VMGuards: A Novel Virtual Machine Based Code Protection System with VM Security as the First Class Design Concern

Tang, Zhanyong; Li, Meng; Ye, Guixin; Cao, Shuai; Chen, Mei‐Ling; Gong, Xiaoqing; Fang, Dingyi; Wang, Zheng

doi:10.3390/app8050771

Cited by 5 publications

(5 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Furthermore, there is a virtualization technique introduced by [17][18] [19] where this technique secures the code by extracting the ARM instruction key and then mapping the instruction into virtual instructions which are then encoded into the SO file. [20] added mapped key protection to the virtualization process to make it difficult to restore so that the code is very difficult to crack. [2] implemented this virtualization method at the binary level making it more difficult to crack and extending the hacking time.…”

Section: Related Workmentioning

confidence: 99%

Signature Verification Based on Dex CRC and Blake2 Algorithm to Prevent Reverse Engineering Attack in Android Application

Ilham,

Muhammad Niswar,

Ady Wahyudi Paundu

2023

Int. J. Interact. Mob. Technol.

View full text Add to dashboard Cite

The rapid growth of Android applications has led to more cybercrime cases, specifically Reverse Engineering attacks, on Android apps. One of the most common cases of reverse engineering is application repackaging, where the application is downloaded via the Play Store or the official website and then repackaged with various additions or changes. One of the ways to avoid Application Repackaging attacks is to check the signature of an application. However, hackers can manipulate the application by adding a hook, i.e., replacing the original function for getting signatures with a new modified function in the application. In this research, the development of a verification method for Android applications is carried out by utilizing Dex CRC and the Blake2 algorithm, which will be written in C using the Java Native Interface (JNI). The results of this study indicate that the verification method using Dex CRC and the Blake2 algorithm can effectively protect Android applications from Application Repackaging attacks without burdening application performance.

show abstract

Section: Related Workmentioning

confidence: 99%

Signature Verification Based on Dex CRC and Blake2 Algorithm to Prevent Reverse Engineering Attack in Android Application

Ilham,

Muhammad Niswar,

Ady Wahyudi Paundu

2023

Int. J. Interact. Mob. Technol.

View full text Add to dashboard Cite

show abstract

“…Amongst these, the execution time of bcrypt increases by the most than original program. 7 For the key instructions in bcrypt is frequently executed than others (as shown in the bottom row of the table 6). In addition, execution time does not change much with the increase of partition number.…”

Section: Effectiveness Evaluationmentioning

confidence: 99%

“…This could bring up various attacks, taking out advertisements from the application, including removing copyright protection of software or injecting malicious code into the program. Code obfuscation could make it difficult to trace and analyze the program, protect the software from unauthorized code modification [1]- [7].…”

Section: Introductionmentioning

confidence: 99%

Invalidating Analysis Knowledge for Code Virtualization Protection Through Partition Diversity

Wang

Tang

et al. 2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

To protect programs from unauthorized analysis, virtualize the code based on Virtual Machine (VM) technologies is emerging as a feasible method for accomplishing code obfuscation. However, in some State-of-the-art VM-based protection approaches, the set of virtual instructions and bytecode interpreters are fixed across the whole programs. This means an experienced attacker could extract the mapping information between virtual instructions and native code from programs, and use this knowledge to uncover the mapping relationships in similar protecting applications. To address this problem, we present CoDiver (Code Virtualization Protection with Diversity), a novel VM-based code obfuscation system in this paper. The main idea of our approach is to obfuscate the mapping between the opcodes of bytecode instructions and their semantics. To achieve this goal, we first turn every protected code region into multiple parts by partition proceeding, randomize the mapping of opcodes and their semantics of each part. By this way, we could translate the bytecode instruction into different native code in different sections of the obfuscated code. This method could increase the diversity of program behavior significantly. As a result, it will be useless to learn the mapping relationship between bytecode and native code of some other programs, then migrate it into a new program. We build a prototype of CoDiver and tested it on a set of real-world applications. Experimental results show that as compared with two state-of-the-art VM-based code obfuscation approaches, our approach is more effective and could provide stronger protection with comparable runtime overhead and code size. INDEX TERMS Instruction set randomization, reverse engineering, virtualized obfuscation.

show abstract

“…Recently, community has considered using the idea of code virtualization to protect programs. VMGuards [40] is a process-level VM-based code protection system. It designs two new instruction sets to protect the critical code segments and the host runtime environment where the VM runs in.…”

Section: Related Workmentioning

confidence: 99%

Leveraging WebAssembly for Numerical JavaScript Code Virtualization

et al. 2019

Self Cite

View full text Add to dashboard Cite

Code obfuscation built upon code virtualization technology is one of the viable means for protecting sensitive algorithms and data against code reverse engineering attacks. Code virtualization has been successfully applied to programming languages like C, C++, and Java. However, it remains an outstanding challenge to apply this promising technique to JavaScript, a popular web programming language. This is primarily due to the open visibility of JavaScript code and the expensive runtime overhead associated with code virtualization. This paper presents JSPro, a novel code virtualization system for JavaScript. JSPro is the first JavaScript code obfuscation tool that builds upon the emerging WebAssembly language standard. It is designed to provide more secure code protection but without incurring a significant runtime penalty, explicitly targeting numerical JavaScript kernels. We achieve this by first automatically translating the target JavaScript code into WebAssembly and then performing code obfuscation on the compiled WebAssembly binary. Our design has two advantages over existing solutions: (1) it increases the code reverse entering complexity by implementing code obfuscation at a lower binary level and (2) it significantly reduces the performance impact of code virtualization over the native JavaScript code by using the performance-tuned WebAssembly language. We evaluate JSPro on a set of numerical JavaScript algorithms widely used in many applications. To test the performance, we apply JSPro to four mainstream web browsers running on three distinct mobile devices. Compared to state-of-the-art JavaScript obfuscation tools, JSPro not only provides stronger protection but also reduces the runtime overhead by at least 15% (up to 38.2%) and the code size by 28.2% on average.

show abstract

VMGuards: A Novel Virtual Machine Based Code Protection System with VM Security as the First Class Design Concern

Cited by 5 publications

References 26 publications

Signature Verification Based on Dex CRC and Blake2 Algorithm to Prevent Reverse Engineering Attack in Android Application

Signature Verification Based on Dex CRC and Blake2 Algorithm to Prevent Reverse Engineering Attack in Android Application

Invalidating Analysis Knowledge for Code Virtualization Protection Through Partition Diversity

Leveraging WebAssembly for Numerical JavaScript Code Virtualization

Contact Info

Product

Resources

About