Intertwining ROP Gadgets and Opaque Predicates for Robust Obfuscation

Software obfuscation plays a crucial role in protecting intellectual property in software from reverse engineering attempts. While some obfuscation techniques originate from the obfuscation-reverse engineering arms race, others stem from different research areas, such as binary software exploitation. Return-oriented programming (ROP) gained popularity as one of the most effective exploitation techniques for memory error vulnerabilities. ROP interferes with our natural perception of a process control flow, which naturally inspires us to repurpose ROP as a robust and effective form of software obfuscation. Although previous work already explores ROP's effectiveness as an obfuscation technique, evolving reverse engineering research raises the need for principled reasoning to understand the strengths and limitations of ROP-based mechanisms against man-at-the-end (MATE) attacks. To this end, we propose ROPFuscator, a fine-grained obfuscation framework for C/C++ programs using ROP. We incorporate opaque predicates and constants and a novel instruction hiding technique to withstand sophisticated MATE attacks. More importantly, we introduce a realistic and unified threat model to thoroughly evaluate ROPFuscator and provide principled reasoning on ROP-based obfuscation techniques that answer to code coverage, incurred overhead, correctness, robustness, and practicality challenges

A Reverse Engineering Methodology for Extracting Parallelism From Design Abstractions.

Migration of code from sequential environments to the parallel processing environments is often done in an ad hoc manner. The purpose of this research is to develop a reverse engineering methodology to facilitate systematic migration of code from sequential to the parallel processing environments. The research results include the development of a three-phase methodology and the design and development of a reverse engineering toolkit (abbreviated as RETK) which serves to establish a working model for the methodology. The methodology consists of three phases: Analysis, Synthesis, and Transformation. The Analysis phase uses concepts from reverse engineering research to recover the sequential design description from programs using a new design recovery technique. The Synthesis phase is comprised of processes that compute the data and control dependences by using the design abstractions produced by the Analysis phase to construct the program dependence graph. The Transformation phase consists of processes that require knowledge-based analysis of the program and dependence information produced by the Analysis and Synthesis phases, respectively. Design recommendations for parallel environments are the key output of the Transformation phase. The main components of RETK are an Information Extractor, a Dependence Analyzer, and a Design Assistant that implement the processes of the Analysis, Synthesis, and Transformation phases, respectively. The object-oriented design and implementation of the Information Extractor and Dependence Analyzer are described. The design and implementation of the Design Assistant using C Language Interface Production System (CLIPS) are described. In addition, experimental results of applying the methodology to test programs by RETK are presented. The results include analysis of a Numerical Aerodynamic Simulation (NAS) benchmark program. By uniquely combining research in reverse engineering, dependence analysis, and knowledge-based analysis, the methodology provides a systematic approach for code migration. The benefits of using the methodology are increased comprehensibility and improved efficiency in migrating sequential systems to parallel environments

Implementation of membrane models on a CAPE-OPEN tool to simulate a process including RO membranes

Process simulators are a useful tool for evaluating different configurations of chemical processes and developing new ones. Although these programs include many standard units like reactor or distillation towers, membrane units are not usually included. In this paper, it is shown the possibility to implement a reverse osmosis (RO) membrane unit in the free process simulator COCO, using input membrane parameters. The RO modeling is based on the coupling of the solution diffusion model with a model for concentration polarization. The model was implemented as a Matlab CAPE-OPEN unit operation. In order to show the functionality of the developed application, a rinsing process adapted from literature was implemented to test different configurations. In this way, the combined use of the COCO simulator and the model of a reverse osmosis unit proved to be a useful tool for comparing the performance of different process configurations.The Spanish Ministry of Economy and Competitiveness is kindly acknowledged (Project CTM 2010-20248).Gozálvez Zafrilla, JM.; Santafé Moros, MA.; Sanchis Sebastiá, M.; Gomis Fons, J. (2014). Implementation of membrane models on a CAPE-OPEN tool to simulate a process including RO membranes. Desalination and Water Treatment. 1-7. https://doi.org/10.1080/19443994.2014.995718S17Sharaf Eldean, M. A., & Soliman, A. M. (2013). A new visual library for modeling and simulation of renewable energy desalination systems (REDS). Desalination and Water Treatment, 51(37-39), 6905-6920. doi:10.1080/19443994.2013.777369Choi, Y.-J., Hwang, T.-M., Oh, H., Nam, S.-H., Lee, S., Jeon, J., … Chung, Y. (2011). Development of a simulation program for the forward osmosis and reverse osmosis process. Desalination and Water Treatment, 33(1-3), 273-282. doi:10.5004/dwt.2011.2652Karabelas, A. J., Kostoglou, M., & Koutsou, C. P. (2015). Modeling of spiral wound membrane desalination modules and plants – review and research priorities. Desalination, 356, 165-186. doi:10.1016/j.desal.2014.10.002Peshev, D., & Livingston, A. G. (2013). OSN Designer, a tool for predicting organic solvent nanofiltration technology performance using Aspen One, MATLAB and CAPE OPEN. Chemical Engineering Science, 104, 975-987. doi:10.1016/j.ces.2013.10.033Testard, L., & Belaud, J.-P. (2005). A CAPE-OPEN based framework for process simulation solutions integration. European Symposium on Computer-Aided Process Engineering-15, 38th European Symposium of the Working Party on Computer Aided Process Engineering, 607-612. doi:10.1016/s1570-7946(05)80223-8Morales-Rodríguez, R., Gani, R., Déchelotte, S., Vacher, A., & Baudouin, O. (2008). Use of CAPE-OPEN standards in the interoperability between modelling tools (MoT) and process simulators (Simulis® Thermodynamics and ProSimPlus). Chemical Engineering Research and Design, 86(7), 823-833. doi:10.1016/j.cherd.2008.02.022Guria, C., Bhattacharya, P. K., & Gupta, S. K. (2005). Multi-objective optimization of reverse osmosis desalination units using different adaptations of the non-dominated sorting genetic algorithm (NSGA). Computers & Chemical Engineering, 29(9), 1977-1995. doi:10.1016/j.compchemeng.2005.05.002Senthilmurugan, S., Ahluwalia, A., & Gupta, S. K. (2005). Modeling of a spiral-wound module and estimation of model parameters using numerical techniques. Desalination, 173(3), 269-286. doi:10.1016/j.desal.2004.08.034Chilyumova, E., & Thöming, J. (2007). Dynamic simulation of rinsing and regeneration networks based on high pressure RO. Desalination, 207(1-3), 45-58. doi:10.1016/j.desal.2006.07.00

Structured Review of the Evidence for Effects of Code Duplication on Software Quality

This report presents the detailed steps and results of a structured review of code clone literature. The aim of the review is to investigate the evidence for the claim that code duplication has a negative effect on code changeability. This report contains only the details of the review for which there is not enough place to include them in the companion paper published at a conference (Hordijk, Ponisio et al. 2009 - Harmfulness of Code Duplication - A Structured Review of the Evidence)

Relay: A New IR for Machine Learning Frameworks

Machine learning powers diverse services in industry including search, translation, recommendation systems, and security. The scale and importance of these models require that they be efficient, expressive, and portable across an array of heterogeneous hardware devices. These constraints are often at odds; in order to better accommodate them we propose a new high-level intermediate representation (IR) called Relay. Relay is being designed as a purely-functional, statically-typed language with the goal of balancing efficient compilation, expressiveness, and portability. We discuss the goals of Relay and highlight its important design constraints. Our prototype is part of the open source NNVM compiler framework, which powers Amazon's deep learning framework MxNet