期刊文献+

一种抵抗符号执行的路径分支混淆技术 被引量:12

Branch Obfuscation to Combat Symbolic Execution
下载PDF
导出
摘要 程序在动态执行过程中泄露了大量的路径分支信息,这些路径分支信息是其内部逻辑关系的二进制表示.符号执行技术可以自动地收集并推理程序执行过程所泄露的路径信息,可用于逆向工程并可削弱代码混淆的保护强度.哈希函数可以有效保护基于等于关系的路径分支信息,但是难以保护基于上下边界判断的不等关系的路径分支信息.将保留前缀算法与哈希函数相结合提出了一种新的路径分支混淆技术,将符号执行推理路径分支信息的难度等价到逆向推理哈希函数的难度.该路径分支混淆方法在SPECint-2006程序测试集上进行了实验,试验结果表明该混淆方法能有效保护程序路径分支信息,具有实用性. At run time,a large number of program branching information is leaked.Branching information is the binary rep- resentation of program internal logic. Symbolic execution could automatically collect and mason about the leaked branch informa- tion, which could be used for reverse engineering and weaken the strength of code obfuscation. Hash function can effectively safe- guard equal branch conditions,but it can' t be used to protect branching information containing unequal trigger conditions,such as greater than or less than.In this paper, a new branch obfuscation approach combining prefix-preserving algorithm and hash function, which extends the protection scope of hash function. The strength and resilience of the branch obfuscation are discussed. This branch obfuscation approach has been tested on 7 programs from the SPECint-2006 benchmark suite,and the experimental results show that this approach could effectively mitigate branch information leaking, yet practical in terms of performance.
出处 《电子学报》 EI CAS CSCD 北大核心 2015年第5期870-878,共9页 Acta Electronica Sinica
基金 国家自然科学基金(No.61300242 No.61272423 No.60973141) 国家"973"重点基础研究发展计划(No.2013CB834204) 中央高校基本科研业务费专项资金(No.65121012) 南开大学-腾讯联合项目
关键词 代码混淆 符号执行 哈希函数 保留前缀加密 code obfuscation symbolic execution Hash function prefix-preserving encryption
  • 相关文献

参考文献24

  • 1Falcarin P,et al.Guest editors' introduction:software protection[J].IEEE Software,2011,28(2):24-27.
  • 2The Compliance Gap:BSA Global Software Survey[EB/OL].Washington,DC:BSA,June 2014[2014-08-01].http://globalstudy.bsa.org/2013/downloads/studies/2013GlobalSurvey_Study_en.pdf.
  • 3Eighth Annual BSA and IDC Global Software Piracy Study[EB/OL].Washington,DC:BSA,2011[2013-01-26].http://portal.bsa.org/globalpiracy2010/downloads/study_pdf/2010_BSA_Piracy_Study-Standard.pdf.
  • 4King J.Symbolic execution and program testing[J].Communications of the ACM,1976,19(7):385-394.
  • 5Newsome J,Song D.Dynamic taint analysis for automatic detection,analysis,and signature generation of exploits on commodity software.Proceedings of the Network and Distributed System Security Symposium[C].Rosten,VA:Internet Society,2005.
  • 6Ganesh V,Dill D.A decision procedure for bit-vectors and arrays.Proceedings of International Conference on Computer Aided Verification[C].Berlin:Springer,2007.519-531.
  • 7Nethercote N,Seward J.Valgrind:a framework for heavyweight dynamic binary instrumentation.Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation[C].New York:ACM,2007.89-100.
  • 8Wang C,Davidson J,Hill J,et al.Protection of software-based survivability mechanisms.Proceedings of the International Conference on Dependable Systems and Networks[C].Piscataway,NJ:IEEE,2001.193-202.
  • 9Linn C,Debray S.Obfuscation of executable code to improve resistance to static disassembly.Proceedings of ACM Conference on Computer and Communication Security[C].New York,NY:ACM,2003.290-299.
  • 10Myles G,Collberg C.Software watermarking via opaque predicates:implementation,analysis,and attacks[J].Electronic Commerce Research,2006,6(2):155-171.

二级参考文献58

  • 1King J. Symbolic execution and program testing [J].Communicationsof the ACM, 1976, 19(7): 385-394.
  • 2Ganesh V, Dill D. STP: A decision procedure for bitvectors and arrays [OL]. [2010 06-10]. http://verify, stanford, edu/ PAPERS/STP ganesh-07, pdf.
  • 3Cadar C, Ganesh V, Pawlowski P, et al. EXE: Automatically generating inputs of death [C]//Proc of the 13th ACMCCS. New York: ACM, 2006:322-335.
  • 4Dutertrc B, Moura 1. M. A fast linear-arithmetic solver for DPI.I.(T) [C] //Proc of CAV'06. Berlin: Springer, 2006: 81-94.
  • 5Godefroid P, I.evin M Y, Molnar D. Automated whitebox fuzz testing [C] ]/Proe of Network and Distributed System Security Symp. lReston, VA: ISOC, 2008:1-11.
  • 6Cadar C, Engler D. Execution gencrated test cases: |Iow to make systems code crash itself [C] //Proc of lnt SPIN Workshop. Berlin: Springer, 2005:2-23.
  • 7Cadar C, Engler D, Engler D. Klee: Unassisted and automatic generation of highcoverage tests for complex systems programs [C] //Proc of USENIX OSDI'08 .Bcrkeley, CA: USENIX, 2008: 209-224.
  • 8Lee G, Morris J, et al. Using symbolic execution to guide test generation [J]. Software Testing, Verification g. Reliability, 2005, 15(1) : 41-61.
  • 9Brumley D, Newsome J, et al. Towards automatic generation of vulnerability-based signatures [C] //Proc of IEEE Sympon S&P. Piscataway, NJ: IEEE, 2006: 2-16.
  • 10Brumley D, Poosankam P, ct at. Automatic patch based exploit generation is possible= Techniques and Implications[C] //Proc of IEEE Syrup on Sg-P. Piscataway, NJ : 1EEE, 2008: 143-157.

共引文献17

同被引文献63

引证文献12

二级引证文献32

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部