13,954 research outputs found
Code trolley: hardware-assisted control flow obfuscation
Many cybersecurity attacks rely on analyzing a binary executable to find exploitable sections of code. Code obfuscation is used to prevent attackers from reverse engineering these executables. In this work, we focus on control flow obfuscation - a technique that prevents attackers from statically determining which code segments are original, and which segments are added in to confuse attackers. We propose a RISC-V-based hardware-assisted deobfuscation technique that deobfuscates code at runtime based on a secret safely stored in hardware, along with an LLVM compiler extension for obfuscating binaries. Unlike conventional tools, our work does not rely on compiling hard-to-reverse-engineer code, but on securing a secret key. As such, it can be seen as a lightweight alternative to on-the-fly binary decryption.Published versio
CodeTrolley: Hardware-Assisted Control Flow Obfuscation
Many cybersecurity attacks rely on analyzing a binary executable to find
exploitable sections of code. Code obfuscation is used to prevent attackers
from reverse engineering these executables. In this work, we focus on control
flow obfuscation - a technique that prevents attackers from statically
determining which code segments are original, and which segments are added in
to confuse attackers. We propose a RISC-V-based hardware-assisted deobfuscation
technique that deobfuscates code at runtime based on a secret safely stored in
hardware, along with an LLVM compiler extension for obfuscating binaries.
Unlike conventional tools, our work does not rely on compiling
hard-to-reverse-engineer code, but on securing a secret key. As such, it can be
seen as a lightweight alternative to on-the-fly binary decryption.Comment: 2019 Boston Area Architecture Workshop (BARC'19
Intertwining ROP Gadgets and Opaque Predicates for Robust Obfuscation
Software obfuscation plays a crucial role in protecting intellectual property in software from reverse engineering attempts. While some obfuscation techniques originate from the obfuscation-reverse engineering arms race, others stem from different research areas, such as binary software exploitation.
Return-oriented programming (ROP) gained popularity as one of the most effective exploitation techniques for memory error vulnerabilities. ROP interferes with our natural perception of a process control flow, which naturally inspires us to repurpose ROP as a robust and effective form of software obfuscation. Although previous work already explores ROP's effectiveness as an obfuscation technique, evolving reverse engineering research raises the need for principled reasoning to understand the strengths and limitations of ROP-based mechanisms against man-at-the-end (MATE) attacks.
To this end, we propose ROPFuscator, a fine-grained obfuscation framework for C/C++ programs using ROP. We incorporate opaque predicates and constants and a novel instruction hiding technique to withstand sophisticated MATE attacks. More importantly, we introduce a realistic and unified threat model to thoroughly evaluate ROPFuscator and provide principled reasoning on ROP-based obfuscation techniques that answer to code coverage, incurred overhead, correctness, robustness, and practicality challenges
- …