research-article

Binary Protection using Dynamic Fine-grained Code Hiding and Obfuscation

Authors:

Xianya MiAuthors Info & Claims

ICINS '16: Proceedings of the 4th International Conference on Information and Network Security

Pages 1 - 8

https://doi.org/10.1145/3026724.3026726

Published: 28 December 2016 Publication History

Abstract

Anti-reverse engineering is one of the core technologies of software intellectual property protection, prevailing techniques of which are static and dynamic obfuscation. Static obfuscation can only prevent static analysis with code mutation done before execution by compressing, encrypting and obfuscating. Dynamic obfuscation can prevent both static and dynamic analysis, which changes code while being executed. Popular dynamic obfuscation techniques include self-modifying code and virtual machine protection. Despite the higher safety, dynamic obfuscation has its problems: 1) code appear in plain text remains a long time; 2) control flow is exposable; 3) time and space overheads are too big. This paper presents a binary protection scheme using dynamic fine-grained code hiding and obfuscation named dynFCHO. In this scheme, basic blocks to be protected are hidden in original code and will be restored while being executed. Code obfuscation is also implemented additionally to enhance safety. Experiments prove that dynFCHO can effectively resist static and dynamic analysis without destructing original software functions. It can be used on most binary programs compiled by standard compilers. This scheme can be widely used with the advantages of strong protection, light-weight implementation, and good extendibility.

References

[1]

Anckaert B, Jakubowski M, Venkatesan R. Proteus: virtualization for diversified tamper-resistance{C}. Proceedings of the ACM workshop on Digital rights management. ACM, 2006: 47--58.

Digital Library

[2]

Anirban Majumdar, Clark Thomborson. Manufacturing opaque predicates in distributed systems for code obfuscation proceeding. In ACSC '06 Proceedings of the 29th Australasian Computer Science Conference. 2006: 187--196.

Digital Library

[3]

Dongpeng Xu, Jiang Ming, Dinghao Wu. Generalized Dynamic Opaque Predicates: A New Control Flow Obfuscation Method. In Proceedings 19th International Conference, (Honolulu, HI, USA, 2016). Information Security: 323--342.

[4]

C. Wang, J. Davidson, J. Hill, J. Knight. Protection of Software-based Survivability Mechanisms International Conference of Dependable Systems and Networks, Goteborg, Sweden (July, 2001).

Digital Library

[5]

J. Cappaert and B. Preneel. A general model for hiding control ow. In Proceedings of the tenth annual ACM workshop on Digital rights management. ACM, 2010.

Digital Library

[6]

C. Linn and S. Debray. Obfuscation of executable code to improve resistance to static disassembly. In Proceedings of the 10th ACM conference on Computer and communications security. ACM, 2003.

Digital Library

[7]

Self-modifying code - Wikipedia, the free encyclopedia. URL:http://en.m.wikipedia.org/wiki/Self-modifying_code/

[8]

Yuichiro K, Akito M, Masahide N, et al. Exploiting self-modification mechanism for program protection{C}. In Proceedings of the 27th Annual International Computer Software and Applications Conference (Washington, DC, USA). IEEE Computer Society, 2003:170--181.

Digital Library

[9]

Yuichiro K, Akito M, Masahide N, et al. A software protection method based on instruction camouflage {C}. In Electronics and Communications (Japan Part 3). Wiley Publishers, 2006, 89(1):47--59.

[10]

Yuichiro K, Akito M, Masahide N, et al. Program camouflage: a systematic instruction hiding method for protecting secrets{C}. In Proceedings of World Congress on Science, Engineering and Technology. (Heidelberg, Germany): WASET, 2008, 33:557--563.

[11]

Yuichiro K, Monden A. A software protection method based on time-sensitive code and self-modification mechanism{C}. In Proc of IASTED. 2010, 10:325--331.

[12]

Cappaert J, Kisserli N, Schellekens D, et al. Self-encrypting Code to Protect Against Analysis and Tampering{C}. In 1st Benelux Workshop Inf. Syst. Security. 2006.

[13]

Madou M, Anchaert B, Moseley P, et al. Software protection through dynamic code mutation{M}. In Information Security Applications. Springer Berlin Heidelberg, 2006: 194--206.

Digital Library

[14]

Ghosh S, Hiser J, Davidson J W. Software protection for dynamically-generated code{C}. In Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop. ACM, 2013:1.

Digital Library

[15]

Ghosh S, Hiser J, Davidson J W. A secure and robust approach to software tamper resistance{M}. In Information Hiding, Springer, 2010.

Digital Library

[16]

Ghosh S, Hiser J, Davidson J W. Replacement attacks against VM-protected applications{C}. In ACM SIGPLAN Notices. ACM, 2012, 47(7): 203--214.

Digital Library

[17]

Kaiyuan Kuang, etc. Exploiting Dynamic Scheduling for VM-Based Code Obfuscation. Security and Privacy in Computing and Communications. 2016.

[18]

S. Chow, P. Eisen, H. Johnson, P.C. van Oorschot. White-Box Cryptography and an AES Implementation{M}. Selected Areas in Cryptography, 2003: 250--270.

Digital Library

[19]

VMPSoft. VMProtect. URL:http://vmpsoft.com/

[20]

Yujing Liu, Wei Peng, Jinshu Su. A study of IP prefix hijacking in cloud computing networks {J}. Security and Communication Networks, 2014, 7(11): 2201--2210.

Digital Library

[21]

J Zhang, H Hu, B Liu. Robustness of RED in mitigating LDoS attack {J}.KSII Trans on Internet and Information Systems (TIIS), 2011, 5(5): 1085--1100.

[22]

Peidong Zhu, Xin Liu, Wenping Deng, Huayang Cao. Cooperative detection of Internet prefix hijacking {J}. Journal of Internet Technology, 2010, 11(1): 33--46.

Cited By

Sha ZShu HXiong XKang F(2022)Model of Execution Trace Obfuscation Between ThreadsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.312315919:6(4156-4171)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3123159
Botacin MZanata MGrégio A(2020)The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and supportJournal of Computer Virology and Hacking Techniques10.1007/s11416-020-00348-wOnline publication date: 13-Feb-2020
https://doi.org/10.1007/s11416-020-00348-w
Wang SYe GLi MYuan LTang ZWang HWang WWang FRen JFang DWang Z(2019)Leveraging WebAssembly for Numerical JavaScript Code VirtualizationIEEE Access10.1109/ACCESS.2019.29535117(182711-182724)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2953511

Recommendations

Khaos: The Impact of Inter-procedural Code Obfuscation on Binary Diffing Techniques
CGO '23: Proceedings of the 21st ACM/IEEE International Symposium on Code Generation and Optimization

Software obfuscation techniques can prevent binary diffing techniques from locating vulnerable code by obfuscating the third-party code, to achieve the purpose of protecting embedded device software. With the rapid development of binary diffing ...
Enhance virtual-machine-based code obfuscation security through dynamic bytecode scheduling

Code virtualization built upon virtual machine (VM) technologies is emerging as a viable method for implementing code obfuscation to protect programs against unauthorized analysis. State-of-the-art VM-based protection approaches use a fixed scheduling ...
Obfuscation: The Hidden Malware

A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICINS '16: Proceedings of the 4th International Conference on Information and Network Security

December 2016

110 pages

ISBN:9781450347969

DOI:10.1145/3026724

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

UPM: Universiti Putra Malaysia

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 December 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICINS '16

ICINS '16: 4th International Conference on Information and Network Security

December 28 - 31, 2016

Kuala Lumpur, Malaysia

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
157
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sha ZShu HXiong XKang F(2022)Model of Execution Trace Obfuscation Between ThreadsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.312315919:6(4156-4171)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3123159
Botacin MZanata MGrégio A(2020)The self modifying code (SMC)-aware processor (SAP): a security look on architectural impact and supportJournal of Computer Virology and Hacking Techniques10.1007/s11416-020-00348-wOnline publication date: 13-Feb-2020
https://doi.org/10.1007/s11416-020-00348-w
Wang SYe GLi MYuan LTang ZWang HWang WWang FRen JFang DWang Z(2019)Leveraging WebAssembly for Numerical JavaScript Code VirtualizationIEEE Access10.1109/ACCESS.2019.29535117(182711-182724)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2953511

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents