Probing the Limits of Virtualized Software Protection

Cazalas, Joshua; McDonald, J. Todd; Andel, Todd R.; Stakhanova, Natalia

doi:10.1145/2689702.2689707

Cited by 7 publications

(2 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deobfuscation of code virtualization: Automatic deobfuscation tools were proposed that could recover the original functionality [11], [28]. The traditional approaches are either static or dynamic analysis [27], [31].…”

Section: Related Work Obfuscator-llvm(ollvm)mentioning

confidence: 99%

Compile-time code virtualization for android applications

Zhao

Tang

et al. 2020

Computers & Security

View full text Add to dashboard Cite

show abstract

Section: Related Work Obfuscator-llvm(ollvm)mentioning

confidence: 99%

Compile-time code virtualization for android applications

Zhao

Tang

et al. 2020

Computers & Security

View full text Add to dashboard Cite

show abstract

“…VO intuitively reduces the comprehensibility of protected programs for attackers. VO can resists automated attacks imposing additional cost [4,7,13] at the perpetrator's end. For instance, the utilization of opaque predicates [17] or range dividers [6] can significantly hamper attacks based on symbolic execution [32].…”

Section: Virtualization Obfuscation (Vo)mentioning

confidence: 99%

VirtSC

Ahmadvand

Below

Bănescu

et al. 2019

Proceedings of the 3rd ACM Workshop on Software Protection

View full text Add to dashboard Cite

Self-checksumming (SC) is a tamper-proofing technique that ensures certain program segments (code) in memory hash to known values at runtime. SC has few restrictions on application and hence can protect a vast majority of programs. The code verification in SC requires computation of the expected hashes after compilation, as the machine-code is not known before. This means the expected hash values need to be adjusted in the binary executable, hence combining SC with other protections is limited due to this adjustment step. However, obfuscation protections are often necessary, as SC protections can be otherwise easily detected and disabled via pattern matching. In this paper, we present a layered protection using virtualization obfuscation, yielding an architecture-agnostic SC protection that requires no post-compilation adjustment. We evaluate the performance of our scheme using a dataset of 25 realworld programs (MiBench and 3 CLI games). Our results show that the SC scheme induces an average overhead of 43% for a complete protection (100% coverage). The overhead is tolerable for less CPUintensive programs (e.g. games) and when only parts of programs (e.g. license checking) are protected. However, large overheads stemming from the virtualization obfuscation were encountered. CCS CONCEPTS• Security and privacy → Software security engineering;

show abstract

Virtualization Technologies and Cloud Security: Advantages, Issues, and Perspectives

Pietro

Lombardi

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Probing the Limits of Virtualized Software Protection

Cited by 7 publications

References 25 publications

Compile-time code virtualization for android applications

Compile-time code virtualization for android applications

VirtSC

Virtualization Technologies and Cloud Security: Advantages, Issues, and Perspectives

Contact Info

Product

Resources

About