Skip to main content
Log in

Obfuscated integration of software protections

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

To counter man-at-the-end attacks such as reverse engineering and tampering, software is often protected with techniques that require support modules to be linked into the application. It is well known, however, that attackers can exploit the modular nature of applications and their protections to speed up the identification and comprehension process of the relevant code, the assets, and the applied protections. To counter that exploitation of modularity at different levels of granularity, the boundaries between the modules in the program need to be obfuscated. We propose to do so by combining three cross-boundary protection techniques that thwart the disassembly process and in particular the reconstruction of functions: code layout randomization, interprocedurally coupled opaque predicates, and code factoring with intraprocedural control flow idioms. By means of an experimental evaluation on realistic use cases and state-of-the-art tools, we demonstrate our technique’s potency and resilience to advanced attacks. All relevant code is publicly available online.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

References

  1. Ceccato, M., Tonella, P., Basile, C., Falcarin, P., Torchiano, M., Coppens, B., De Sutter, B.: Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge. Empir. Softw. Eng. 24(1), 240–286 (2019)

    Article  Google Scholar 

  2. Cabutto, A., Falcarin, P., Abrath, B., Coppens, B., De Sutter, B.: Software protection with code mobility. In: Proceedings of the 2nd ACM Workshop on Moving Target Defense, pp. 95–103 (2015)

  3. Ceccato, M., Dalla Preda, M., Nagra, J., Collberg, C., Tonella, P.: Barrier slicing for remote software trusting. In: 7th IEEE International Working Conference on Source Code Analysis and Manipulation, pp. 27–36 (2007)

  4. Viticchié, A., Basile, C., Avancini, A., Ceccato, M., Abrath, B., Coppens, B.: Reactive attestation: Automatic detection and reaction to software tampering attacks. In: Proceedings of the 2016 ACM Workshop on Software PROtection, pp. 73–84 (2016)

  5. Abrath, B., Coppens, B., Volckaert, S., Wijnant, J., De Sutter, B.: Tightly-coupled self-debugging software protection. In: Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering, p. 7 (2016)

  6. Ghosh, S., Hiser, J.D., Davidson, J.W.: A secure and robust approach to software tamper resistance. In: Proceedings of the International Workshop on Information Hiding, pp. 33–47 (2010)

  7. Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education, London (2009)

    Google Scholar 

  8. Wang, Y.: Cognitive complexity of software and its measurement. In: 2006 5th IEEE International Conference on Cognitive Informatics, vol. 1, pp. 226–235 (2006). https://doi.org/10.1109/COGINF.2006.365701

  9. Woodward, M.R., Hennell, M.A., Hedley, D.: A measure of control flow complexity in program text. IEEE Trans. Softw. Eng. 5(1), 45–50 (1979)

    Article  Google Scholar 

  10. Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 290–299 (2003)

  11. Van Put, L., Chanet, D., De Bus, B., De Sutter, B., De Bosschere, K.: Diablo: a reliable, retargetable and extensible link-time rewriting framework. In: Proceedings of the 5th IEEE International Symposium on Signal Processing and Information Technology, 2005, pp. 7–12 (2005)

  12. Debray, S.K., Evans, W., Muth, R., De Sutter, B.: Compiler techniques for code compaction. ACM Trans. Program. Lang. Syst. (TOPLAS) 22(2), 378–415 (2000)

    Article  Google Scholar 

  13. Muchnick, S., et al.: Advanced Compiler Design Implementation. Morgan Kaufmann, Burlington (1997)

    Google Scholar 

  14. Coppens, B., De Sutter, B., Maebe, J.: Feedback-driven binary code diversification. ACM Trans. Arch. Code Optim. (TACO) 9(4), 24 (2013)

    Google Scholar 

  15. Kil, C., Jun, J., Bookholt, C., Xu, J., Ning, P.: Address space layout permutation (ASLP): towards fine-grained randomization of commodity software. In: Proceedings of 22nd Annual Computer Security Applications Conference, pp. 339–348 (2006)

  16. Meng, X., Miller, B.P.: Binary code is not easy. In: Proceedings of the 25th International Symposium on Software Testing and Analysis, pp. 24–35 (2016)

  17. Ngo, M.N., Tan, H.B.K.: Detecting large number of infeasible paths through recognizing their patterns. In: Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 215–224 (2007)

  18. Dalla Preda, M., Madou, M., De Bosschere, K., Giacobazzi, R.: Opaque predicates detection by abstract interpretation. In: International Conference on Algebraic Methodology and Software Technology, pp. 81–95 (2006)

  19. Yadegari, B., Debray, S.: Symbolic execution of obfuscated code. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 732–744 (2015)

  20. Yadegari, B., Johannesmeyer, B., Whitely, B., Debray, S.: A generic approach to automatic deobfuscation of executable code. In: IEEE Symposium on Security and Privacy, pp. 674–691 (2015)

  21. Blazytko, T., Contag, M., Aschermann, C., Holz, T.: Syntia: Synthesizing the semantics of obfuscated code. In: Proceedings of the 26th USENIX Conference on Security Symposium, pp. 643–659 (2017)

  22. Madou, M.: Application security through program bfuscation. Phd thesis, Ghent University (2007)

  23. Collberg, C.S., Thomborson, C.D., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: POPL (1998)

  24. Wegman, M.N., Zadeck, F.K.: Constant propagation with conditional branches. ACM Trans. Program. Lang. Syst. (TOPLAS) 13(2), 181–210 (1991)

    Article  Google Scholar 

  25. Wang, C., Hill, J., Knight, J., Davidson, J.: Software tamper resistance: obstructing static analysis of programs. Technical Report, Technical Report CS-2000-12, University of Virginia (2000)

  26. Debray, S., Evans, W., Muth, R.: Compiler techniques for code compression. In: Workshop on Compiler Support for System Software, pp. 117–123 (1999)

  27. De Sutter, B., De Bus, B., De Bosschere, K.: Sifting out the mud: low level C++ code reuse. ACM SIGPLAN Not. 37, 275–291 (2002)

    Article  Google Scholar 

  28. /OPT (Optimizations)—Microsoft Docs (2018). https://docs.microsoft.com/en-us/cpp/build/reference/opt-optimizations?view=vs-2019. Accessed 17 Apr 2019

  29. De Sutter, B., De Bus, B., De Bosschere, K.: Sifting out the mud: low level C++ code reuse. In: Proceedings of the 17th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), vol. 37, pp. 275–291 (2002)

  30. Edler von Koch, T.J., Franke, B., Bhandarkar, P., Dasgupta, A.: Exploiting function similarity for code size reduction. ACM SIGPLAN Not. 49(5), 85–94 (2014)

    Article  Google Scholar 

  31. Rocha, R.C., Petoumenos, P., Wang, Z., Cole, M., Leather, H.: Function merging by sequence alignment. In: Proceedings of the 2019 IEEE/ACM International Symposium on Code Generation and Optimization, pp. 149–163 (2019)

  32. Tip, F.: A survey of program slicing techniques. J. Program. Lang. 3(3), 121–189 (1995)

    Google Scholar 

  33. De Sutter, B., De Bus, B., De Bosschere, K.: Bidirectional liveness analysis, or how less than half of the alpha’s registers are used. J. Syst. Arch. 52(10), 535–548 (2006)

    Article  Google Scholar 

  34. Debray, S.K., Evans, W., Muth, R., De Sutter, B.: Compiler techniques for code compaction. ACM Trans. Program. Lang. Syst. 22(2), 378–415 (2000)

    Article  Google Scholar 

  35. Debray, S., Muth, R., Weippert, M.: Alias analysis of executable code. In: Proceedings of ACM POPL, pp. 12–24 (1998)

  36. Basile, C.: D5.11 ASPIRE framework report. Techreport, POLITO (2016). https://aspire-fp7.eu/sites/default/files/D5.11-ASPIRE-Framework-Report.pdf. Accessed 17 Sept 2018

  37. Banescu, S., Collberg, C., Ganesh, V., Newsham, Z., Pretschner, A.: Code obfuscation against symbolic execution attacks. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 189–200 (2016)

  38. Standard Performance Evaluation Corporation: SPEC CPU 2006 (2018). https://www.spec.org/cpu2006/

  39. Home—Aspire-FP7 (2018). https://aspire-fp7.eu/

  40. De Sutter, B.: D1.06 ASPIRE validation. Techreport, Ghent University (2016). https://aspire-fp7.eu/sites/default/files/D1.06-ASPIRE-Validation-v1.01.pdf. Accessed 6 May 2019

  41. Van den Broeck, J., Coppens, B., De Sutter, B.: Extended report on the obfuscated integration of software protections (2019). arXiv:1907.01445

  42. Liška, M.: Optimizing large applications (2014). arXiv preprint arXiv:1403.6997

  43. mliska: [PATCH 3/5] IPA ICF pass (2014). https://gcc.gnu.org/ml/gcc-patches/2014-06/msg01246.html. Accessed 17 Apr 2019

  44. Tallam, S., Coutant, C., Taylor, I.L., Li, X.D., Demetriou, C.: Safe ICF: pointer safe and unwinding aware identical code folding in gold. In: GCC Developers Summit (2010)

  45. Ueyama, R.: Elf: implement ICF (2016). https://reviews.llvm.org/rL261912. Accessed 17 Apr 2019

  46. Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., Weippl, E.: Protecting software through obfuscation: can it keep pace with progress in code analysis? ACM Comput. Surv. (CSUR) 49(1), 4 (2016)

    Article  Google Scholar 

  47. Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report. Department of Computer Science, The University of Auckland, New Zealand (1997)

  48. Myles, G., Collberg, C.: Software watermarking via opaque predicates: implementation, analysis, and attacks. Electron. Commer. Res. 6(2), 155–171 (2006)

    Article  Google Scholar 

  49. Majumdar, A., Thomborson, C.: Manufacturing opaque predicates in distributed systems for code obfuscation. In: Proceedings of the 29th Australasian Computer Science Conference, vol. 48, pp. 187–196 (2006)

  50. Xu, H., Zhou, Y., Kang, Y., Tu, F., Lyu, M.: Manufacturing resilient bi-opaque predicates against symbolic execution. In: 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 666–677 (2018). https://doi.org/10.1109/DSN.2018.00073

  51. Zobernig, L., Galbraith, S.D., Russello, G.: Indistinguishable predicates: a new tool for obfuscation. IACR Cryptol. ePrint Arch. 2017, 787 (2017)

    Google Scholar 

  52. Zobernig, L., Galbraith, S.D., Russello, G.: When are opaque predicates useful? In: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pp. 168–175. IEEE (2019)

  53. Asghar, M.R., Galbraith, S.D., Russello, G.: Obfuscation through simplicity (2016). https://www.math.auckland.ac.nz/~sgal018/simplicity.pdf. Accessed 24 June 2019

  54. Collberg, C., Martin, S., Myers, J., Zimmerman, B.: The tigress diversifying c virtualizer (2015). http://tigress.cs.arizona.edu/. Accessed 17 Apr 2019

  55. Junod, P., Rinaldini, J., Wehrli, J., Michielin, J.: Obfuscator-LLVM—software protection for the masses. In: Wyseur, B. (ed.) Proceedings of the IEEE/ACM 1st International Workshop on Software Protection, SPRO’15, Firenze, Italy, May 19th, 2015, pp. 3–9. IEEE (2015). https://doi.org/10.1109/SPRO.2015.10

Download references

Funding

This research was funded by the Agency for Innovation by Science and Technology in Flanders (IWT) (Grant Number 141758). Part of this research was conducted in the EU FP7 project ASPIRE, which has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under Grant Agreement Number 609734. Part of the research was also funded by the Cybersecurity Initiative Flanders from the Flemish Government. Part of this research was also funded by the Fund for Scientific Research - Flanders (FWO) as part of project grant 3G0E2318.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Bjorn De Sutter.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Van den Broeck, J., Coppens, B. & De Sutter, B. Obfuscated integration of software protections. Int. J. Inf. Secur. 20, 73–101 (2021). https://doi.org/10.1007/s10207-020-00494-8

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-020-00494-8

Keywords

Navigation