论文信息 - Protecting Software through Obfuscation

Protecting Software through Obfuscation

Software obfuscation has always been a controversially discussed research area. While theoretical results indicate that provably secure obfuscation in general is impossible, its widespread application in malware and commercial software shows that it is nevertheless popular in practice. Still, it remains largely unexplored to what extent today’s software obfuscations keep up with state-of-the-art code analysis and where we stand in the arms race between software developers and code analysts. The main goal of this survey is to analyze the effectiveness of different classes of software obfuscation against the continuously improving deobfuscation techniques and off-the-shelf code analysis tools. The answer very much depends on the goals of the analyst and the available resources. On the one hand, many forms of lightweight static analysis have difficulties with even basic obfuscation schemes, which explains the unbroken popularity of obfuscation among malware writers. On the other hand, more expensive analysis techniques, in particular when used interactively by a human analyst, can easily defeat many obfuscations. As a result, software obfuscation for the purpose of intellectual property protection remains highly challenging.

[1] James C. King,et al. Symbolic execution and program testing , 1976, CACM.

[2] 共立出版株式会社. コンピュータ・サイエンス : ACM computing surveys , 1978 .

[3] Yvonne Freeh. The protection of computer software - Its technology and applications: edited by Derrick Grover, 2nd Edition, 1992 (British Computer Society Monographs in Informatics - Cambridge University Press, Softcover), 307pp, £17.95 (US $32.95), ISBN 0-521-42462-3 , 1992, Comput. Law Secur. Rev..

[4] Wojtek Kozaczynski,et al. Recovering reusable components from legacy systems by program segmentation , 1993, [1993] Proceedings Working Conference on Reverse Engineering.

[5] Frederick B. Cohen,et al. Operating system protection through program evolution , 1993, Comput. Secur..

[6] Aniello Cimitile,et al. Software salvaging based on conditions , 1994, Proceedings 1994 International Conference on Software Maintenance.

[7] David F. Bacon,et al. Compiler transformations for high-performance computing , 1994, CSUR.

[8] G. Ramalingam,et al. The undecidability of aliasing , 1994, TOPL.

[9] R. E. Kurt Stirewalt,et al. The interleaving problem in program understanding , 1995, Proceedings of 2nd Working Conference on Reverse Engineering.

[10] Frank Tip,et al. Parametric program slicing , 1995, POPL '95.

[11] Cristina Cifuentes,et al. Decompilation of binary programs , 1995, Softw. Pract. Exp..

[12] Michael Wolfe,et al. High performance compilers for parallel computing , 1995 .

[13] Norman Wilde,et al. Software reconnaissance: Mapping program features to code , 1995, J. Softw. Maintenance Res. Pract..

[14] Dennis B. Smith,et al. Towards a framework for program understanding , 1996, WPC '96. 4th Workshop on Program Comprehension.

[15] Aniello Cimitile,et al. A Specification Driven Slicing Process for Identifying Reusable Functions , 1996, J. Softw. Maintenance Res. Pract..

[16] Christian S. Collberg,et al. A Taxonomy of Obfuscating Transformations , 1997 .

[17] Susan Horwitz,et al. Precise flow-insensitive may-alias analysis is NP-hard , 1997, TOPL.

[18] Giuseppe Visaggio,et al. Extracting Reusable Funtions by Flow Graph-Based Program Slicing , 1997, IEEE Trans. Software Eng..

[19] Carey Nachenberg. Computer Virus — Coevolution The battle to conquer computer viruses is far from won , but new and improved antidotes are controlling the field , 1997 .

[20] Carey Nachenberg,et al. Computer virus-antivirus coevolution , 1997, Commun. ACM.

[21] David H. Ackley,et al. Building diverse computer systems , 1997, Proceedings. The Sixth Workshop on Hot Topics in Operating Systems (Cat. No.97TB100133).

[22] Bruce Schneier,et al. Environmental Key Generation Towards Clueless Agents , 1998, Mobile Agents and Security.

[23] Aniello Cimitile,et al. Conditioned program slicing , 1998, Inf. Softw. Technol..

[24] Clark Thomborson,et al. Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[25] Christian S. Collberg,et al. Breaking abstractions and unstructuring data structures , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[26] Flemming Nielson,et al. Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[27] Adi Shamir,et al. Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.

[28] Flemming Nielson,et al. International Workshop on Principles of Program Analysis , 1999 .

[29] Harry M. Sneed. Encapsulation of legacy software: A technique for reusing legacy software components , 2000, Ann. Softw. Eng..

[30] Jens Palsberg,et al. Experience with software watermarking , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[31] Jack W. Davidson,et al. Software Tamper Resistance: Obstructing Static Analysis of Programs , 2000 .

[32] Arun Lakhotia,et al. A formalism to automate mapping from program features to code , 2000, Proceedings IWPC 2000. 8th International Workshop on Program Comprehension.

[33] Amit Sahai,et al. On the (im)possibility of obfuscating programs , 2001, JACM.

[34] Yuan Xiang Gu,et al. An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs , 2001, ISC.

[35] Mikhail J. Atallah,et al. Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[36] Robert E. Tarjan,et al. Dynamic Self-Checking Techniques for Improved Tamper Resistance , 2001, Digital Rights Management Workshop.

[37] Dan Boneh,et al. Attacking an Obfuscated Cipher by Injecting Faults , 2002, Digital Rights Management Workshop.

[38] Paul C. van Oorschot,et al. White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[39] Paul C. van Oorschot,et al. A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[40] Sorin Lerner,et al. ESP: path-sensitive program verification in polynomial time , 2002, PLDI '02.

[41] Gregory R. Andrews,et al. Disassembly of executable code revisited , 2002, Ninth Working Conference on Reverse Engineering, 2002. Proceedings..

[42] Nasir D. Memon,et al. Obfuscation of design intent in object-oriented applications , 2003, DRM '03.

[43] Saumya K. Debray,et al. Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[44] Jack W. Davidson,et al. Protection of software-based survivability mechanisms , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[45] Yuichiro Kanzaki,et al. Exploiting self-modification mechanism for program protection , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[46] Paul Montague,et al. Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32 , 2004 .

[47] Hamilton E. Link,et al. Securing mobile code. , 2004 .

[48] Akito Monden,et al. A Framework for Obfuscated Interpretation , 2004, ACSW.

[49] Olivier Billet,et al. Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[50] Mark Harman,et al. Building executable union slices using conditioned slicing , 2004, Proceedings. 12th IEEE International Workshop on Program Comprehension, 2004..

[51] Mike Van Emmerik,et al. Using a decompiler for real-world source recovery , 2004, 11th Working Conference on Reverse Engineering.

[52] Halvar Flake,et al. Structural Comparison of Executable Objects , 2004, DIMVA.

[53] Mark Harman,et al. CONSIT: a fully automated conditioned program slicer , 2004, Softw. Pract. Exp..

[54] Tao Zhang,et al. Hardware assisted control flow obfuscation for embedded processors , 2004, CASES '04.

[55] Christopher Krügel,et al. Static Disassembly of Obfuscated Binaries , 2004, USENIX Security Symposium.

[56] Koen De Bosschere,et al. Software piracy prevention through diversity , 2004, DRM '04.

[57] Amit Sahai,et al. Positive Results and Techniques for Obfuscation , 2004, EUROCRYPT.

[58] Thomas W. Reps,et al. Analyzing Memory Accesses in x86 Executables , 2004, CC.

[59] Stefan Katzenbeisser,et al. Detecting Malicious Code by Model Checking , 2005, DIMVA.

[60] Barton P. Miller,et al. Practical analysis of stripped binary code , 2005, CARN.

[61] Somesh Jha,et al. Semantics-aware malware detection , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[62] Koen De Bosschere,et al. Hybrid static-dynamic attacks against software protection mechanisms , 2005, DRM '05.

[63] Koushik Sen,et al. CUTE: a concolic unit testing engine for C , 2005, ESEC/FSE-13.

[64] Eldad Eilam,et al. Reversing: Secrets of Reverse Engineering , 2005 .

[65] James Newsome,et al. Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[66] Hoeteck Wee,et al. On obfuscating point functions , 2005, STOC '05.

[67] Saumya K. Debray,et al. Deobfuscation: reverse engineering obfuscated code , 2005, 12th Working Conference on Reverse Engineering (WCRE'05).

[68] Xiangyu Zhang,et al. Matching execution histories of program versions , 2005, ESEC/FSE-13.

[69] Atsuko Miyaji,et al. Java Obfuscation Approaches to Construct Tamper-Resistant Object-Oriented Programs , 2005 .

[70] Koen De Bosschere,et al. Software Protection Through Dynamic Code Mutation , 2005, WISA.

[71] Bart Preneel,et al. Condensed White-Box Implementations , 2005 .

[72] Mark Harman,et al. ConSUS: a light-weight program conditioner , 2005, J. Syst. Softw..

[73] Hamilton E. Link,et al. Clarifying obfuscation: improving the security of white-box DES , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[74] Roberto Giacobazzi,et al. Semantic-Based Code Obfuscation by Abstract Interpretation , 2005, ICALP.

[75] U. Bayer,et al. TTAnalyze: A Tool for Analyzing Malware , 2006 .

[76] Clark D. Thomborson,et al. Manufacturing opaque predicates in distributed systems for code obfuscation , 2006, ACSC.

[77] Koen De Bosschere,et al. Understanding Obfuscated Code , 2006, 14th IEEE International Conference on Program Comprehension (ICPC'06).

[78] A. Majumdar,et al. On Evaluating Obfuscatory Strength of Alias-based Transforms using Static Analysis , 2006, 2006 International Conference on Advanced Computing and Communications.

[79] Koen De Bosschere,et al. Opaque Predicates Detection by Abstract Interpretation , 2006, AMAST.

[80] Zhendong Su,et al. Temporal search: detecting hidden malware timebombs with virtual machines , 2006, ASPLOS XII.

[81] Andrew Walenstein,et al. Normalizing Metamorphic Malware Using Term Rewriting , 2006, 2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation.

[82] Ramarathnam Venkatesan,et al. Proteus: virtualization for diversified tamper-resistance , 2006, DRM '06.

[83] Koen De Bosschere,et al. On the Effectiveness of Source Code Transformations for Binary Obfuscation , 2006, Software Engineering Research and Practice.

[84] Arun Lakhotia,et al. Using engine signature to detect metamorphic malware , 2006, WORM '06.

[85] Mattia Monga,et al. Using code normalization for fighting self-mutating malware , 2006 .

[86] P. Biondi,et al. Silver Needle in the Skype , 2006 .

[87] Helen J. Wang,et al. SubVirt: implementing malware with virtual machines , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[88] B. Preneel,et al. Self-encrypting Code to Protect Against Analysis and Tampering , 2006 .

[89] Mattia Monga,et al. Detecting Self-mutating Malware Using Control-Flow Graph Matching , 2006, DIMVA.

[90] Wenke Lee,et al. PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[91] Koen De Bosschere,et al. LOCO: an interactive code (De)obfuscation tool , 2006, PEPM '06.

[92] Julien Bringer,et al. White Box Cryptography: Another Attempt , 2006, IACR Cryptol. ePrint Arch..

[93] Jason Raber,et al. Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation , 2007, 14th Working Conference on Reverse Engineering (WCRE 2007).

[94] Ramarathnam Venkatesan,et al. A Graph Game Model for Software Tamper Protection , 2007, Information Hiding.

[95] J. Cham. The Power of Procrastination , 2007 .

[96] Gregory R. Andrews,et al. Binary Obfuscation Using Signals , 2007, USENIX Security Symposium.

[97] Heng Yin,et al. Renovo: a hidden code extractor for packed executables , 2007, WORM '07.

[98] Daniel Bilar,et al. Opcodes as predictor for malware , 2007, Int. J. Electron. Secur. Digit. Forensics.

[99] Ramarathnam Venkatesan,et al. Towards integral binary execution: implementing oblivious hashing using overlapped instruction encodings , 2007, MM&Sec.

[100] Guy N. Rothblum,et al. On Best-Possible Obfuscation , 2007, TCC.

[101] Christopher Krügel,et al. Exploring Multiple Execution Paths for Malware Analysis , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[102] Louis Goubin,et al. Cryptanalysis of white box DES implementations , 2007, IACR Cryptol. ePrint Arch..

[103] Ramarathnam Venkatesan,et al. Software Integrity Checking Expressions (ICEs) for Robust Tamper Detection , 2007, Information Hiding.

[104] Christopher Krügel,et al. Limits of Static Analysis for Malware Detection , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[105] Stefan Katzenbeisser,et al. Software transformations to improve malware detection , 2007, Journal in Computer Virology.

[106] Tang Yong,et al. An Automated Signature-Based Approach against Polymorphic Internet Worms , 2007, IEEE Transactions on Parallel and Distributed Systems.

[107] Bjorn De Sutter,et al. Matching Control Flow of Program Versions , 2007, 2007 IEEE International Conference on Software Maintenance.

[108] Ratan K. Guha,et al. Detecting Obfuscated Viruses Using Cosine Similarity Analysis , 2007, First Asia International Conference on Modelling & Simulation (AMS'07).

[109] Yuan Xiang Gu,et al. Information Hiding in Software with Mixed Boolean-Arithmetic Transforms , 2007, WISA.

[110] Pascal Junod,et al. Computer system security - Basic Concepts and Solved Exercises , 2007, Computer and communication sciences.

[111] Ugo Piazzalunga,et al. Security Strength Measurement for Dongle-Protected Software , 2007, IEEE Security & Privacy.

[112] Koen De Bosschere,et al. Program obfuscation: a quantitative approach , 2007, QoP '07.

[113] Bart Preneel,et al. Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[114] John Abraham,et al. Software Protection by Hardware and Obfuscation , 2007, Security and Management.

[115] Hovav Shacham,et al. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[116] Dawson R. Engler,et al. EXE: Automatically Generating Inputs of Death , 2008, TSEC.

[117] David Brumley,et al. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[118] Vinod Yegneswaran,et al. Eureka: A Framework for Enabling Static Malware Analysis , 2008, ESORICS.

[119] Wil Michiels,et al. Cryptanalysis of a Generic Class of White-Box Implementations , 2008, Selected Areas in Cryptography.

[120] Patrice Godefroid,et al. Automated Whitebox Fuzz Testing , 2008, NDSS.

[121] IOActive. Reverse Engineering Code with IDA Pro , 2008 .

[122] Jonathon T. Giffin,et al. Impeding Malware Analysis Using Conditional Code Obfuscation , 2008, NDSS.

[123] Samuel T. King,et al. Digging for Data Structures , 2008, OSDI.

[124] Zhenkai Liang,et al. BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[125] Justin Ferguson. Reverse engineering code with IDA Pro , 2008 .

[126] Ran Canetti,et al. Obfuscating Point Functions with Multibit Output , 2008, EUROCRYPT.

[127] Roberto Giacobazzi,et al. Hiding Information in Completeness Holes: New Perspectives in Code Obfuscation and Watermarking , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[128] Helmut Veith,et al. Jakstab: A Static Analysis Platform for Binaries , 2008, CAV.

[129] Debin Gao,et al. BinHunt: Automatically Finding Semantic Differences in Binary Programs , 2008, ICICS.

[130] Christopher Krügel,et al. A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[131] Grant Malcolm,et al. Detection of metamorphic and virtualization-based malware using algebraic specification , 2009, Journal in Computer Virology.

[132] Koen De Bosschere,et al. Instruction Set Limitation in Support of Software Diversity , 2009, ICISC.

[133] Chris Eagle,et al. The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler , 2008 .

[134] Yoann Guillot,et al. Automatic binary deobfuscation , 2009, Journal in Computer Virology.

[135] Jonathon T. Giffin,et al. Automatic Reverse Engineering of Malware Emulators , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[136] Lorie M. Liebrock,et al. Visualizing compiled executables for malware analysis , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[137] Jean-Yves Marion,et al. Server-side dynamic code analysis , 2009, 2009 4th International Conference on Malicious and Unwanted Software (MALWARE).

[138] Rolf Rolles,et al. Unpacking Virtualization Obfuscators , 2009, WOOT.

[139] Mian Zhou,et al. A heuristic approach for detection of obfuscated malware , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[140] Peter Martini,et al. Finding and extracting crypto routines from malware , 2009, 2009 IEEE 28th International Performance Computing and Communications Conference.

[141] Jian Xu,et al. Malware Obfuscation Detection via Maximal Patterns , 2009, 2009 Third International Symposium on Intelligent Information Technology Application.

[142] Salvatore J. Stolfo,et al. On the infeasibility of modeling polymorphic shellcode , 2009, Machine Learning.

[143] T. Laszlo,et al. OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING , 2009 .

[144] Ramarathnam Venkatesan,et al. Runtime Protection via Dataflow Flattening , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[145] Joshua Mason,et al. English shellcode , 2009, CCS.

[146] Tzi-cker Chiueh,et al. Automatic Generation of String Signatures for Malware Detection , 2009, RAID.

[147] Bart Preneel,et al. Towards Security Notions for White-Box Cryptography , 2009, ISC.

[148] David A. Wagner,et al. A Graph Approach to Quantitative Analysis of Control-Flow Obfuscating Transformations , 2009, IEEE Transactions on Information Forensics and Security.

[149] Kevin Coogan,et al. Automatic Static Unpacking of Malware Binaries , 2009, 2009 16th Working Conference on Reverse Engineering.

[150] Koushik Sen. DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[151] Matěj Myška. The True Story of DRM , 2009 .

[152] Helmut Veith,et al. An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries , 2008, VMCAI.

[153] Saumya K. Debray,et al. Reverse Engineering Self-Modifying Code: Unpacker Extraction , 2010, 2010 17th Working Conference on Reverse Engineering.

[154] Stephen McCamant,et al. Binary Code Extraction and Interface Identification for Security Applications , 2009, NDSS.

[155] Thomas W. Reps,et al. Directed Proof Generation for Machine Code , 2010, CAV.

[156] Carsten Griwodz,et al. Program Obfuscation by Strong Cryptography , 2010, 2010 International Conference on Availability, Reliability and Security.

[157] Christian S. Collberg,et al. Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[158] Jack W. Davidson,et al. A Secure and Robust Approach to Software Tamper Resistance , 2010, Information Hiding.

[159] Arun Lakhotia,et al. Context-sensitive analysis without calling-context , 2010, High. Order Symb. Comput..

[160] Heng Yin. TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution , 2010 .

[161] Bart Preneel,et al. Cryptanalysis of a Perturbated White-Box AES Implementation , 2010, INDOCRYPT.

[162] Steven Gianvecchio,et al. Mimimorphism: a new approach to binary code obfuscation , 2010, CCS '10.

[163] Bart Preneel,et al. A general model for hiding control flow , 2010, DRM '10.

[164] Michael Franz,et al. E unibus pluram: massive-scale software diversity as a defense mechanism , 2010, NSPW '10.

[165] Xiangyu Zhang,et al. Automatic Reverse Engineering of Data Structures from Binary Execution , 2010, NDSS.

[166] David Brumley,et al. All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[167] Christopher Krügel,et al. Identifying Dormant Functionality in Malware Programs , 2010, 2010 IEEE Symposium on Security and Privacy.

[168] Murray Brand,et al. Analysis avoidance techniques of malicious software , 2010 .

[169] Roberto Giacobazzi,et al. Modelling Metamorphism by Abstract Interpretation , 2010, SAS.

[170] Christopher Krügel,et al. Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries , 2010, 2010 IEEE Symposium on Security and Privacy.

[171] Roberto Giacobazzi,et al. An abstract interpretation-based model for safety semantics , 2011, Int. J. Comput. Math..

[172] Kevin Coogan,et al. Deobfuscation of virtualization-obfuscated software: a semantics-based approach , 2011, CCS '11.

[173] Christopher Krügel,et al. The power of procrastination: detection and mitigation of execution-stalling malicious code , 2011, CCS '11.

[174] Herbert Bos,et al. Howard: A Dynamic Excavator for Reverse Engineering Data Structures , 2011, NDSS.

[175] Philippe Herrmann,et al. Refinement-Based CFG Reconstruction from Unstructured Programs , 2011, VMCAI.

[176] Bart Preneel,et al. A taxonomy of self-modifying code for obfuscation , 2011, Comput. Secur..

[177] Stefan Katzenbeisser,et al. Code Obfuscation against Static and Dynamic Reverse Engineering , 2011, Information Hiding.

[178] Tim Güneysu,et al. Decrypting HDCP-protected Video Streams Using Reconfigurable Hardware , 2011, 2011 International Conference on Reconfigurable Computing and FPGAs.

[179] Brecht Wyseur,et al. White-Box Cryptography , 2011, Encyclopedia of Cryptography and Security.

[180] Carsten Willems,et al. Automated Identification of Cryptographic Primitives in Binary Programs , 2011, RAID.

[181] David Brumley,et al. BAP: A Binary Analysis Platform , 2011, CAV.

[182] Yael Tauman Kalai,et al. Program Obfuscation with Leaky Hardware , 2011, IACR Cryptol. ePrint Arch..

[183] Ziming Zhao,et al. Automatic Extraction of Secrets from Malware , 2011, 2011 18th Working Conference on Reverse Engineering.

[184] Andrew Walenstein,et al. In situ reuse of logically extracted functional components , 2012, Journal in Computer Virology.

[185] Jean-Yves Marion,et al. Aligot: cryptographic function identification in obfuscated binary programs , 2012, CCS.

[186] Ahmad-Reza Sadeghi,et al. XIFER: A Software Diversity Tool Against Code-Reuse Attacks , 2012 .

[187] Christopher Krügel,et al. A Static, Packer-Agnostic Filter to Detect Similar Malware Samples , 2012, DIMVA.

[188] Gabriel Negreira Barbosa,et al. Scientific but Not Academical Overview of Malware Anti-Debugging , Anti-Disassembly and Anti-VM Technologies , 2012 .

[189] Felix C. Freiling,et al. Reverse Code Engineering — State of the Art and Countermeasures , 2012, it Inf. Technol..

[190] Koen De Bosschere,et al. A Novel Obfuscation: Class Hierarchy Flattening , 2012, FPS.

[191] Roberto Giacobazzi,et al. Making Abstract Interpretation Incomplete: Modeling the Potency of Obfuscation , 2012, SAS.

[192] Johannes Kinder. Towards Static Analysis of Virtualization-Obfuscated Binaries , 2012, 2012 19th Working Conference on Reverse Engineering.

[193] Thomas Ristenpart,et al. Protocol misidentification made easy with format-transforming encryption , 2013, CCS.

[194] Stefan Katzenbeisser,et al. Covert computation: hiding code in code for obfuscation purposes , 2013, ASIA CCS '13.

[195] Bart Coppens,et al. Feedback-driven binary code diversification , 2013, TACO.

[196] Andy King,et al. BinSlayer: accurate comparison of binary executables , 2013, PPREW '13.

[197] Ittai Anati,et al. Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[198] David Brumley,et al. Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring , 2013, USENIX Security Symposium.

[199] Barton P. Miller,et al. Binary-code obfuscations in prevalent packer tools , 2013, CSUR.

[200] Dhiru Kholia,et al. Looking Inside the (Drop) Box , 2013, WOOT.

[201] Xiangyu Zhang,et al. Obfuscation resilient binary code reuse through trace-oriented programming , 2013, CCS.

[202] Yael Tauman Kalai,et al. Protecting Obfuscation against Algebraic Attacks , 2014, EUROCRYPT.

[203] Yael Tauman Kalai,et al. The Impossibility of Obfuscation with Auxiliary Input or a Universal Simulator , 2014, CRYPTO.

[204] Koen De Bosschere,et al. Pushing Java Type Obfuscation to the Limit , 2014, IEEE Transactions on Dependable and Secure Computing.

[205] P. Kiberstis. Playing Hide and Seek , 2014, Science Signaling.

[206] Guy N. Rothblum,et al. Virtual Black-Box Obfuscation for All Circuits via Generic Graded Encoding , 2014, TCC.

[207] Khaled Yakdan,et al. No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantic-Preserving Transformations , 2015, NDSS.

[208] S. Halevi,et al. Candidate Indistinguishability Obfuscation and Functional Encryption for All Circuits , 2016, SIAM J. Comput..