TY - GEN
T1 - VirtSC
T2 - 3rd ACM Workshop on Software Protection, SPRO 2019
AU - Ahmadvand, Mohsen
AU - Below, Daniel
AU - Banescu, Sebastian
AU - Pretschner, Alexander
N1 - Publisher Copyright:
© 2019 ACM.
PY - 2019/11/15
Y1 - 2019/11/15
N2 - Self-checksumming (SC) is a tamper-proofing technique that ensures certain program segments (code) in memory hash to known values at runtime. SC has few restrictions on application and hence can protect a vast majority of programs. The code verification in SC requires computation of the expected hashes after compilation, as the machine-code is not known before. This means the expected hash values need to be adjusted in the binary executable, hence combining SC with other protections is limited due to this adjustment step. However, obfuscation protections are often necessary, as SC protections can be otherwise easily detected and disabled via pattern matching. In this paper, we present a layered protection using virtualization obfuscation, yielding an architecture-agnostic SC protection that requires no post-compilation adjustment. We evaluate the performance of our scheme using a dataset of 25 real-world programs (MiBench and 3 CLI games). Our results show that the SC scheme induces an average overhead of 43% for a complete protection (100% coverage). The overhead is tolerable for less CPU-intensive programs (e.g. games) and when only parts of programs (e.g. license checking) are protected. However, large overheads stemming from the virtualization obfuscation were encountered.
AB - Self-checksumming (SC) is a tamper-proofing technique that ensures certain program segments (code) in memory hash to known values at runtime. SC has few restrictions on application and hence can protect a vast majority of programs. The code verification in SC requires computation of the expected hashes after compilation, as the machine-code is not known before. This means the expected hash values need to be adjusted in the binary executable, hence combining SC with other protections is limited due to this adjustment step. However, obfuscation protections are often necessary, as SC protections can be otherwise easily detected and disabled via pattern matching. In this paper, we present a layered protection using virtualization obfuscation, yielding an architecture-agnostic SC protection that requires no post-compilation adjustment. We evaluate the performance of our scheme using a dataset of 25 real-world programs (MiBench and 3 CLI games). Our results show that the SC scheme induces an average overhead of 43% for a complete protection (100% coverage). The overhead is tolerable for less CPU-intensive programs (e.g. games) and when only parts of programs (e.g. license checking) are protected. However, large overheads stemming from the virtualization obfuscation were encountered.
KW - integrity protection
KW - mate
KW - self-checksumming
KW - software protection
KW - virtualization obfuscation
UR - http://www.scopus.com/inward/record.url?scp=85098671992&partnerID=8YFLogxK
U2 - 10.1145/3338503.3357723
DO - 10.1145/3338503.3357723
M3 - Conference contribution
AN - SCOPUS:85098671992
T3 - SPRO 2019 - Proceedings of the 3rd ACM Workshop on Software Protection
SP - 53
EP - 63
BT - SPRO 2019 - Proceedings of the 3rd ACM Workshop on Software Protection
PB - Association for Computing Machinery, Inc
Y2 - 15 November 2019
ER -