DynOpVm: VM-based software obfuscation with dynamic opcode mapping

DynOpVm: VM-based software obfuscation with dynamic opcode mapping

VM-based software obfuscation has emerged as an effective technique for program obfuscation. Despite various attempts in improving its effectiveness and security, existing VM-based software obfuscators use potentially multiple but static secret mappings between virtual and native opcodes to hide the...

Full description

Saved in:
Bibliographic Details
Main Authors: CHENG, Xiaoyang, LIN, Yan, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Frequency analysis
Software obfuscation
Virtualization
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/4687
https://ink.library.smu.edu.sg/context/sis_research/article/5690/viewcontent/DynOpVm_acns19_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5690
record_format dspace
spelling sg-smu-ink.sis_research-56902020-01-09T07:22:51Z DynOpVm: VM-based software obfuscation with dynamic opcode mapping CHENG, Xiaoyang LIN, Yan GAO, Debin VM-based software obfuscation has emerged as an effective technique for program obfuscation. Despite various attempts in improving its effectiveness and security, existing VM-based software obfuscators use potentially multiple but static secret mappings between virtual and native opcodes to hide the underlying instructions. In this paper, we present an attack using frequency analysis to effectively recover the secret mapping to compromise the protection, and then propose a novel VM-based obfuscator in which each basic block uses a dynamic and control-flow-aware mapping between the virtual and native instructions. We show that our proposed VM-based obfuscator not only renders the frequency analysis attack ineffective, but dictates the execution and program analysis to follow the original control flow of the program, making state-of-the-art backward tainting and slicing ineffective. We implement a prototype of our VM-based obfuscator and show its effectiveness with experiments on SPEC benchmarking and other real-world applications. 2019-07-05T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4687 info:doi/10.1007/978-3-030-21568-2_8 https://ink.library.smu.edu.sg/context/sis_research/article/5690/viewcontent/DynOpVm_acns19_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Frequency analysis Software obfuscation Virtualization Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Frequency analysis
Software obfuscation
Virtualization
Information Security
spellingShingle Frequency analysis
Software obfuscation
Virtualization
Information Security
CHENG, Xiaoyang
LIN, Yan
GAO, Debin
DynOpVm: VM-based software obfuscation with dynamic opcode mapping
description VM-based software obfuscation has emerged as an effective technique for program obfuscation. Despite various attempts in improving its effectiveness and security, existing VM-based software obfuscators use potentially multiple but static secret mappings between virtual and native opcodes to hide the underlying instructions. In this paper, we present an attack using frequency analysis to effectively recover the secret mapping to compromise the protection, and then propose a novel VM-based obfuscator in which each basic block uses a dynamic and control-flow-aware mapping between the virtual and native instructions. We show that our proposed VM-based obfuscator not only renders the frequency analysis attack ineffective, but dictates the execution and program analysis to follow the original control flow of the program, making state-of-the-art backward tainting and slicing ineffective. We implement a prototype of our VM-based obfuscator and show its effectiveness with experiments on SPEC benchmarking and other real-world applications.
format text
author CHENG, Xiaoyang
LIN, Yan
GAO, Debin
author_facet CHENG, Xiaoyang
LIN, Yan
GAO, Debin
author_sort CHENG, Xiaoyang
title DynOpVm: VM-based software obfuscation with dynamic opcode mapping
title_short DynOpVm: VM-based software obfuscation with dynamic opcode mapping
title_full DynOpVm: VM-based software obfuscation with dynamic opcode mapping
title_fullStr DynOpVm: VM-based software obfuscation with dynamic opcode mapping
title_full_unstemmed DynOpVm: VM-based software obfuscation with dynamic opcode mapping
title_sort dynopvm: vm-based software obfuscation with dynamic opcode mapping
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/4687
https://ink.library.smu.edu.sg/context/sis_research/article/5690/viewcontent/DynOpVm_acns19_av.pdf
_version_ 1770574979295870976

Similar Items