TY - GEN
T1 - Dynamic Taint Analysis versus Obfuscated Self-Checking
AU - Banescu, Sebastian
AU - Valenzuela, Samuel
AU - Guggenmos, Marius
AU - Ahmadvand, Mohsen
AU - Pretschner, Alexander
N1 - Publisher Copyright:
© 2021 Association for Computing Machinery.
PY - 2021/12/6
Y1 - 2021/12/6
N2 - Software protection in practice addresses the yearly loss of tens of billion USD for software manufacturers, a result of malicious end-users tampering with the software ("software cracking"). Software protection is prevalent in the gaming and license checking industries, and also relevant in the embedded and other industries. State of the art research in the area of software tamper protection against man-at-the-end (MATE) attackers focuses on the localization of integrity checks. The goal of this paper is a general assessment of the resilience of software self-checking, protected themselves by obfuscations against (1) (automated) detection and (2) (automated) bypass, without deobfuscating the code. Using dynamic taint analysis on a benchmark set of programs, we study how easy it is to detect and bypass combinations of self-checking and various obfuscation transformations. We aim at generalizing these findings across different programs rather than focusing on one particular program instance. To this end, we perform a set of controlled experiments using a data set of real-world programs, the MiBench suite and open-source games, and show that all of these can be broken by dynamic taint analysis attacks. To counter such attacks, we propose and implement improvements to an existing obfuscation implementation. We evaluate the implemented improvement and discuss the security-performance trade-offs.
AB - Software protection in practice addresses the yearly loss of tens of billion USD for software manufacturers, a result of malicious end-users tampering with the software ("software cracking"). Software protection is prevalent in the gaming and license checking industries, and also relevant in the embedded and other industries. State of the art research in the area of software tamper protection against man-at-the-end (MATE) attackers focuses on the localization of integrity checks. The goal of this paper is a general assessment of the resilience of software self-checking, protected themselves by obfuscations against (1) (automated) detection and (2) (automated) bypass, without deobfuscating the code. Using dynamic taint analysis on a benchmark set of programs, we study how easy it is to detect and bypass combinations of self-checking and various obfuscation transformations. We aim at generalizing these findings across different programs rather than focusing on one particular program instance. To this end, we perform a set of controlled experiments using a data set of real-world programs, the MiBench suite and open-source games, and show that all of these can be broken by dynamic taint analysis attacks. To counter such attacks, we propose and implement improvements to an existing obfuscation implementation. We evaluate the implemented improvement and discuss the security-performance trade-offs.
UR - http://www.scopus.com/inward/record.url?scp=85121658167&partnerID=8YFLogxK
U2 - 10.1145/3485832.3485926
DO - 10.1145/3485832.3485926
M3 - Conference contribution
AN - SCOPUS:85121658167
T3 - ACM International Conference Proceeding Series
SP - 182
EP - 193
BT - Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021
PB - Association for Computing Machinery
T2 - 37th Annual Computer Security Applications Conference, ACSAC 2021
Y2 - 6 December 2021 through 10 December 2021
ER -