Exploiting code mobility for dynamic binary obfuscation

Software protection aims at protecting the integrity of software applications deployed on un-trusted hosts and being subject to illegal analysis. Within an un-trusted environment a possibly malicious user has complete access to system resources and tools in order to analyze and tamper with the application code. To address this research problem, we propose a novel binary obfuscation approach based on the deployment of an incomplete application whose code arrives from a trusted network entity as a flow of mobile code blocks which are arranged in memory with a different customized memory layout. This paper presents our approach to contrast reverse engineering by defeating static and dynamic analysis, and discusses its effectiveness.

[1]  Yijun He,et al.  Towards a secure mutual authentication and key exchange protocol for mobile communications , 2008, 2008 6th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks and Workshops.

[2]  Paul C. van Oorschot Revisiting Software Protection , 2003, ISC.

[3]  Barry E. Mullins,et al.  Program Fragmentation as a Metamorphic Software Protection , 2007 .

[4]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[5]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[6]  Saumya K. Debray,et al.  Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[7]  Yi-Jun He,et al.  Towards a secure mutual authentication and key exchange protocol for mobile communications , 2008, WiOpt 2008.

[8]  Yuichiro Kanzaki,et al.  Exploiting self-modification mechanism for program protection , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[9]  Paolo Falcarin,et al.  Application-Oriented Trust in Distributed Computing , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[10]  Jonathon T. Giffin,et al.  Strengthening software self-checksumming via self-modifying code , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[11]  Marco Torchiano,et al.  The effectiveness of source code obfuscation: An experimental assessment , 2009, 2009 IEEE 17th International Conference on Program Comprehension.

[12]  Paolo Falcarin,et al.  Remote trust with aspect-oriented programming , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[13]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.