Paper Info
Title
Covert computation: hiding code in code for obfuscation purposes
Abstract
As malicious software gets increasingly sophisticated and resilient to detection, new concepts for the identification of malicious behavior are developed by academia and industry alike. While today's malware detectors primarily focus on syntactical analysis (i.e., signatures of malware samples), the concept of semantic-aware malware detection has recently been proposed. Here, the classification is based on models that represent the underlying machine and map the effects of instructions on the hardware. In this paper, we demonstrate the incompleteness of these models and highlight the threat of malware, which exploits the gap between model and machine to stay undetectable. To this end, we introduce a novel concept we call covert computation, which implements functionality in side effects of microprocessors. For instance, the flags register can be used to calculate basic arithmetical and logical operations. Our paper shows how this technique could be used by malware authors to hide malicious code in a harmless-looking program. Furthermore, we demonstrate the resilience of covert computation against semantic-aware malware scanners.
Year
DOI
Venue
2013
10.1145/2484313.2484384
ASIACCS
Keywords
Field
DocType
malware author,malicious behavior,covert computation,obfuscation purpose,semantic-aware malware detection,semantic-aware malware scanner,malware detector,new concept,malicious software,malicious code,malware sample,code obfuscation
Cryptovirology,Internet privacy,Logical operations,Computer science,Computer security,Covert,Exploit,Obfuscation (software),Malware,Obfuscation,Computation
Conference
Citations 
PageRank 
References 
5
0.52
13
Authors
7
Name
Order
Citations
PageRank
Sebastian Schrittwieser129135.16
Stefan Katzenbeisser21844143.68
Peter Kieseberg318729.39
Markus Huber433426.26
Manuel Leithner511713.95
Martin Mulazzani623320.01
Edgar Weippl7856105.02