Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Security in Computing and Communication

SSCC 2017: Security in Computing and Communications pp 250–258Cite as

Opaque Predicate Detection by Static Analysis of Binary Executables

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 746))

Abstract

Opaque Predicates are one of the most covert methods employed by obfuscators to mitigate the risk of reverse engineering of code. Detecting the presence of opaque predicates in a program is an arduous problem since, it is challenging to differentiate between the conditional expressions present in the program and the extraneous expressions added by the obfuscator. This paper addresses a number of limitations encountered in the previous work due to dynamic analysis and proposes an improved algorithm for the detection of opaque predicates, with better efficiency and runtime. We propose a two phased approach for detecting the presence of opaque predicates - building an extractor to extract mathematical expressions from conditional statements and a decision engine which determines if the expressions are opaque predicates or not.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Schrittwieser, S., et al.: Protecting software through obfuscation: can it keep pace with progress in code analysis? ACM Comput. Surveys 49(1), 4 (2016)

    Article  Google Scholar 

  2. Banescu, S., Ochoa, M., Pretschner, A.: A frame- work for measuring software obfuscation resilience against automated attacks. In: 2015 IEEE/ACM 1st International Workshop on Software Protection (SPRO), pp. 45–51. IEEE (2015)

    Google Scholar 

  3. Breaking Down Binary Ninjas Low Level IL (2017). http://bit.ly/binjaIL

  4. Collberg, C.: Surreptitious Software. In: Opaque Predicates, pp. 246–253 (2009)

    Google Scholar 

  5. Dalla Preda, M., Madou, M., De Bosschere, K., Giacobazzi, R.: Opaque predicates detection by abstract interpretation. In: Johnson, M., Vene, V. (eds.) AMAST 2006. LNCS, vol. 4019, pp. 81–95. Springer, Heidelberg (2006). https://doi.org/10.1007/11784180_9

    Chapter  Google Scholar 

  6. Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_52

    Chapter  Google Scholar 

  7. Ming, J. et al.: Loop: Logic-oriented opaque predicate detection in obfuscated binary code. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 757–768. ACM (2015)

    Google Scholar 

  8. STP - Simple Theorem Prover (2008). https://github.com/stp/stp

  9. Xu, D., Ming, J., Wu, D.: Generalized dynamic opaque predicates: a new control flow obfuscation method. In: Bishop, M., Nascimento, A.C.A. (eds.) ISC 2016. LNCS, vol. 9866, pp. 323–342. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45871-7_20

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. TIFAC-CORE in Cyber Security, Amrita School of Engineering, Coimbatore, India

    R. Krishna Ram Prakash, P. P. Amritha & M. Sethumadhavan

  2. Amrita Vishwa Vidyapeetham, Amrita University, Coimbatore, India

    R. Krishna Ram Prakash

Authors
  1. R. Krishna Ram Prakash
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. P. Amritha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Sethumadhavan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to R. Krishna Ram Prakash .

Editor information

Editors and Affiliations

  1. Indian Institute of Information Technology and Management Kerala (IIITMK), Trivandrum, Kerala, India

    Sabu M. Thampi

  2. University of Murcia , Murcia, Spain

    Gregorio Martínez Pérez

  3. Federal University of Santa Catarina , Florianópolis, Santa Catarina, Brazil

    Carlos Becker Westphall

  4. RMIT University , Melbourne, Victoria, Australia

    Jiankun Hu

  5. National Sun Yat-sen University , Kaohsiung, Taiwan

    Chun I. Fan

  6. University of Murcia, Murcia, Spain

    Félix Gómez Mármol

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Prakash, R.K.R., Amritha, P.P., Sethumadhavan, M. (2017). Opaque Predicate Detection by Static Analysis of Binary Executables. In: Thampi, S., Martínez Pérez, G., Westphall, C., Hu, J., Fan, C., Gómez Mármol, F. (eds) Security in Computing and Communications. SSCC 2017. Communications in Computer and Information Science, vol 746. Springer, Singapore. https://doi.org/10.1007/978-981-10-6898-0_21

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-6898-0_21

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-6897-3

  • Online ISBN: 978-981-10-6898-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation