Runtime protection via dataflow flattening

Software running on an open architecture, such as the PC, is vulnerable to inspection and modification. Since software may process valuable or sensitive information, many defenses against data analysis and modification have been proposed. This paper complements existing work and focuses on hiding data location throughout program execution. To achieve this, we combine three techniques: (i) periodic reordering of the heap, (ii) migrating local variables from the stack to the heap and (iii) pointer scrambling. By essentialy flattening the dataflow graph of the program, the techniques serve to complicate static dataflow analysis and dynamic data tracking. Our methodology can be viewed as a data-oriented analogue of control-flow flattening techniques. Dataflow flattening is useful in practical scenarios like DRM, information-flow protection, and exploit resistance. Our prototype implementation compiles C programs into a binary for which every access to the heap is redirected through a memory management unit. Stack-based variables may be migrated to the heap, while pointer accesses and arithmetic may be scrambled and redirected. We evaluate our approach experimentally on the SPEC CPU2006 benchmark suit

Hiding Information in Programs

Abstract — Steganography is the art and science of hiding information (secret message) within other information (cover-object). This paper explores the fitness of programs as cover-objects. We identify three elements of choice, in which we can encode the secret message. This way, we can on average encode one bit for every 26 bit in the original program. Unfortunately, at this encoding rate, the presence of the message can easily be detected. We can improve the stealth of the message at the cost of the encoding rate. As a result, we obtain a safe encoding rate of 1/89

The State-Enhanced Control Flow Graph

Abstract — In the omnipresent model of the stored-program computer, both the instructions and data are held in a single storage structure. Therefore, instructions can be read and written as if they were data. In practice however, instructions rarely change during the execution of the program. As a result, it is often assumed that the instructions are constant. Therefore, many tools and analyses fail in the presence of self-modifying code. In this paper, we present an extension to the control flow graph representation, which enables the analysis, optimization and generation of self-modifying code: the state-enhanced control flow graph

Code Obfuscation Transformations

C