http://iet.metastore.ingenta.com
1887

Random table and hash coding-based binary code obfuscation against stack trace analysis

Random table and hash coding-based binary code obfuscation against stack trace analysis

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

Code obfuscation is intended to thwart reverse engineering by making programmes hard to understand. Call chains collected by stack tracing can be used to understand the behaviour of programmes. To hinder reverse analysis of stack tracing, a binary code obfuscation method based on random obfuscated table and hash coding is proposed. Random obfuscated table is used to map call addresses while call and ret instructions are executing. Hash coding and random value can be used to encode and decode the data of stack frames in the run-time programmes. Experiment and analysis show that the obfuscation can effectively impede stack trace analysis and increase the cost of reverse analysis for programmes.

References

    1. 1)
    2. 2)
    3. 3)
      • C.S. Collberg , C. Thomborson , D. Low . (1997)
        3. Collberg, C.S., Thomborson, C., Low, D.: ‘A taxonomy of obfuscating transformations’. Techical Report, 148, Department of Computer Science, University of Auckland, Auckland, New Zealand, 1997.
        .
    4. 4)
      • W. Zhu , C.D. Thomborson , F.Y. Wang .
        4. Zhu, W., Thomborson, C.D., Wang, F.Y.: ‘Obfuscate arrays by homomorphic functions’. Proc. IEEE Int. Conf. on Granular Computing, 2006, pp. 770773.
        . Proc. IEEE Int. Conf. on Granular Computing , 770 - 773
    5. 5)
    6. 6)
      • S. Drape , C. Thomborson , A. Majumdar .
        6. Drape, S., Thomborson, C., Majumdar, A.: ‘Specifying imperative data obfuscations’. Proc. Tenth Int. Conf. on Information Security, 2007 (LNCS, 4779), pp. 299314.
        . Proc. Tenth Int. Conf. on Information Security , 299 - 314
    7. 7)
      • Z. Xin , H. Chen , H. Han .
        7. Xin, Z., Chen, H., Han, H., et al: ‘Misleading malware similarities analysis by automatic data structure obfuscation’. Proc. 13th Int. Conf. on Information Security, 2010 (LNCS, 6531), pp. 181195.
        . Proc. 13th Int. Conf. on Information Security , 181 - 195
    8. 8)
      • C. Collberg , C. Thomborson , D. Low .
        8. Collberg, C., Thomborson, C., Low, D.: ‘Manufacturing cheap, resilient, and stealthy opaque constructs’. Proc. 25th SIGPLAN-SIGACT Symp. on Principles of Programming Languages, 1998, pp. 184196.
        . Proc. 25th SIGPLAN-SIGACT Symp. on Principles of Programming Languages , 184 - 196
    9. 9)
      • A. Majumdar , C. Thomborson .
        9. Majumdar, A., Thomborson, C.: ‘Manufacturing opaque predicates in distributed systems for code obfuscation’. Proc. 29th Int. Conf. on Australasian Computer Science, 2006, vol. 48, pp. 187196.
        . Proc. 29th Int. Conf. on Australasian Computer Science , 187 - 196
    10. 10)
      • C. Wang , J. Hill , J. Knight . (2000)
        10. Wang, C., Hill, J., Knight, J., et al: ‘Software tamper resistance: obstructing static analysis of programs’. Technical Report, 12, Department of Computer Science, University of Virginia, 2000.
        .
    11. 11)
      • T. Ogiso , Y. Sakabe , M. Soshi .
        11. Ogiso, T., Sakabe, Y., Soshi, M., et al: ‘Software obfuscation on a theoretical basis and its implementation’, IEICE Trans. Fundam. Electron., 2003, 86, (1), pp. 176186.
        . IEICE Trans. Fundam. Electron. , 1 , 176 - 186
    12. 12)
      • T. Toyofuku , T. Tabata , K. Sakurai .
        12. Toyofuku, T., Tabata, T., Sakurai, K.: ‘Program obfuscation scheme using random numbers to complicate control flow’. Proc. Embedded and Ubiquitous Computing Workshops, 2005 (LNCS, 3823), pp. 916925.
        . Proc. Embedded and Ubiquitous Computing Workshops , 916 - 925
    13. 13)
      • I.V. Popov , S.K. Debray , G.R. Andrews .
        13. Popov, I.V., Debray, S.K., Andrews, G.R.: ‘Binary obfuscation using signals’. Proc. 16th USENIX Security Symp., 2007, pp. 275290.
        . Proc. 16th USENIX Security Symp. , 275 - 290
    14. 14)
    15. 15)
    16. 16)
      • Y. Kanzaki , A. Monden , M. Nakamura .
        16. Kanzaki, Y., Monden, A., Nakamura, M., et al: ‘Exploiting self-modification mechanism for program protection’. Proc. 27th Int. Conf. on Computer Software and Applications, 2003, pp. 170179.
        . Proc. 27th Int. Conf. on Computer Software and Applications , 170 - 179
    17. 17)
    18. 18)
    19. 19)
      • W. Xu , F. Zhang , S. Zhu .
        19. Xu, W., Zhang, F., Zhu, S.: ‘The power of obfuscation techniques in malicious JavaScript code: a measurement study’. Proc. Seventh IEEE Int. Conf. on Malicious and Unwanted Software, 2012, pp. 916.
        . Proc. Seventh IEEE Int. Conf. on Malicious and Unwanted Software , 9 - 16
    20. 20)
      • C. Linn , S. Debray .
        20. Linn, C., Debray, S.: ‘Obfuscation of executable code to improve resistance to static disassembly’. Proc. Tenth Int. Conf. on Computer and Communications Security, 2003, pp. 290299.
        . Proc. Tenth Int. Conf. on Computer and Communications Security , 290 - 299
    21. 21)
      • C. LeDoux , M. Sharkey , B. Primeaux .
        21. LeDoux, C., Sharkey, M., Primeaux, B., et al: ‘Instruction embedding for improved obfuscation’. Proc. 50th Annual Southeast Regional Conf., 2012, pp. 130135.
        . Proc. 50th Annual Southeast Regional Conf. , 130 - 135
    22. 22)
      • M. Batchelder , L. Hendren .
        22. Batchelder, M., Hendren, L.: ‘Obfuscation Java: the most pain for the least gain’. Proc. Int. Conf. on Compiler Construction, 2007 (LNCS, 4420), pp. 96110.
        . Proc. Int. Conf. on Compiler Construction , 96 - 110
    23. 23)
      • B. Anckaert , M. Jakubowski , R. Venkatesan .
        23. Anckaert, B., Jakubowski, M., Venkatesan, R., et al: ‘Run-time randomization to mitigate tampering’. Advances in Information and Computer Security, 2007 (LNCS, 4752), pp. 153168.
        . Advances in Information and Computer Security , 153 - 168
    24. 24)
    25. 25)
    26. 26)
      • Z. Wang , C. Jia , M. Liu .
        26. Wang, Z., Jia, C., Liu, M., et al: ‘Branch obfuscation using code mobility and signal’. Proc. IEEE 36th Int. Conf. on Computer Software and Applications Workshops, 2012, pp. 553558.
        . Proc. IEEE 36th Int. Conf. on Computer Software and Applications Workshops , 553 - 558
    27. 27)
      • S. Schrittwieser , S. Katzenbeisser .
        27. Schrittwieser, S., Katzenbeisser, S.: ‘Code obfuscation against static and dynamic reverse engineering’. Information Hiding, 2011 (LNCS, 6958), pp. 270284.
        . Information Hiding , 270 - 284
    28. 28)
      • C. Stephen , H. Andrei , B. Stefan .
        28. Stephen, C., Andrei, H., Stefan, B., et al: ‘Thwarting cache side-channel attacks through dynamic software diversity’. Proc. Symp. on Network and Distributed System Security, 2015, pp. 114.
        . Proc. Symp. on Network and Distributed System Security , 1 - 14
    29. 29)
      • W. Richard , M. Vishwath , W.H. Kevin .
        29. Richard, W., Vishwath, M., Kevin, W.H., et al: ‘Binary stirring: self-randomizing instruction addresses of legacy x86 binary code’. ACM Conf. on Computer and Communication Security, 2012, pp. 157168.
        . ACM Conf. on Computer and Communication Security , 157 - 168
    30. 30)
      • M.W. Zhang , R. Sekar .
        30. Zhang, M.W., Sekar, R.: ‘Control flow integrity for COTS binaries’. Proc. the 22nd USENIX Conf. on Security, 2013, pp. 337352.
        . Proc. the 22nd USENIX Conf. on Security , 337 - 352
    31. 31)
    32. 32)
    33. 33)
      • B. Horne , L. Matheson , C. Sheehan .
        33. Horne, B., Matheson, L., Sheehan, C., et al: ‘Dynamic self-checking techniques for improved tamper resistance’. Security and Privacy in Digital Rights Management, 2002 (LNCS, 2320), pp. 141159.
        . Security and Privacy in Digital Rights Management , 141 - 159
    34. 34)
      • (2007)
        34. Skape: ‘Reducing the effective entropy of GS cookies’ (Uninformed, 2007). Available at http://www.leviathansecurity.com/wp-content/uploads/uninformed_v7a2.pdf, accessed March 2015.
        .
    35. 35)
      • (2009)
        35. Masaki Suenaga: ‘A museum of API obfuscation on win32’ (Symantec, 2009). Available at http://www.symantec.com/content/en/us/enterprise/media/security_respnose/whitepapers/a_museum_of_api_obfsucation_on_win32.pdf, accessed March 2015.
        .
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2013.0137
Loading

Related content

content/journals/10.1049/iet-ifs.2013.0137
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address