Exploiting self-modification mechanism for program protection

Kanzaki, Yuichiro; Monden, Akito; Nakamura, Masahide; Matsumoto, Kenichi

doi:10.1109/cmpsac.2003.1245338

Cited by 50 publications

(49 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…One of the main uses of self-modifying code until today has been the runtime generation of code and of code compression [4,27]. Both of these applications allow better use of computing resources, and therefore allow run-time or memory usage improvements over their non-modified counterparts.…”

Section: Review Of Self-modificationmentioning

confidence: 99%

Developments in Cartesian Genetic Programming: self-modifying CGP

Harding

Miller

Banzhaf

2010

Genet Program Evolvable Mach

View full text Add to dashboard Cite

Self-modifying Cartesian Genetic Programming (SMCGP) is a general purpose, graph-based, developmental form of Genetic Programming founded on Cartesian Genetic Programming. In addition to the usual computational functions, it includes functions that can modify the program encoded in the genotype. This means that programs can be iterated to produce an infinite sequence of programs (phenotypes) from a single evolved genotype. It also allows programs to acquire more inputs and produce more outputs during this iteration. We discuss how SMCGP can be used and the results obtained in several different problem domains, including digital circuits, generation of patterns and sequences, and mathematical problems. We find that SMCGP can efficiently solve all the problems studied. In addition, we prove mathematically that evolved programs can provide general solutions to a number of problems: n-input even-parity, n-input adder, and sequence approximation to p.

show abstract

Section: Review Of Self-modificationmentioning

confidence: 99%

Developments in Cartesian Genetic Programming: self-modifying CGP

Harding

Miller

Banzhaf

2010

Genet Program Evolvable Mach

View full text Add to dashboard Cite

show abstract

“…However, most of these techniques can be overcome using dynamic analysis. Researchers have also investigated using run-time techniques to obscure code, including using self-modifying code to obfuscate instructions [28]. Code encryption is also useful technique to hamper analysis.…”

Section: Related Workmentioning

confidence: 99%

“…As we describe in Section 4, attackers are increasingly using run-time techniques to analyze applications. To protect against such attacks, a few solutions have been proposed which involve changing program code as it runs, to create a shifting attack target (e.g., dynamic instruction rewriting [28], and edit scripts [35]). Another solution involves packaging a process-level VM with the application, that protects the run time from analysis and generic attack [1,20,51], as shown in the right side of Figure 2.…”

Section: Software Protection Modelmentioning

confidence: 99%

Replacement attacks against VM-protected applications

2012

View full text Add to dashboard Cite

Process-level virtualization is increasingly being used to enhance the security of software applications from reverse engineering and unauthorized modification (called software protection). Processlevel virtual machines (PVMs) can safeguard the application code at run time and hamper the adversary's ability to launch dynamic attacks on the application. This dynamic protection, combined with its flexibility, ease in handling legacy systems and low performance overhead, has made process-level virtualization a popular approach for providing software protection. While there has been much research on using process-level virtualization to provide such protection, there has been less research on attacks against PVM-protected software. In this paper, we describe an attack on applications protected using process-level virtualization, called a replacement attack. In a replacement attack, the adversary replaces the protecting PVM with an attack VM thereby rendering the application vulnerable to analysis and modification. We present a general description of the replacement attack methodology and two attack implementations against a protected application using freely available tools. The generality and simplicity of replacement attacks demonstrates that there is a strong need to develop techniques that meld applications more tightly to the protecting PVM to prevent such attacks.

show abstract

“…Kanzaki et al [7] used self-modifying binary code to thwart static analysis and disassembling, while Birrer et al [8] provide metamorphic binary code by means of program fragmentation, and Giffin et al [9] used self-modifying code for code guards hardening.…”

Section: Introductionmentioning

confidence: 99%

Software Protection with Code Mobility

Cabutto

Falcarin

Abrath

et al. 2015

Proceedings of the Second ACM Workshop on Moving Target Defense

View full text Add to dashboard Cite

The analysis of binary code is a common step of Man-At-The-End attacks to identify code sections crucial to implement attacks, such as identifying private key hidden in the code, identifying sensitive algorithms or tamper with the code to disable protections (e.g. license checks or DRM) embedded in binary code, or use the software in an unauthorized manner. Code Mobility can be used to thwart code analysis and debugging by removing parts of the code from the deployed software program and installing it at runtime by downloading binary code blocks from a trusted server. The proposed architecture of the code mobility protection downloads mobile code blocks, which are allocated dynamically at addresses determined at run-time; control transfers into and out of mobile code blocks are rewritten using the Diablo binaryrewriter tool.

show abstract

Exploiting self-modification mechanism for program protection

Cited by 50 publications

References 7 publications

Developments in Cartesian Genetic Programming: self-modifying CGP

Developments in Cartesian Genetic Programming: self-modifying CGP

Replacement attacks against VM-protected applications

Software Protection with Code Mobility

Contact Info

Product

Resources

About