Dynamic Taint Analysis versus Obfuscated Self-Checking

Sebastian Banescu, Samuel Valenzuela, Marius Guggenmos, Mohsen Ahmadvand, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations

Abstract

Software protection in practice addresses the yearly loss of tens of billion USD for software manufacturers, a result of malicious end-users tampering with the software ("software cracking"). Software protection is prevalent in the gaming and license checking industries, and also relevant in the embedded and other industries. State of the art research in the area of software tamper protection against man-at-the-end (MATE) attackers focuses on the localization of integrity checks. The goal of this paper is a general assessment of the resilience of software self-checking, protected themselves by obfuscations against (1) (automated) detection and (2) (automated) bypass, without deobfuscating the code. Using dynamic taint analysis on a benchmark set of programs, we study how easy it is to detect and bypass combinations of self-checking and various obfuscation transformations. We aim at generalizing these findings across different programs rather than focusing on one particular program instance. To this end, we perform a set of controlled experiments using a data set of real-world programs, the MiBench suite and open-source games, and show that all of these can be broken by dynamic taint analysis attacks. To counter such attacks, we propose and implement improvements to an existing obfuscation implementation. We evaluate the implemented improvement and discuss the security-performance trade-offs.

Original languageEnglish
Title of host publicationProceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021
PublisherAssociation for Computing Machinery
Pages182-193
Number of pages12
ISBN (Electronic)9781450385794
DOIs
StatePublished - 6 Dec 2021
Event37th Annual Computer Security Applications Conference, ACSAC 2021 - Virtual, Online, United States
Duration: 6 Dec 202110 Dec 2021

Publication series

NameACM International Conference Proceeding Series

Conference

Conference37th Annual Computer Security Applications Conference, ACSAC 2021
Country/TerritoryUnited States
CityVirtual, Online
Period6/12/2110/12/21

Fingerprint

Dive into the research topics of 'Dynamic Taint Analysis versus Obfuscated Self-Checking'. Together they form a unique fingerprint.

Cite this