© The Institution of Engineering and Technology
Code obfuscation is intended to thwart reverse engineering by making programmes hard to understand. Call chains collected by stack tracing can be used to understand the behaviour of programmes. To hinder reverse analysis of stack tracing, a binary code obfuscation method based on random obfuscated table and hash coding is proposed. Random obfuscated table is used to map call addresses while call and ret instructions are executing. Hash coding and random value can be used to encode and decode the data of stack frames in the run-time programmes. Experiment and analysis show that the obfuscation can effectively impede stack trace analysis and increase the cost of reverse analysis for programmes.
References
-
-
1)
-
23. Anckaert, B., Jakubowski, M., Venkatesan, R., et al: ‘Run-time randomization to mitigate tampering’. Advances in Information and Computer Security, 2007 (, 4752), pp. 153–168.
-
2)
-
35. Masaki Suenaga: ‘A museum of API obfuscation on win32’ (Symantec, 2009). .
-
3)
-
33. Horne, B., Matheson, L., Sheehan, C., et al: ‘Dynamic self-checking techniques for improved tamper resistance’. Security and Privacy in Digital Rights Management, 2002 (, 2320), pp. 141–159.
-
4)
-
28. Stephen, C., Andrei, H., Stefan, B., et al: ‘Thwarting cache side-channel attacks through dynamic software diversity’. Proc. Symp. on Network and Distributed System Security, 2015, pp. 1–14.
-
5)
-
21. LeDoux, C., Sharkey, M., Primeaux, B., et al: ‘Instruction embedding for improved obfuscation’. Proc. 50th Annual Southeast Regional Conf., 2012, pp. 130–135.
-
6)
-
16. Kanzaki, Y., Monden, A., Nakamura, M., et al: ‘Exploiting self-modification mechanism for program protection’. Proc. 27th Int. Conf. on Computer Software and Applications, 2003, pp. 170–179.
-
7)
-
26. Wang, Z., Jia, C., Liu, M., et al: ‘Branch obfuscation using code mobility and signal’. Proc. IEEE 36th Int. Conf. on Computer Software and Applications Workshops, 2012, pp. 553–558.
-
8)
-
31. Diffie, W., Hellman, M.: ‘New directions in cryptography’, IEEE Trans. Inf. Theory, 1976, 22, (6), pp. 644–654 (doi: 10.1109/TIT.1976.1055638).
-
9)
-
10. Wang, C., Hill, J., Knight, J., et al: ‘Software tamper resistance: obstructing static analysis of programs’. , Department of Computer Science, University of Virginia, 2000.
-
10)
-
19. Xu, W., Zhang, F., Zhu, S.: ‘The power of obfuscation techniques in malicious JavaScript code: a measurement study’. Proc. Seventh IEEE Int. Conf. on Malicious and Unwanted Software, 2012, pp. 9–16.
-
11)
-
25. Roeder, T., Schneider, F.B.: ‘Proactive obfuscation’, ACM Trans. Comput. Syst., 2010, 28, (2), p. 4 (doi: 10.1145/1813654.1813655).
-
12)
-
1. Collberg, C.S., Davidson, J., Giacobazzi, R., et al: ‘Toward digital asset protection’, IEEE Intell. Syst., 2011, 26, (6), pp. 8–13 (doi: 10.1109/MIS.2011.106).
-
13)
-
2. Collberg, C.S., Thomborson, C.: ‘Watermarking, tamper-proofing, and obfuscation – tools for software protection’, IEEE Trans. Softw. Eng., 2002, 28, (8), pp. 735–746 (doi: 10.1109/TSE.2002.1027797).
-
14)
-
22. Batchelder, M., Hendren, L.: ‘Obfuscation Java: the most pain for the least gain’. Proc. Int. Conf. on Compiler Construction, 2007 (, 4420), pp. 96–110.
-
15)
-
30. Zhang, M.W., Sekar, R.: ‘Control flow integrity for COTS binaries’. Proc. the 22nd USENIX Conf. on Security, 2013, pp. 337–352.
-
16)
-
24. Abadi, M., Plotkin, G.D.: ‘On protection by layout randomization’, ACM Trans. Inf. Syst. Secur., 2012, 15, (2), p. 8 (doi: 10.1145/2240276.2240279).
-
17)
-
7. Xin, Z., Chen, H., Han, H., et al: ‘Misleading malware similarities analysis by automatic data structure obfuscation’. Proc. 13th Int. Conf. on Information Security, 2010 (, 6531), pp. 181–195.
-
18)
-
34. Skape: ‘Reducing the effective entropy of GS cookies’ (Uninformed, 2007). .
-
19)
-
5. Drape, S.: ‘Generalising the array split obfuscation’, Inf. Sci., 2007, 177, (1), pp. 202–219 (doi: 10.1016/j.ins.2006.03.012).
-
20)
-
15. Tsai, H.Y., Huang, Y.L.: ‘A framework for quantitative evaluation of parallel control-flow obfuscation’, Comput. Secur., 2012, 31, (8), pp. 886–896 (doi: 10.1016/j.cose.2012.08.003).
-
21)
-
17. Balachandran, V., Emmanuel, S.: ‘Potent and stealthy control flow obfuscation by stack based self-modifying code’, IEEE Trans. Inf. Forensics Sec., 2013, 8, (4), pp. 669–681 (doi: 10.1109/TIFS.2013.2250964).
-
22)
-
8. Collberg, C., Thomborson, C., Low, D.: ‘Manufacturing cheap, resilient, and stealthy opaque constructs’. Proc. 25th SIGPLAN-SIGACT Symp. on Principles of Programming Languages, 1998, pp. 184–196.
-
23)
-
11. Ogiso, T., Sakabe, Y., Soshi, M., et al: ‘Software obfuscation on a theoretical basis and its implementation’, IEICE Trans. Fundam. Electron., 2003, 86, (1), pp. 176–186.
-
24)
-
9. Majumdar, A., Thomborson, C.: ‘Manufacturing opaque predicates in distributed systems for code obfuscation’. Proc. 29th Int. Conf. on Australasian Computer Science, 2006, vol. 48, pp. 187–196.
-
25)
-
20. Linn, C., Debray, S.: ‘Obfuscation of executable code to improve resistance to static disassembly’. Proc. Tenth Int. Conf. on Computer and Communications Security, 2003, pp. 290–299.
-
26)
-
27. Schrittwieser, S., Katzenbeisser, S.: ‘Code obfuscation against static and dynamic reverse engineering’. Information Hiding, 2011 (, 6958), pp. 270–284.
-
27)
-
18. Chan, J., Yang, W.: ‘Advanced obfuscation techniques for Java bytecode’, J. Syst. Softw., 2004, 71, (1/2), pp. 1–10 (doi: 10.1016/S0164-1212(02)00066-3).
-
28)
-
14. Tsai, H.Y., Huang, Y.L., Wagner, D.: ‘A graph approach to quantitative analysis of control-flow obfuscating transformations’, IEEE Trans. Inf. Forensics Sec., 2009, 4, (2), pp. 257–267 (doi: 10.1109/TIFS.2008.2011077).
-
29)
-
13. Popov, I.V., Debray, S.K., Andrews, G.R.: ‘Binary obfuscation using signals’. Proc. 16th USENIX Security Symp., 2007, pp. 275–290.
-
30)
-
3. Collberg, C.S., Thomborson, C., Low, D.: ‘A taxonomy of obfuscating transformations’. , Department of Computer Science, University of Auckland, Auckland, New Zealand, 1997.
-
31)
-
6. Drape, S., Thomborson, C., Majumdar, A.: ‘Specifying imperative data obfuscations’. Proc. Tenth Int. Conf. on Information Security, 2007 (, 4779), pp. 299–314.
-
32)
-
4. Zhu, W., Thomborson, C.D., Wang, F.Y.: ‘Obfuscate arrays by homomorphic functions’. Proc. IEEE Int. Conf. on Granular Computing, 2006, pp. 770–773.
-
33)
-
12. Toyofuku, T., Tabata, T., Sakurai, K.: ‘Program obfuscation scheme using random numbers to complicate control flow’. Proc. Embedded and Ubiquitous Computing Workshops, 2005 (, 3823), pp. 916–925.
-
34)
-
32. Grove, D., Chambers, C.: ‘A framework for call graph construction algorithms’, ACM Trans. Program. Lang. Syst., 2001, 23, (6), pp. 685–746 (doi: 10.1145/506315.506316).
-
35)
-
29. Richard, W., Vishwath, M., Kevin, W.H., et al: ‘Binary stirring: self-randomizing instruction addresses of legacy x86 binary code’. ACM Conf. on Computer and Communication Security, 2012, pp. 157–168.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2013.0137
Related content
content/journals/10.1049/iet-ifs.2013.0137
pub_keyword,iet_inspecKeyword,pub_concept
6
6