Code obfuscation against symbolic execution attacks

Sebastian Banescu, Christian Collberg, Vijay Ganesh, Zack Newsham, Alexander Pretschner

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

116 Zitate (Scopus)

Abstract

Code obfuscation is widely used by software developers to protect intellectual property, and malware writers to hamper program analysis. However, there seems to be little work on systematic evaluations of effectiveness of obfuscation techniques against automated program analysis. The result is that we have no methodical way of knowing what kinds of automated analyses an obfuscation method can withstand. This paper addresses the problem of characterizing the resilience of code obfuscation transformations against automated symbolic execution attacks, complementing existing works that measure the potency of obfuscation transformations against human-assisted attacks through user studies. We evaluated our approach over 5000 different C programs, which have each been obfuscated using existing implementations of obfuscation transformations. The results show that many existing obfuscation transformations, such as virtualization, stand little chance of withstanding symbolicexecution based deobfuscation. A crucial and perhaps surprising observation we make is that symbolic-execution based deobfuscators can easily deobfuscate transformations that preserve program semantics. On the other hand, we present new obfuscation transformations that change program behavior in subtle yet acceptable ways, and show that they can render symbolic-execution based deobfuscation analysis ineffective in practice.

OriginalspracheEnglisch
TitelProceedings - 32nd Annual Computer Security Applications Conference, ACSAC 2016
Herausgeber (Verlag)Association for Computing Machinery
Seiten189-200
Seitenumfang12
ISBN (elektronisch)9781450347716
DOIs
PublikationsstatusVeröffentlicht - 5 Dez. 2016
Veranstaltung32nd Annual Computer Security Applications Conference, ACSAC 2016 - Los Angeles, USA/Vereinigte Staaten
Dauer: 5 Dez. 20169 Dez. 2016

Publikationsreihe

NameACM International Conference Proceeding Series
Band5-9-December-2016

Konferenz

Konferenz32nd Annual Computer Security Applications Conference, ACSAC 2016
Land/GebietUSA/Vereinigte Staaten
OrtLos Angeles
Zeitraum5/12/169/12/16

Fingerprint

Untersuchen Sie die Forschungsthemen von „Code obfuscation against symbolic execution attacks“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren