Exploit Dynamic Data Flows to Protect Software Against Semantic Attacks

Kuang, Kaiyuan and Tang, Zhanyong and Gong, Xiaoqing and Fang, Dingyi and Chen, Xiaojiang and Zhang, Heng and Wang, Zheng (2017) Exploit Dynamic Data Flows to Protect Software Against Semantic Attacks. In: 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). IEEE. ISBN 9781538604359

[img]
Preview
PDF (UIC_2017_paper_80)
UIC_2017_paper_80.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.

Download (604kB)

Abstract

Unauthorized code modification based on reverse engineering is a serious threat for software industry. Virtual machine based code obfuscation is emerging as a powerful technique for software protection. However, the current Virtual machine code protection are vulnerable under semantic attacks which use dynamic profiling to transform an obfuscated program to construct a simpler program that is functionally equivalent to the obfuscated program but easier to analyze. This paper presents DSA-VMP, a novel VM-based code obfuscation technique, to address the issue of semantic attacks. Our design goal is to exploit dynamic data flows to increase the diversity of the program behaviour. Our approach uses multiple bytecode handlers to interpret a single bytecode and hides the logics that determine the program execution path (it is difficult for the attacker to anticipate the program execution flow). These two techniques greatly increase the diversity of the program execution where the protected code regions exhibit a complex data flow across multiple runs, making it harder and more time consuming to trace the program execution through profiling. Our approach is evaluated using a set of real-world applications. Experimental results show that DSA-VMP can well protect software against semantic attacks at the cost of little extra runtime overhead when compared to two commercial VM-based code obfuscation tools.

Item Type:
Contribution in Book/Report/Proceedings
ID Code:
86306
Deposited By:
Deposited On:
13 May 2017 03:22
Refereed?:
Yes
Published?:
Published
Last Modified:
27 Sep 2020 06:36