Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

7-2019

Abstract

VM-based software obfuscation has emerged as an effective technique for program obfuscation. Despite various attempts in improving its effectiveness and security, existing VM-based software obfuscators use potentially multiple but static secret mappings between virtual and native opcodes to hide the underlying instructions. In this paper, we present an attack using frequency analysis to effectively recover the secret mapping to compromise the protection, and then propose a novel VM-based obfuscator in which each basic block uses a dynamic and control-flow-aware mapping between the virtual and native instructions. We show that our proposed VM-based obfuscator not only renders the frequency analysis attack ineffective, but dictates the execution and program analysis to follow the original control flow of the program, making state-of-the-art backward tainting and slicing ineffective. We implement a prototype of our VM-based obfuscator and show its effectiveness with experiments on SPEC benchmarking and other real-world applications.

Keywords

Frequency analysis, Software obfuscation, Virtualization

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Applied Cryptography and Network Security: 17th International Conference, ACNS 2019, Bogota, Colombia, June 5-7: Proceedings

Volume

11464

First Page

155

Last Page

174

ISBN

9783030215675

Identifier

10.1007/978-3-030-21568-2_8

Publisher

Springer

City or Country

Cham

Additional URL

https://doi.org/10.1007/978-3-030-21568-2_8

Download

Share

COinS