology is one of the viable means for protecting sensitive algorithms and data against code reverse engineering attacks. Code virtualization has been successfully applied to programming languages like C, C++, and Java. However, it remains an outstanding challenge to apply this promising technique to JavaScript, a popular web programming language. This is primarily due to the open visibility of JavaScript code and the expensive runtime overhead associated with code virtualization. This paper presents JSPro, a novel code virtualization system for JavaScript. JSPro is the first JavaScript code obfuscation tool that builds upon the emerging WebAssembly language standard. It is designed to provide more secure code protection but without incurring a significant runtime penalty, explicitly targeting numerical JavaScript kernels. We achieve this by first automatically translating the target JavaScript code into WebAssembly and then performing code obfuscation on the compiled WebAssembly binary. Our design has two advantages over existing solutions: (1) it increases the code reverse entering complexity by implementing code obfuscation at a lower binary level and (2) it significantly reduces the performance impact of code virtualization over the native JavaScript code by using the performance-tuned WebAssembly language. We evaluate JSPro on a set of numerical JavaScript algorithms widely used in many applications. To test the performance, we apply JSPro to four mainstream web browsers running on three distinct mobile devices. Compared to state-of-the-art JavaScript obfuscation tools, JSPro not only provides stronger protection but also reduces the runtime overhead by at least 15% (up to 38.2%) and the code size by 28.2% on average.

show abstract

“…At present, we can divide the existing structure into three categories: centralized model [4,31], Chained model [32] and Hybrid model [32,33]. In this paper, we prefer to use the third one.…”

Section: Dispatchermentioning

confidence: 99%

VMGuards: A Novel Virtual Machine Based Code Protection System with VM Security as the First Class Design Concern

Tang

et al. 2018

Applied Sciences

Self Cite

View full text Add to dashboard Cite

Process-level virtual machine (PVM) based code obfuscation is a viable means for protecting software against runtime code tampering and unauthorized code reverse engineering. PVM-based approaches rely on a VM to determine how instructions of the protected code region are scheduled and executed. Therefore, it is crucial to protect the VM against runtime code tampering that alters the instructions and behavior of the VM. This paper presents VMGuards, a novel PVM-based code protection system that puts the security of VM as the first class design concern. Our approach advances prior work by promoting security of the VM as the first class design constraint. We achieve this by introducing two new instruction sets to protect the internal implementations of critical code segments and the host runtime environment where the VM runs in. Our new instruction sets not only have an identical code structure as standard virtual instructions, but also provide additional information to allow the VM to check whether the critical internal implementation or the runtime environment is affected. We evaluate our approach by using a set of real-life applications. Experimental results show that our approach provides stronger and more fine-grained protection when compared to the state-of-the-art with little extra overhead.

show abstract

Exploiting Dynamic Scheduling for VM-Based Code Obfuscation

Cited by 8 publications

References 12 publications

Compile-time code virtualization for android applications

Compile-time code virtualization for android applications

Leveraging WebAssembly for Numerical JavaScript Code Virtualization

VMGuards: A Novel Virtual Machine Based Code Protection System with VM Security as the First Class Design Concern

Contact Info

Product

Resources

About