Exploit dynamic data flows to protect software against semantic attacks

Kaiyuan Kuang, Zhanyong Tang, Xiaoqing Gong, Dingyi Fang, Xiaojiang Chen, Heng Zhang, Jie Liu, Zheng Wang
2017 2017 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computed, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI)  
Unauthorized code modification based on reverse engineering is a serious threat for software industry. Virtual machine based code obfuscation is emerging as a powerful technique for software protection. However, the current code obfuscation techniques are vulnerable under semantic attacks which use dynamic profiling to transform an obfuscated program to construct a simpler program that is functionally equivalent to the obfuscated program but easier to analyze. This paper presents DSA-VMP, a
more » ... l VM-based code obfuscation technique, to address the issue of semantic attacks. Our design goal is to exploit dynamic data flows to increase the diversity of the program behaviour. Doing so can reduce the effectiveness of dynamic profiling. Our approach using multiple bytecode handlers to interpret a single bytecode and hiding the logics that determine the program execution path (it is difficult for the attacker anticipate the program execution flow). These two techniques greatly increase the diversity of the program execution where the protected code regions exhibit a complex data flow across multiple runs, making it harder and more time consuming to trace the program execution through profiling. Our approach is evaluated using a set of real-world applications. Experimental results show that DSA-VMP can well protect software against semantic attacks at the cost of little extra runtime overhead when compared to two commercial VM-based code obfuscation tools.
doi:10.1109/uic-atc.2017.8397540 dblp:conf/uic/KuangTGFCZLW17 fatcat:bkom6c6g7nbunb7nhm3yzfmywy