3,154 research outputs found
Incremental Program Obfuscation
Recent advances in program obfuscation suggest that it is possible to create
software that can provably safeguard secret information. However, software
systems usually contain large executable code that is updated multiple times
and sometimes very frequently. Freshly obfuscating the program for every small
update will lead to a considerable efficiency loss. Thus, an extremely
desirable property for obfuscation algorithms is incrementality: small changes
to the underlying program translate into small changes to the corresponding
obfuscated program.
We initiate a thorough investigation of incremental program obfuscation. We
show that the strong simulation-based notions of program obfuscation, such as
``virtual black-box\u27\u27 and ``virtual grey-box\u27\u27 obfuscation, cannot be
incremental (according to our efficiency requirements) even for very simple
functions such as point functions. We then turn to the
indistinguishability-based notions, and present two security definitions of
varying strength --- namely, a weak one and a strong one. To understand the
overall strength of our definitions, we formulate the notion of incremental
best-possible obfuscation and show that it is equivalent to our strong
indistinguishability-based notion.
Finally, we present constructions for incremental program obfuscation
satisfying both our security notions. We first give a construction achieving
the weaker security notion based on the existence of general purpose
indistinguishability obfuscation. Next, we present a generic transformation
using oblivious RAM to amplify security from weaker to stronger, while
maintaining the incrementality property
PDF-Malware Detection: A Survey and Taxonomy of Current Techniques
Portable Document Format, more commonly known as PDF, has become, in the last 20 years, a standard for document exchange and dissemination due its portable nature and widespread adoption. The flexibility and power of this format are not only leveraged by benign users, but from hackers as well who have been working to exploit various types of vulnerabilities, overcome security restrictions, and then transform the PDF format in one among the leading malicious code spread vectors. Analyzing the content of malicious PDF files to extract the main features that characterize the malware identity and behavior, is a fundamental task for modern threat intelligence platforms that need to learn how to automatically identify new attacks. This paper surveys existing state of the art about systems for the detection of malicious PDF files and organizes them in a taxonomy that separately considers the used approaches and the data analyzed to detect the presence of malicious code. © Springer International Publishing AG, part of Springer Nature 2018
Recommended from our members
ORACLE GUIDED INCREMENTAL SAT SOLVING TO REVERSE ENGINEER CAMOUFLAGED CIRCUITS
This study comprises two tasks. The first is to implement gate-level circuit camouflage techniques. The second is to implement the Oracle-guided incremental de-camouflage algorithm and apply it to the camouflaged designs.
The circuit camouflage algorithms are implemented in Python, and the Oracle- guided incremental de-camouflage algorithm is implemented in C++. During this study, I evaluate the Oracle-guided de-camouflage tool (Solver, in short) performance by de-obfuscating the ISCAS-85 combinational benchmarks, which are camouflaged by the camouflage algorithms. The results show that Solver is able to efficiently de-obfuscate the ISCAS-85 benchmarks regardless of camouflaging style, and is able to do so 10.5x faster than the best existing approaches. And, based on Solver, this study also measures the de-obfuscation runtime for each camouflage style
FPGA based remote code integrity verification of programs in distributed embedded systems
The explosive growth of networked embedded systems has made ubiquitous and pervasive computing a reality. However, there are still a number of new challenges to its widespread adoption that include scalability, availability, and, especially, security of software. Among the different challenges in software security, the problem of remote-code integrity verification is still waiting for efficient solutions. This paper proposes the use of reconfigurable computing to build a consistent architecture for generation of attestations (proofs) of code integrity for an executing program as well as to deliver them to the designated verification entity. Remote dynamic update of reconfigurable devices is also exploited to increase the complexity of mounting attacks in a real-word environment. The proposed solution perfectly fits embedded devices that are nowadays commonly equipped with reconfigurable hardware components that are exploited to solve different computational problems
- …