Obfuscated integration of software protections

Broeck, Jens Van den; Coppens, Bart; Sutter, Bjorn De

doi:10.1007/s10207-020-00494-8

Cited by 8 publications

(6 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Van den Broeck et al proposed a third application of two-way OPs, namely to connect unrelated code fragments from different functions, with the goal of hampering disassemblers that partitioning the code into components such as functions [24]. They do this by merging control flow paths from different code contexts in different components, if possible in combination with outlining of equivalent fragments from those contexts.…”

Section: Flexible Opaque Predicatesmentioning

confidence: 99%

“…Our proof of concept implementation applies the principles introduced in Section 2 to one-way predicates used to inject bogus control flow like Collberg's alias-based OPs and to the two-way opaque dispatchers proposed by Van den Broeck et al [24]. For the one-way predicates, we support flow-sensitive as well as flow-insensitive invariants in complex data structures.…”

Section: Flexible Opaque Predicatesmentioning

confidence: 99%

“…Depending on the objective with which OPs are injected, OPs can be inherently susceptible to this form of attack. For example, in the work of Van den Broeck et al bogus control flow paths are inserted precisely to make disassemblers infer connections between code fragments that are actually not at all related, and thus to thwart the reconstruction of functions [24]. As the connected fragments are not related by construction, a certain lack of normal data dependencies is unavoidable.…”

Section: Taint Analysismentioning

confidence: 99%

“…We implemented support for one-way and two-way flexible OPs in Diablo, a post-link-time binary rewriting research tool [62] that already includes support for a range of other MATE protections including control flow obfuscations [61] and diversification [26]. We opted for Diablo because we can reuse the basic functionality for those protections, hence limiting the engineering effort for developing this proof-of-concept implementation.…”

Section: Proof-of-concept Implementation and Experimental Setupmentioning

confidence: 99%

See 3 more Smart Citations

Flexible software protection

Broeck

Coppens

Sutter

2022

Computers & Security

Self Cite

View full text Add to dashboard Cite

Section: Flexible Opaque Predicatesmentioning

confidence: 99%

Section: Flexible Opaque Predicatesmentioning

confidence: 99%

Section: Taint Analysismentioning

confidence: 99%

Section: Proof-of-concept Implementation and Experimental Setupmentioning

confidence: 99%

See 2 more Smart Citations

Flexible software protection

Broeck

Coppens

Sutter

2022

Computers & Security

Self Cite

View full text Add to dashboard Cite

“…While potency, resilience, and stealth are commonly accepted criteria that should be evaluated [25], no standardized metrics are available for them. Complexity metrics originating from the field of software engineering have been proposed [18] and ad-hoc metrics are used in academic papers [54,71], but none have been empirically validated in the context of MATE SP, and none of them are trusted in practice, i.e., are deemed a sufficient replacement for human expertise and pen testing.…”

Section: Challenges Towards Standardizationmentioning

confidence: 99%

Man-at-the-End Software Protection as a Risk Analysis Process

Canavese¹,

Regano²,

Basile³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

The last years have seen an increase of Man-at-the-End (MATE) attacks against software applications, both in number and severity. However, MATE software protections are dominated by fuzzy concepts and techniques, and security-through-obscurity is omnipresent in this field. In this paper, we present a rationale for adopting and standardizing the protection of software as a risk management process according to the NIST SP800-39 approach. We examine the relevant aspects of formalizing and automating the risk management activities, to instigate the necessary actions for adoption. We highlight the open issues that the research community has to address. We discuss the benefits that such an approach can bring to all stakeholders, from software developers to protections designers, and for the security of all the citizens. In addition, we present a Proof of Concept (PoC) of a decision support system that automates the risk analysis methodology towards the protection of software applications. Despite being in an embryonic stage, the PoC proved during validation with industry experts that several aspects of the risk management process can already be formalized and that it is an excellent starting point for building an industrial-grade decision support system. CCS Concepts: • Security and privacy → Software security engineering; • Information systems → Decision support systems; • Software and its engineering → Risk management; Software reverse engineering; • General and reference → Computing standards, RFCs and guidelines.

show abstract