Exploiting Code Diversity to Enhance Code Virtualization Protection

Xue, Chao and Tang, Zhanyong and Ye, Guixin and Li, Guanghui and Gong, Xiaoqing and Wang, Wei and Fang, Dingyi and Wang, Zheng (2018) Exploiting Code Diversity to Enhance Code Virtualization Protection. In: 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS) :. IEEE, pp. 620-627. ISBN 9781538673089

[thumbnail of ICPADS2018_paper_254]
Preview
PDF (ICPADS2018_paper_254)
ICPADS2018_paper_254.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.

Download (1MB)

Abstract

Code virtualization built upon virtual machine (VM)technologies is emerging as a viable method for implementing code obfuscation to protect programs against unauthorized analysis. State-of-the-art VM-based protection approaches use a fixed set of virtual instructions and bytecode interpreters across programs. This, however, exposes a security vulnerability where an experienced attacker can use knowledge extracted from other programs to quickly uncover the mapping between virtual instructions and native code for applications protected under the same scheme. In this paper, we propose a novel VM-based code obfuscation system to address this problem. The core idea of our approach is to obfuscate the mapping between the opcodes of bytecode instructions and their semantics. We achieve this by partitioning each protected code region into multiple segments where the mapping of opcodes and their semantics is randomized in different ways in different segments. In this way, each bytecode instruction will be translated into different native code in different sections of the obfuscated code. This significantly increases the diversity of the program behavior. As a result, the knowledge of bytecode to native code mappings obtained from other programs will be less useful when targeting a new program. We evaluate our approach on a set of real-world applications and compare it against two state-of-the-art VM-based code obfuscation approaches. Experimental results show that our approach is effective, which provides stronger protection with comparable runtime overhead and code size.

Item Type:
Contribution in Book/Report/Proceedings
ID Code:
127184
Deposited By:
Deposited On:
03 Sep 2018 10:46
Refereed?:
Yes
Published?:
Published
Last Modified:
31 Dec 2023 01:37