Obfuscated integration of software protections

Springer Science and Business Media LLC - Tập 20 - Trang 73-101 - 2020

Jens Van den Broeck¹, Bart Coppens¹, Bjorn De Sutter¹

¹Department of Electronics and Information Systems, Ghent University, Zwijnaarde, Belgium

Tóm tắt

To counter man-at-the-end attacks such as reverse engineering and tampering, software is often protected with techniques that require support modules to be linked into the application. It is well known, however, that attackers can exploit the modular nature of applications and their protections to speed up the identification and comprehension process of the relevant code, the assets, and the applied protections. To counter that exploitation of modularity at different levels of granularity, the boundaries between the modules in the program need to be obfuscated. We propose to do so by combining three cross-boundary protection techniques that thwart the disassembly process and in particular the reconstruction of functions: code layout randomization, interprocedurally coupled opaque predicates, and code factoring with intraprocedural control flow idioms. By means of an experimental evaluation on realistic use cases and state-of-the-art tools, we demonstrate our technique’s potency and resilience to advanced attacks. All relevant code is publicly available online.

Tài liệu tham khảo

Ceccato, M., Tonella, P., Basile, C., Falcarin, P., Torchiano, M., Coppens, B., De Sutter, B.: Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge. Empir. Softw. Eng. 24(1), 240–286 (2019)

Cabutto, A., Falcarin, P., Abrath, B., Coppens, B., De Sutter, B.: Software protection with code mobility. In: Proceedings of the 2nd ACM Workshop on Moving Target Defense, pp. 95–103 (2015)

Ceccato, M., Dalla Preda, M., Nagra, J., Collberg, C., Tonella, P.: Barrier slicing for remote software trusting. In: 7th IEEE International Working Conference on Source Code Analysis and Manipulation, pp. 27–36 (2007)

Viticchié, A., Basile, C., Avancini, A., Ceccato, M., Abrath, B., Coppens, B.: Reactive attestation: Automatic detection and reaction to software tampering attacks. In: Proceedings of the 2016 ACM Workshop on Software PROtection, pp. 73–84 (2016)

Abrath, B., Coppens, B., Volckaert, S., Wijnant, J., De Sutter, B.: Tightly-coupled self-debugging software protection. In: Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering, p. 7 (2016)

Ghosh, S., Hiser, J.D., Davidson, J.W.: A secure and robust approach to software tamper resistance. In: Proceedings of the International Workshop on Information Hiding, pp. 33–47 (2010)

Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education, London (2009)

Wang, Y.: Cognitive complexity of software and its measurement. In: 2006 5th IEEE International Conference on Cognitive Informatics, vol. 1, pp. 226–235 (2006). https://doi.org/10.1109/COGINF.2006.365701

Woodward, M.R., Hennell, M.A., Hedley, D.: A measure of control flow complexity in program text. IEEE Trans. Softw. Eng. 5(1), 45–50 (1979)

Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 290–299 (2003)

Van Put, L., Chanet, D., De Bus, B., De Sutter, B., De Bosschere, K.: Diablo: a reliable, retargetable and extensible link-time rewriting framework. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, 2005, pp. 7–12 (2005)

Debray, S.K., Evans, W., Muth, R., De Sutter, B.: Compiler techniques for code compaction. ACM Trans. Program. Lang. Syst. (TOPLAS) 22(2), 378–415 (2000)

Muchnick, S., et al.: Advanced Compiler Design Implementation. Morgan Kaufmann, Burlington (1997)

Coppens, B., De Sutter, B., Maebe, J.: Feedback-driven binary code diversification. ACM Trans. Arch. Code Optim. (TACO) 9(4), 24 (2013)

Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: Proceedings of 22nd Annual Computer Security Applications Conference, pp. 339–348 (2006)

Meng, X., Miller, B.P.: Binary code is not easy. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 24–35 (2016)

Ngo, M.N., Tan, H.B.K.: Detecting large number of infeasible paths through recognizing their patterns. In: Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 215–224 (2007)

Dalla Preda, M., Madou, M., De Bosschere, K., Giacobazzi, R.: Opaque predicates detection by abstract interpretation. In: International Conference on Algebraic Methodology and Software Technology, pp. 81–95 (2006)

Yadegari, B., Debray, S.: Symbolic execution of obfuscated code. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 732–744 (2015)

Yadegari, B., Johannesmeyer, B., Whitely, B., Debray, S.: A generic approach to automatic deobfuscation of executable code. In: IEEE Symposium on Security and Privacy, pp. 674–691 (2015)

Blazytko, T., Contag, M., Aschermann, C., Holz, T.: Syntia: Synthesizing the semantics of obfuscated code. In: Proceedings of the 26th USENIX Conference on Security Symposium, pp. 643–659 (2017)

Madou, M.: Application security through program bfuscation. Phd thesis, Ghent University (2007)

Collberg, C.S., Thomborson, C.D., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: POPL (1998)

Wegman, M.N., Zadeck, F.K.: Constant propagation with conditional branches. ACM Trans. Program. Lang. Syst. (TOPLAS) 13(2), 181–210 (1991)

Wang, C., Hill, J., Knight, J., Davidson, J.: Software tamper resistance: obstructing static analysis of programs. Technical Report, Technical Report CS-2000-12, University of Virginia (2000)

Debray, S., Evans, W., Muth, R.: Compiler techniques for code compression. In: Workshop on Compiler Support for System Software, pp. 117–123 (1999)

De Sutter, B., De Bus, B., De Bosschere, K.: Sifting out the mud: low level C++ code reuse. ACM SIGPLAN Not. 37, 275–291 (2002)

/OPT (Optimizations)—Microsoft Docs (2018). https://docs.microsoft.com/en-us/cpp/build/reference/opt-optimizations?view=vs-2019. Accessed 17 Apr 2019

De Sutter, B., De Bus, B., De Bosschere, K.: Sifting out the mud: low level C++ code reuse. In: Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), vol. 37, pp. 275–291 (2002)

Edler von Koch, T.J., Franke, B., Bhandarkar, P., Dasgupta, A.: Exploiting function similarity for code size reduction. ACM SIGPLAN Not. 49(5), 85–94 (2014)

Rocha, R.C., Petoumenos, P., Wang, Z., Cole, M., Leather, H.: Function merging by sequence alignment. In: Proceedings of the 2019 IEEE/ACM International Symposium on Code Generation and Optimization, pp. 149–163 (2019)

Tip, F.: A survey of program slicing techniques. J. Program. Lang. 3(3), 121–189 (1995)

De Sutter, B., De Bus, B., De Bosschere, K.: Bidirectional liveness analysis, or how less than half of the alpha’s registers are used. J. Syst. Arch. 52(10), 535–548 (2006)

Debray, S.K., Evans, W., Muth, R., De Sutter, B.: Compiler techniques for code compaction. ACM Trans. Program. Lang. Syst. 22(2), 378–415 (2000)

Debray, S., Muth, R., Weippert, M.: Alias analysis of executable code. In: Proceedings of ACM POPL, pp. 12–24 (1998)

Basile, C.: D5.11 ASPIRE framework report. Techreport, POLITO (2016). https://aspire-fp7.eu/sites/default/files/D5.11-ASPIRE-Framework-Report.pdf. Accessed 17 Sept 2018

Banescu, S., Collberg, C., Ganesh, V., Newsham, Z., Pretschner, A.: Code obfuscation against symbolic execution attacks. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 189–200 (2016)

Standard Performance Evaluation Corporation: SPEC CPU 2006 (2018). https://www.spec.org/cpu2006/

Home—Aspire-FP7 (2018). https://aspire-fp7.eu/

De Sutter, B.: D1.06 ASPIRE validation. Techreport, Ghent University (2016). https://aspire-fp7.eu/sites/default/files/D1.06-ASPIRE-Validation-v1.01.pdf. Accessed 6 May 2019

Van den Broeck, J., Coppens, B., De Sutter, B.: Extended report on the obfuscated integration of software protections (2019). arXiv:1907.01445

Liška, M.: Optimizing large applications (2014). arXiv preprint arXiv:1403.6997

mliska: [PATCH 3/5] IPA ICF pass (2014). https://gcc.gnu.org/ml/gcc-patches/2014-06/msg01246.html. Accessed 17 Apr 2019

Tallam, S., Coutant, C., Taylor, I.L., Li, X.D., Demetriou, C.: Safe ICF: pointer safe and unwinding aware identical code folding in gold. In: GCC Developers Summit (2010)

Ueyama, R.: Elf: implement ICF (2016). https://reviews.llvm.org/rL261912. Accessed 17 Apr 2019

Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., Weippl, E.: Protecting software through obfuscation: can it keep pace with progress in code analysis? ACM Comput. Surv. (CSUR) 49(1), 4 (2016)

Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report. Department of Computer Science, The University of Auckland, New Zealand (1997)

Myles, G., Collberg, C.: Software watermarking via opaque predicates: implementation, analysis, and attacks. Electron. Commer. Res. 6(2), 155–171 (2006)

Majumdar, A., Thomborson, C.: Manufacturing opaque predicates in distributed systems for code obfuscation. In: Proceedings of the 29th Australasian Computer Science Conference, vol. 48, pp. 187–196 (2006)

Xu, H., Zhou, Y., Kang, Y., Tu, F., Lyu, M.: Manufacturing resilient bi-opaque predicates against symbolic execution. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 666–677 (2018). https://doi.org/10.1109/DSN.2018.00073

Zobernig, L., Galbraith, S.D., Russello, G.: Indistinguishable predicates: a new tool for obfuscation. IACR Cryptol. ePrint Arch. 2017, 787 (2017)

Zobernig, L., Galbraith, S.D., Russello, G.: When are opaque predicates useful? In: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 168–175. IEEE (2019)

Asghar, M.R., Galbraith, S.D., Russello, G.: Obfuscation through simplicity (2016). https://www.math.auckland.ac.nz/~sgal018/simplicity.pdf. Accessed 24 June 2019

Collberg, C., Martin, S., Myers, J., Zimmerman, B.: The tigress diversifying c virtualizer (2015). http://tigress.cs.arizona.edu/. Accessed 17 Apr 2019

Junod, P., Rinaldini, J., Wehrli, J., Michielin, J.: Obfuscator-LLVM—software protection for the masses. In: Wyseur, B. (ed.) Proceedings of the IEEE/ACM 1st International Workshop on Software Protection, SPRO’15, Firenze, Italy, May 19th, 2015, pp. 3–9. IEEE (2015). https://doi.org/10.1109/SPRO.2015.10

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.