12 research outputs found
VirtSC: Combining Virtualization Obfuscation with Self-Checksumming
Self-checksumming (SC) is a tamper-proofing technique that ensures certain
program segments (code) in memory hash to known values at runtime. SC has few
restrictions on application and hence can protect a vast majority of programs.
The code verification in SC requires computation of the expected hashes after
compilation, as the machine-code is not known before. This means the expected
hash values need to be adjusted in the binary executable, hence combining SC
with other protections is limited due to this adjustment step. However,
obfuscation protections are often necessary, as SC protections can be otherwise
easily detected and disabled via pattern matching. In this paper, we present a
layered protection using virtualization obfuscation, yielding an
architecture-agnostic SC protection that requires no post-compilation
adjustment. We evaluate the performance of our scheme using a dataset of 25
real-world programs (MiBench and 3 CLI games). Our results show that the SC
scheme induces an average overhead of 43% for a complete protection (100%
coverage). The overhead is tolerable for less CPU-intensive programs (e.g.
games) and when only parts of programs (e.g. license checking) are protected.
However, large overheads stemming from the virtualization obfuscation were
encountered
Multipliers for Floating-Point Double Precision and Beyond on FPGAs
International audienceThe implementation of high-precision floating-point applications on reconfigurable hardware requires a variety of large multipliers: Standard multipliers are the core of floating-point multipliers; Truncated multipliers, trading resources for a well-controlled accuracy degradation, are useful building blocks in situations where a full multiplier is not needed. This work studies the automated generation of such multipliers using the embedded multipliers and adders present in DSP blocks of current FPGAs. The optimization of such multipliers is expressed as a tiling problem where a tile represents a hardware multiplier and super-tiles are the wiring of several hardware multipliers making efficient use of the DSP internal resources. This tiling technique is shown to adapt to full or truncated multipliers. It addresses arbitrary precisions including single, double but also in the quadruple precision introduced by the IEEE-754-2008 standard and currently unsupported by processor hardware. An open-source implementation is provided in the FloPoCo project
MPro: Combining Static and Symbolic Analysis for Scalable Testing of Smart Contract
Smart contracts are executable programs that enable the building of a
programmable trust mechanism between multiple entities without the need of a
trusted third-party. Researchers have developed several security scanners in
the past couple of years. However, many of these analyzers either do not scale
well, or if they do, produce many false positives. This issue is exacerbated
when bugs are triggered only after a series of interactions with the functions
of the contract-under-test. A depth-n vulnerability, refers to a vulnerability
that requires invoking a specific sequence of n functions to trigger. Depth-n
vulnerabilities are time-consuming to detect by existing automated analyzers,
because of the combinatorial explosion of sequences of functions that could be
executed on smart contracts.
In this paper, we present a technique to analyze depth-n vulnerabilities in
an efficient and scalable way by combining symbolic execution and data
dependency analysis. A significant advantage of combining symbolic with static
analysis is that it scales much better than symbolic alone and does not have
the problem of false positive that static analysis tools typically have. We
have implemented our technique in a tool called MPro, a scalable and automated
smart contract analyzer based on the existing symbolic analysis tool
Mythril-Classic and the static analysis tool Slither. We analyzed 100 randomly
chosen smart contracts on MPro and our evaluation shows that MPro is about
n-times faster than Mythril-Classic for detecting depth-n vulnerabilities,
while preserving all the detection capabilities of Mythril-Classic
How to kill symbolic deobfuscation for free (or: unleashing the potential of path-oriented protections)
International audienceCode obfuscation is a major tool for protecting software intellectual property from attacks such as reverse engineering or code tampering. Yet, recently proposed (automated) attacks based on Dynamic Symbolic Execution (DSE) shows very promising results, hence threatening software integrity. Current defenses are not fully satisfactory, being either not efficient against symbolic reasoning , or affecting runtime performance too much, or being too easy to spot. We present and study a new class of anti-DSE pro-tections coined as path-oriented protections targeting the weakest spot of DSE, namely path exploration. We propose a lightweight, efficient, resistant and analytically proved class of obfuscation algorithms designed to hinder DSE-based attacks. Extensive evaluation demonstrates that these approaches critically counter symbolic deobfuscation while yielding only a very slight overhead. CCS CONCEPTS • Security and privacy → Software reverse engineering; Logic and verification; Malware and its mitigation; • Software and its engineering → Formal methods