Paper Info
Title
Code obfuscation against symbolic execution attacks.
Abstract
Code obfuscation is widely used by software developers to protect intellectual property, and malware writers to hamper program analysis. However, there seems to be little work on systematic evaluations of effectiveness of obfuscation techniques against automated program analysis. The result is that we have no methodical way of knowing what kinds of automated analyses an obfuscation method can withstand. This paper addresses the problem of characterizing the resilience of code obfuscation transformations against automated symbolic execution attacks, complementing existing works that measure the potency of obfuscation transformations against human-assisted attacks through user studies. We evaluated our approach over 5000 different C programs, which have each been obfuscated using existing implementations of obfuscation transformations. The results show that many existing obfuscation transformations, such as virtualization, stand little chance of withstanding symbolic-execution based deobfuscation. A crucial and perhaps surprising observation we make is that symbolic-execution based deobfuscators can easily deobfuscate transformations that preserve program semantics. On the other hand, we present new obfuscation transformations that change program behavior in subtle yet acceptable ways, and show that they can render symbolic-execution based deobfuscation analysis ineffective in practice.
Year
DOI
Venue
2016
10.1145/2991079.2991114
Annual Computer Security Applications Conference
Field
DocType
ISSN
Virtualization,Authentication,Computer security,Computer science,Symbolic execution,Program analysis,Obfuscation (software),Malware,Obfuscation,Semantics
Conference
1063-9527
Citations 
PageRank 
References 
20
0.76
40
Authors
5
Name
Order
Citations
PageRank
Sebastian Banescu110012.12
Christian S. Collberg21336104.43
Vijay Ganesh3156394.66
Zack Newsham4463.03
Alexander Pretschner51585137.50