Filters








260 Hits in 7.9 sec

Towards Automated Augmentation and Instrumentation of Legacy Cryptographic Executables: Extended Version [article]

Karim Eldefrawy, Michael Locasto, Norrathep Rattanavipanon, Hassen Saidi
2020 arXiv   pre-print
The key features of ALICE are: (i) automatically detecting and extracting implementations of weak or broken cryptographic primitives from binaries without requiring source code or debugging symbols, (ii  ...  Our experimental results show that ALICE can locate and replace insecure hash functions, even in large binaries (we tested ones of size up to 1.5MB), while preserving existing functionality of the original  ...  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of DHS and should not be interpreted as necessarily  ... 
arXiv:2004.09713v2 fatcat:dpug4wftgvdpdoiz2wx7hozmdu

A Framework for Measuring Software Obfuscation Resilience against Automated Attacks

Sebastian Banescu, Martin Ochoa, Alexander Pretschner
2015 2015 IEEE/ACM 1st International Workshop on Software Protection  
We also perform a case-study about using symbolic execution for deobfuscation, concretely mapped onto our formal model.  ...  We then map prior work in the area of deobfuscation to our formal model to the possible extent.  ...  The only assumption of these attacks is that the precise location and structure of the lookup tables in the binary is known.  ... 
doi:10.1109/spro.2015.16 dblp:conf/icse/BanescuOP15 fatcat:muwyelbg6nab3ordl5h3awunsu

Hybrid Obfuscation to Protect Against Disclosure Attacks on Embedded Microprocessors

Marc Fyrbiak, Simon Rokicki, Nicolai Bissantz, Russell Tessier, Christof Paar
2018 IEEE transactions on computers  
Both measures are based on a compiler which generates obfuscated programs, and an embedded processor implemented in an FPGA with a randomized ISA encoding to execute the hybrid obfuscated program.  ...  It is shown that our approach is effective against a wide variety of possible information disclosure attacks in case of a physically present adversary.  ...  The research was supported in part through NSF grants CNS-1318497 and CNS-1421352, SFB823 (sub-project C4), INRIA Associate Team HARDIESSE, and ERC Advanced Grant 695022.  ... 
doi:10.1109/tc.2017.2649520 fatcat:p332lanfhfcijnqpusljfxqyr4

Effectiveness of synthesis in concolic deobfuscation

Fabrizio Biondi, Sébastien Josse, Axel Legay, Thomas Sirvent
2017 Computers & security  
We evaluate the use of dynamic synthesis to complement symbolic analysis in the analysis of obfuscated conditionals.  ...  Symbolic analysis can counteract these techniques, but only if they can analyze obfuscated conditional statements.  ...  The seed of the hash function is a vector of opaque predicates itself. The challenge for the obfuscator is how to prevent the cryptographic hash function and its seed to be easily detected.  ... 
doi:10.1016/j.cose.2017.07.006 fatcat:oo6ufswnnbh25e4tmz7jo6eveu

A Tutorial on Software Obfuscation [chapter]

Sebastian Banescu, Alexander Pretschner
2018 Advances in Computers  
Obfuscation transforms a program into a functionally equivalent program which is harder for MATE to attack. However, obfuscation can be use both for benign and malicious purposes.  ...  Malware developers rely on obfuscation techniques to circumvent detection mechanisms and to prevent malware analysts from understanding the logic implemented by the malware.  ...  Similar to DPA, DCA able to recover a symmetric cryptographic key from a white-box cryptographic cypher binary, in a matter of seconds, without needing to disassemble the binary or to know anything about  ... 
doi:10.1016/bs.adcom.2017.09.004 fatcat:vz5uvubs5bhq5ewd5b7imvcpe4

LifeLine for FPGA Protection: Obfuscated Cryptography for Real-World Security

Florian Stolz, Nils Albartus, Julian Speith, Simon Klix, Clemens Nasenberg, Aiden Gula, Marc Fyrbiak, Christof Paar, Tim Güneysu, Russell Tessier
2021 Transactions on Cryptographic Hardware and Embedded Systems  
Over the last decade attacks have repetitively demonstrated that bitstream protection for SRAM-based FPGAs is a persistent problem without a satisfying solution in practice.  ...  We then describe the design and implementation of novel hardware obfuscation primitives based on the intrinsic structure of FPGAs.  ...  Hence, manipulation of a single bit of a data source results in a deviation of the cryptographic key (based on the avalanche property of the cryptographic hash function).  ... 
doi:10.46586/tches.v2021.i4.412-446 fatcat:tvapiwiqojhq7hbecgzgk7at5y

Loki: Hardening Code Obfuscation Against Automated Attacks [article]

Moritz Schloegel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz, Ali Abbasi
2021 arXiv   pre-print
In this work, we present Loki, an approach for code obfuscation that is resilient against all known automated deobfuscation attacks.  ...  Despite its importance, commercial and academic state-of-the-art obfuscation approaches are vulnerable to a plethora of automated deobfuscation attacks, such as symbolic execution, taint analysis, or program  ...  Applied to code obfuscation, symbolic execution is used to symbolically extract the core semantics of VM handlers [42] , track user input in an execution trace [54, 71, 72] , or detect opaque predicates  ... 
arXiv:2106.08913v2 fatcat:lbophyz6snhqdgxgfdf5nv2jja

Symbolic Execution of Obfuscated Code

Babak Yadegari, Saumya Debray
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
We show empirically that existing symbolic analyses are not robust against such obfuscations, and propose ways in which the problems can be mitigated using a combination of fine-grained bit-level taint  ...  Experimental results indicate that our approach is effective in allowing symbolic and concolic execution to handle such obfuscations.  ...  Previous studies have discussed attacks on symbolic execution systems using cryptographic hash functions [36] or unsolved mathematical conjectures [43] to construct computations that are difficult  ... 
doi:10.1145/2810103.2813663 dblp:conf/ccs/YadegariD15 fatcat:wyon46tkbvgcxlk2wpwuutkdiy

Control Flow Obfuscation Using Neural Network to Fight Concolic Testing [chapter]

Haoyu Ma, Xinjie Ma, Weijie Liu, Zhipeng Huang, Debin Gao, Chunfu Jia
2015 Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering  
Concolic testing is widely regarded as the state-of-the-art technique in dynamic discovering and analyzing trigger-based behavior in software programs.  ...  Our method also incorporates only basic integer operations and simple loops, thus can be hard to be distinguished from regular programs.  ...  With the help of debug information, these instructions in binaries can be mapped to commands in the corresponding source code.  ... 
doi:10.1007/978-3-319-23829-6_21 fatcat:6jbbgve6kve7hdh2vwkomaxpbm

StraightTaint: decoupled offline symbolic taint analysis

Jiang Ming, Dinghao Wu, Jun Wang, Gaoyao Xiao, Peng Liu
2016 Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering - ASE 2016  
Taint analysis has a wide variety of compelling applications in security tasks, from software attack detection to data lifetime analysis.  ...  We continue this line of research in this paper and propose pipelined symbolic taint analysis, a novel technique for parallelizing and pipelining taint analysis to take advantage of ubiquitous multi-core  ...  This research was supported in part by the National Science Foundation (NSF) grants CNS-1223710 and CCF-1320605, and the Office of Naval Research (ONR) grant N00014-13-1-0175.  ... 
doi:10.1145/2970276.2970299 dblp:conf/kbse/MingWWXL16 fatcat:ex6z374qjrezhpzhxb4hif6fia

Unleashing the Hidden Power of Compiler Optimization on Binary Code Difference: An Empirical Study [article]

Xiaolei Ren, Michael Ho, Jiang Ming, Yu Lei, Li Li
2021 arXiv   pre-print
BinTuner's outputs seriously undermine prominent binary diffing tools' comparisons. In addition, the detection rate of the IoT malware variants tuned by BinTuner falls by more than 50%.  ...  Since compiler optimization is the most common source contributing to binary code differences in syntax, testing the resilience against the changes caused by different compiler optimization settings has  ...  He was also a self-taught, talented magician and performed in many events. The audience always enjoyed his humor and creativity. We will remember his passion for research and life.  ... 
arXiv:2103.12357v2 fatcat:7e2jq53kijc4nlayfa4ljqc2um

Obfuscation resilient binary code reuse through trace-oriented programming

Junyuan Zeng, Yangchun Fu, Kenneth A. Miller, Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
in malware analysis and identification, and binary function transplanting.  ...  While prior approaches have shown that binary code can be extracted and reused, they are often based on static analysis and face challenges when coping with obfuscated binaries.  ...  Any opinions, findings, and conclusions in this paper are those of the authors only and do not necessarily reflect the views of the funding agencies.  ... 
doi:10.1145/2508859.2516664 dblp:conf/ccs/ZengFMLZX13 fatcat:3qob5amrfbdhrnk4ugu4p77jdm

Security Analysis of PHP Bytecode Protection Mechanisms [chapter]

Dario Weißer, Johannes Dahse, Thorsten Holz
2015 Lecture Notes in Computer Science  
We introduce a generic approach for decompilation of obfuscated bytecode and show that it is possible to automatically recover the original source code of protected software.  ...  In order to prevent such attacks, commercial products such as ionCube, Zend Guard, and Source Guardian promise a source code protection.  ...  In order to detected encoded files, Zend Guard replaces PHP VM's function zend compile file(). If the string <?  ... 
doi:10.1007/978-3-319-26362-5_23 fatcat:gwiv6u6r6re65gbo3pmwykfke4

Mitigating Smart Card Fault Injection with Link-Time Code Rewriting: A Feasibility Study [chapter]

Jonas Maebe, Ronald De Keulenaer, Bjorn De Sutter, Koen De Bosschere
2013 Lecture Notes in Computer Science  
We present a feasibility study to protect smart card software against fault-injection attacks by means of binary code rewriting.  ...  We implemented a range of protection techniques in a link-time rewriter and evaluate and discuss the obtained coverage, the associated overhead and engineering effort, as well as its practical usability  ...  Introduction Cryptographic keys and PIN hashes are often embedded in bank smart cards.  ... 
doi:10.1007/978-3-642-39884-1_19 fatcat:2gkj6xepwjb6flmyqvmvr2s2zi

CopyCat: Controlled Instruction-Level Attacks on Enclaves [article]

Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, Berk Sunar
2020 arXiv   pre-print
Our findings highlight the importance of stricter verification of cryptographic implementations, especially in the context of TEEs.  ...  attacks to perform single-trace key extraction that exploit subtle vulnerabilities in the latest versions of widely-used cryptographic libraries.  ...  However the legacy binary GCD function is still supported in the latest OpenSSL code base, version 1.1.1d, in the function BN_gcd (cf. Appendix Algorithm 5).  ... 
arXiv:2002.08437v3 fatcat:5epnn447mjfq3hk6mqk35hlewm
« Previous Showing results 1 — 15 out of 260 results