On-stack replacement to improve JIT-based obfuscation a preliminary study

As more devices are connecting together, more effective security techniques are needed to protect running software from hackers. One possible security technique is to continuously change the binary code running of given software by recompiling it on the fly. This switching need to be done frequently, quickly, and randomly, not constrained by specific locations in code, to make it difficult for the hacker to track the behavior of the running code or predict its functionality. In our research we are working on a technique that recompiles speculatively and concurrently with current execution, and switches to the new compiled version dynamically, at arbitrary points. This paper presents an early analytical study augmented by experimental analysis on manually applying this technique on simple kernels, to study the concept in comparison with other similar techniques.

[1]  Christopher A. Vick,et al.  The Java HotSpotTM Server Compiler , 2001 .

[2]  Christof Fetzer,et al.  Prospect: a compiler framework for speculative parallelization , 2010, CGO '10.

[3]  Bart Coppens,et al.  Feedback-driven binary code diversification , 2013, TACO.

[4]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[5]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[6]  Ahmed El-Mahdy,et al.  Cloud Protection by Obfuscation: Techniques and Metrics , 2012, 2012 Seventh International Conference on P2P, Parallel, Grid, Cloud and Internet Computing.

[7]  Laurie J. Hendren,et al.  A modular approach to on-stack replacement in LLVM , 2013, VEE '13.

[8]  Matthew Arnold,et al.  A Survey of Adaptive Optimization in Virtual Machines , 2005, Proceedings of the IEEE.

[9]  Chris Lattner,et al.  LLVM: AN INFRASTRUCTURE FOR MULTI-STAGE OPTIMIZATION , 2000 .

[10]  Hovav Shacham,et al.  On the effectiveness of address-space randomization , 2004, CCS '04.

[11]  Stephen J. Fink,et al.  Design, implementation and evaluation of adaptive recompilation with on-stack replacement , 2003, International Symposium on Code Generation and Optimization, 2003. CGO 2003..

[12]  Ahmed El-Mahdy,et al.  OJIT: A Novel Secure Remote Execution Technology By Obfuscated Just-In-Time Compilation , 2013 .

[13]  Craig Chambers,et al.  Making pure object-oriented languages practical , 1991, OOPSLA 1991.

[14]  Elaine J. Weyuker,et al.  Evaluating Software Complexity Measures , 2010, IEEE Trans. Software Eng..

[15]  Craig Chambers,et al.  Debugging optimized code with dynamic deoptimization , 1992, PLDI '92.

[16]  Chandra Krintz,et al.  Efficient and General On-Stack Replacement for Aggressive Program Specialization , 2006, Software Engineering Research and Practice.

[17]  Per Larsen,et al.  Profile-guided automated software diversity , 2013, Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO).

[18]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.