2,830 research outputs found

    Achieving Obfuscation Through Self-Modifying Code: A Theoretical Model

    Get PDF
    With the extreme amount of data and software available on networks, the protection of online information is one of the most important tasks of this technological age. There is no such thing as safe computing, and it is inevitable that security breaches will occur. Thus, security professionals and practices focus on two areas: security, preventing a breach from occurring, and resiliency, minimizing the damages once a breach has occurred. One of the most important practices for adding resiliency to source code is through obfuscation, a method of re-writing the code to a form that is virtually unreadable. This makes the code incredibly hard to decipher by attackers, protecting intellectual property and reducing the amount of information gained by the malicious actor. Achieving obfuscation through the use of self-modifying code, code that mutates during runtime, is a complicated but impressive undertaking that creates an incredibly robust obfuscating system. While there is a great amount of research that is still ongoing, the preliminary results of this subject suggest that the application of self-modifying code to obfuscation may yield self-maintaining software capable of healing itself following an attack

    Mitigating Reversing Vulnerabilities in .NET Applications Using Virtualized Software Protection

    Get PDF
    Protecting intellectual property contained in application source code and preventing tampering with application binaries are both major concerns for software developers. Simply by possessing an application binary, any user is able to attempt to reverse engineer valuable information or produce unanticipated execution results through tampering. As reverse engineering tools become more prevalent, and as the knowledge required to effectively use those tools decreases, applications come under increased attack from malicious users. Emerging development tools such as Microsoft\u27s .NET Application Framework allow diverse source code composed of multiple programming languages to be integrated into a single application binary, but the potential for theft of intellectual property increases due to the metadata-rich construction of compiled .NET binaries. Microsoft\u27s new Software Licensing and Protection Services (SLPS) application is designed to mitigate trivial reversing of .NET applications through the use of virtualization. This research investigates the viability of the SLPS software protection utility Code Protector as a means of mitigating the inherent vulnerabilities of .NET applications. The results of the research show that Code Protector does indeed protect compiled .NET applications from reversing attempts using commonly-available tools. While the performance of protected applications can suffer if the protections are applied to sections of the code that are used repeatedly, it is clear that low-use .NET application code can be protected by Code Protector with little performance impact

    Software for malicious macro detection

    Get PDF
    The objective of this work is to give a detailed study of the development process of a software tool for the detection of the Emotet virus in Microsoft Office files, Emotet is a virus that has been wreaking havoc mainly in the business environment, from its beginnings as a banking Trojan to nowadays. In fact, this polymorphic family has managed to generate evident, incalculable and global inconveniences in the business activity without discriminating by corporate typology, affecting any company regardless of its size or sector, even entering into government agencies, as well as the citizens themselves as a whole. The existence of two main obstacles for the detection of this virus, constitute an intrinsic reality to it, on the one hand, the obfuscation in its macros and on the other, its polymorphism, are essential pieces of the analysis, focusing our tool in facing precisely two obstacles, descending to the analysis of the macros features and the creation of a neuron network that uses machine learning to recognize the detection patterns and deliberate its malicious nature. With Emotet's in-depth nature analysis, our goal is to draw out a set of features from the malicious macros and build a machine learning model for their detection. After the feasibility study of this project, its design and implementation, the results that emerge endorse the intention to detect Emotet starting only from the static analysis and with the application of machine learning techniques. The detection ratios shown by the tests performed on the final model, present a accuracy of 84% and only 3% of false positives during this detection process.Grado en Ingeniería Informátic

    EXPLORING CONFIDENTIALITY AND PRIVACY OF IMAGE IN CLOUD COMPUTING

    Get PDF
    With the increasing popularity of cloud computing, clients are storing their data in cloud servers and are using “software as a service” for computing services. However, clients’ data may be sensitive, critical, and private, and processing such data with cloud servers may result in losing data privacy or compromising data confidentiality. Some cloud servers may be dishonest, while malicious entities may compromise others. In order to protect data privacy and confidentiality, clients need to be able to hide their actual data values and send the obfuscated values to cloud servers. This thesis deals with the outsourcing of computing to cloud servers, in which clients’ images can be computed and stored. This thesis proposes a technique that obfuscates images before sending them to servers, so these servers can perform computations on images without knowing the actual images. The proposed technique is expected to ensure data privacy and confidentiality. Servers will not be able to identify an individual whose images are stored and manipulated by the server. In addition, our approach employs an obfuscating technique to maintain the confidentiality of images, allowing cloud servers to compute obfuscated data accurately without knowing the actual data value, thus supporting privacy and confidentiality. The proposed approach is based on the Rabin block cipher technique, which has some weaknesses, however. The main drawback is its decryption technique, which results in four values, and only one of these values represents the actual value of plain data. Another issue is that the blocking technique requires a private key for each block that requires a high-computing effort; requiring one private key for each block of data demands that a great number of keys be stored by the client. As a result, it decreases the robustness of the Rabin block cipher. This thesis proposes additional techniques to overcome some of the weaknesses of the Rabin block cipher by introducing some new features, such as tokenization, a digit counter, and a set of blocks. The new technique increases the privacy of data and decreases the computational complexity by requiring fewer private keys. The new features have been implemented in image processing in order to demonstrate their applicability. However, in order to apply our approach to images, we must first apply some preprocessing techniques on images to make them applicable to being obfuscated by our proposed obfuscating system
    • …
    corecore