Skip to main content
SpringerLink
Log in

Probfuscation: An Obfuscation Approach Using Probabilistic Control Flows

  • Conference paper
  • First Online:
Book cover Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9721))

Abstract

Sensitive parts of a program, such as proprietary algorithms or licensing information, are often protected with the help of code obfuscation techniques. Many obfuscation schemes transform the control flow of the protected program. Typically, the control flow of obfuscated programs is deterministic, i.e., recorded execution traces do not differ for multiple executions using the same input values. An adversary can take advantage of this behavior and create multiple traces to perform analyses on the target program in order to deobfuscate it.

In this paper, we introduce an obfuscation approach which yields probabilistic control flow within a given method. That is, for the same input values, multiple execution traces differ, whilst preserving semantics. This effectively renders analyses relying on multiple traces impractical. We have implemented a prototype and applied it to several different programs. Our experimental results show that our approach can be used to ensure divergent traces for the same input values and that it can significantly improve the resilience against dynamic analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Anckaert, B., Jakubowski, M., Venkatesan, R.: Proteus: virtualization for diversified tamper-resistance. In: Proceedings of the ACM Workshop on Digital Rights Management (2006)

    Google Scholar 

  2. Chan, P.P., Collberg, C.: A method to evaluate CFG comparison algorithms. In: International Conference on Quality Software (QSIC) (2014)

    Google Scholar 

  3. Chen, H., Yuan, L., Wu, X., Zang, B., Huang, B., Yew, P.C.: Control flow obfuscation with information flow tracking. In: Annual IEEE/ACM International Symposium on Microarchitecture (2009)

    Google Scholar 

  4. Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations. Technical report, Department of Computer Science, The University of Auckland, New Zealand (1997)

    Google Scholar 

  5. Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: ACM Symposium on Principles of Programming Languages (POPL) (1998)

    Google Scholar 

  6. Collberg, C.: The Tigress C Diversifier/Obfuscator. http://tigress.cs.arizona.edu

  7. Coogan, K., Lu, G., Debray, S.: Deobfuscation of virtualization-obfuscated software: a semantics-based approach. In: ACM Conference on Computer and Communications Security (CCS) (2011)

    Google Scholar 

  8. Crane, S., Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Thwarting cache side-channel attacks through dynamic software diversity. In: Symposium on Network and Distributed System Security (NDSS) (2015)

    Google Scholar 

  9. Davi, L., Liebchen, C., Sadeghi, A.R., Snow, K.Z., Monrose, F.: Isomeron: code randomization resilient to (just-in-time) return-oriented programming. In: Symposium on Network and Distributed System Security (NDSS) (2015)

    Google Scholar 

  10. Fang, H., Wu, Y., Wang, S., Huang, Y.: Multi-stage binary code obfuscation using improved virtual machine. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 168–181. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Guy_Smith: Common Compiler Infrastructure: Metadata API. https://ccimetadata.codeplex.com/

  12. Hu, X., Chiueh, T.C., Shin, K.G.: Large-scale malware indexing using function-call graphs. In: ACM Conference on Computer and Communications Security (CCS) (2009)

    Google Scholar 

  13. Junod, P.: Obfuscator-LLVM. https://github.com/obfuscator-llvm/obfuscator/wiki

  14. Kushner, D.: Steamed: Valve Software Battles Video-game Cheaters. http://spectrum.ieee.org/consumer-electronics/gaming/steamed-valve-software-battles-videogame-cheaters

  15. Lee, B., Kim, Y., Kim, J.: binOb+: a framework for potent and stealthy binary obfuscation. In: ACM Symposium on Information, Computer and Communications Security (ASIACCS) (2010)

    Google Scholar 

  16. Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: IEEE Symposium on Security and Privacy (S&P) (2007)

    Google Scholar 

  17. Oreans Technologies: Code Virtualizer: Total Obfuscation against Reverse Engineering. http://oreans.com/codevirtualizer.php

  18. Pawlowski, A., Contag, M., Holz, T.: Probfuscation: An Obfuscation Approach using Probabilistic Control Flows. In: Technical Report TR-HGI-2016-002, Ruhr University Bochum (2016)

    Google Scholar 

  19. Popov, I.V., Debray, S.K., Andrews, G.R.: Binary obfuscation using signals. In: USENIX Security Symposium (2007)

    Google Scholar 

  20. Ramalingam, G.: The undecidability of aliasing. ACM Trans. Program. Lang. Syst. (TOPLAS) 16(5), 1467–1471 (1994)

    Article  Google Scholar 

  21. Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Automatic reverse engineering of malware emulators. In: IEEE Symposium on Security and Privacy (S&P) (2009)

    Google Scholar 

  22. VMProtect Software: VMProtect: Software protection against reversing and cracking. http://vmpsoft.com/

  23. Wang, C., Davidson, J., Hill, J., Knight, J.: Protection of software-based survivability mechanisms. In: International Conference on Dependable Systems and Networks, 2001, DSN 2001 (2001)

    Google Scholar 

  24. Wang, P., Wang, S., Ming, J., Jiang, Y., Wu, D.: Translingual obfuscation. In: IEEE European Symposium on Security and Privacy (Euro S&P) (2016)

    Google Scholar 

  25. Yadegari, B., Johannesmeyer, B., Whitely, B., Debray, S.: A generic approach to automatic deobfuscation of executable code. In: IEEE Symposium on Security and Privacy (S&P) (2015)

    Google Scholar 

  26. Zeng, Z., Tung, A.K., Wang, J., Feng, J., Zhou, L.: Comparing stars: on approximating graph edit distance. In: International Conference on Very Large Data Bases (VLDB) (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Horst Görtz Institute for IT-Security (HGI), Ruhr-Universität Bochum, Bochum, Germany

    Andre Pawlowski, Moritz Contag & Thorsten Holz

Authors
  1. Andre Pawlowski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Moritz Contag
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thorsten Holz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andre Pawlowski .

Editor information

Editors and Affiliations

  1. IMDEA Software Institute, Pozuelo de Alarcón, Madrid, Spain

    Juan Caballero

  2. Mondragon University, Arrasate, Guipúzcoa, Spain

    Urko Zurutuza

  3. Universidad de Zaragoza, Zaragoza, Spain

    Ricardo J. Rodríguez

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Pawlowski, A., Contag, M., Holz, T. (2016). Probfuscation: An Obfuscation Approach Using Probabilistic Control Flows. In: Caballero, J., Zurutuza, U., Rodríguez, R. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2016. Lecture Notes in Computer Science(), vol 9721. Springer, Cham. https://doi.org/10.1007/978-3-319-40667-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40667-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40666-4

  • Online ISBN: 978-3-319-40667-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation