Obfuscation by partial evaluation of distorted interpreters

Giacobazzi, Roberto; Jones, Neil D.; Mastroeni, Isabella

doi:10.1145/2103746.2103761

Cited by 29 publications

(44 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Source code obfuscation is gaining an ever-growing level of importance in the secure software arena, affording both source code and binary protection in areas such as Intellectual Property (IP) and Digital Rights Management (DRM) [6]. The goal of source code obfuscation is to transform and obscure the program variables and the code lines to such a point where it becomes unintelligible to both automated and human reverse engineering efforts.…”

Section: Methodsmentioning

confidence: 99%

Securely handling application-to-application connection credentials

Lieberman

Mitropoulos

2013

2013 Proceedings of IEEE Southeastcon

View full text Add to dashboard Cite

The utilization of application-to-application credentials within interpretive language scripts and application code has long been a security risk. The quandaries being how to protect and secure the credentials embedded in source code and avoid exploitation from rogue programmers, sys admins and other users with authorized high levels of privilege. To date the pervasive method for addressing this has been to live with the risk and concentrate on mitigating the impact of expected and eventual exploitation. Recently published research efforts support the pervasive acceptance of this risk by such stayed auditing bodies such as the Institute of Internal Auditing (IIA) and the Information Systems Audit and Control Association (ISCAA). Numerous research efforts have taken place were built on the premise that nothing can be done to avoid the risk so it is best to concentrate the research on reducing the impact of exploitation.The research presented in this paper develops a method by which interpretive language scripts can request credentials from a commercial password vault and have those credentials returned to the script in such a manner as to reduce the risk of exploit significantly over generally accepted methods for credential handling.

show abstract

Section: Methodsmentioning

confidence: 99%

Securely handling application-to-application connection credentials

Lieberman

Mitropoulos

2013

2013 Proceedings of IEEE Southeastcon

View full text Add to dashboard Cite

show abstract

“…It is interested to note that our formalisation of our online partial evaluator was influenced by a notion of closure [LS91] that has been used to formalise partial evaluators for logic programs; this suggests that the idea is not limited to one particular programming paradigm. Quite apart from its role in deobfuscation, partial evaluation can also be applied in obfuscation [GJM12]: a modified interpreter, that encapsulates an obfuscation technique, is partially evaluated with respect to the source program to automatically obfuscate the source.…”

Section: Related Workmentioning

confidence: 99%

Partial evaluation of string obfuscations for Java malware detection

2017

View full text Add to dashboard Cite

Abstract.The fact that Java is platform independent gives hackers the opportunity to write exploits that can target users on any platform, which has a JVM implementation. Metasploit is a well-known source of Java exploits and to circumvent detection by Anti Virus (AV) software, obfuscation techniques are routinely applied to make an exploit more difficult to recognise. Popular obfuscation techniques for Java include string obfuscation and applying reflection to hide method calls; two techniques that can either be used together or independently. This paper shows how to apply partial evaluation to remove these obfuscations and thereby improve AV matching. The paper presents a partial evaluator for Jimple, which is an intermediate language for JVM bytecode designed for optimisation and program analysis, and demonstrates how partially evaluated Jimple code, when transformed back into Java, improves the detection rates of a number of commercial AV products.

show abstract

“…We know of no partial evaluator for Jimple, though Soot represents the ideal environment for developing one [8]. Quite apart from its role in deob-fuscation, partial evaluation can also be applied in obfuscation [10]: a modified interpreter, that encapsulates an obfuscation technique, is partially evaluated with respect to the source program to automatically obfuscate the source. Program transformation has been proposed for deobfuscating binary programs [5], by unpacking and removing superfluous jumps and junk, again with the aim of improving AV scanning.…”

Section: Related Workmentioning

confidence: 99%

Partial Evaluation for Java Malware Detection

Singh

King

2015

Logic-Based Program Synthesis and Transformation

View full text Add to dashboard Cite

Abstract. The fact that Java is platform independent gives hackers the opportunity to write exploits that can target users on any platform, which has a JVM implementation. To circumvent detection by anti virus (AV) software, obfuscation techniques are routinely applied to make an exploit more difficult to recognise. Popular obfuscation techniques for Java include string obfuscation and applying reflection to hide method calls; two techniques that can either be used together or independently. This paper shows how to apply partial evaluation to remove these obfuscations and thereby improve AV matching. The paper presents a partial evaluator for Jimple, which is a typed three-address code suitable for optimisation and program analysis, and also demonstrates how the residual Jimple code, when transformed back into Java, improves the detection rates of a number of commercial AV products.

show abstract

Obfuscation by partial evaluation of distorted interpreters

Cited by 29 publications

References 24 publications

Securely handling application-to-application connection credentials

Securely handling application-to-application connection credentials

Partial evaluation of string obfuscations for Java malware detection

Partial Evaluation for Java Malware Detection

Contact Info

Product

Resources

About