Obfuscation Code

14,000,000 Leading Edge Experts on the ideXlab platform

Scan Science and Technology

Contact Leading Edge Experts & Companies

Scan Science and Technology

Contact Leading Edge Experts & Companies

The Experts below are selected from a list of 57 Experts worldwide ranked by ideXlab platform

Antonella Santone - One of the best experts on this subject based on the ideXlab platform.

  • Code reordering Obfuscation technique detection by means of weak bisimulation
    Advanced Information Networking and Applications, 2020
    Co-Authors: Giuseppe Crincoli, Tiziano Marinaro, Fabio Martinelli, Francesco Mercaldo, Antonella Santone
    Abstract:

    As evidenced from current literature in software security, the current signature detection mechanisms can be easily evaded by attackers simply applying trivial Obfuscation techniques, usually with software engines able to automatically inject junk Code into malicious applications. In fact, the employment of Obfuscation Code techniques is adopted by attackers to generate several (undetected) variants of one malicious sample, making its signature obsolete. Considering that the signature definition is a laborious process manually performed by security analysts, in this paper we propose a method, exploiting weak bisimulation, to detect whether an Android application is modified by means of the Code reordering Obfuscation technique. We present an experimental analysis performed on a real-world data-set of Android applications (obfuscated and not obfuscated), reaching interesting results in the Code reordering Obfuscation technique detection.

  • AINA - Code Reordering Obfuscation Technique Detection by Means of Weak Bisimulation.
    Advanced Information Networking and Applications, 2020
    Co-Authors: Giuseppe Crincoli, Tiziano Marinaro, Fabio Martinelli, Francesco Mercaldo, Antonella Santone
    Abstract:

    As evidenced from current literature in software security, the current signature detection mechanisms can be easily evaded by attackers simply applying trivial Obfuscation techniques, usually with software engines able to automatically inject junk Code into malicious applications. In fact, the employment of Obfuscation Code techniques is adopted by attackers to generate several (undetected) variants of one malicious sample, making its signature obsolete. Considering that the signature definition is a laborious process manually performed by security analysts, in this paper we propose a method, exploiting weak bisimulation, to detect whether an Android application is modified by means of the Code reordering Obfuscation technique. We present an experimental analysis performed on a real-world data-set of Android applications (obfuscated and not obfuscated), reaching interesting results in the Code reordering Obfuscation technique detection.

Guy Gogniat - One of the best experts on this subject based on the ideXlab platform.

  • Transient Key-based Obfuscation for HLS in an Untrusted Cloud Environment
    2019
    Co-Authors: Hannah Badier, Jean-christophe Le Lann, Philippe Coussy, Guy Gogniat
    Abstract:

    Recent advances in cloud computing have led to the advent of Business-to-Business Software as a Service (SaaS) solutions, opening new opportunities for EDA. High-Level Synthesis (HLS) in the cloud is likely to offer great opportunities to hardware design companies. However, these companies are still reluctant to make such a transition, due to the new risks of Behavioral Intellectual Property (BIP) theft that a cloud-based solution presents. In this paper, we introduce a key-based Obfuscation approach to protect BIPs during cloud-based HLS. The source-to-source transformations we propose hide functionality and make normal behavior dependent on a series of input keys. In our process, the Obfuscation is transient: once an obfuscated BIP is synthesized through HLS by a service provider in the cloud, the Obfuscation Code can only be removed at Register Transfer Level (RTL) by the design company that owns the correct Obfuscation keys. Original functionality is thus restored and design overhead is kept at a minimum. Our method significantly increases the level of security of cloud-based HLS at low performance overhead. The average area overhead after Obfuscation and subsequent de-Obfuscation with tests performed on ASIC and FPGA is 0.39%, and over 95% of our tests had an area overhead under 5%.

  • DATE - Transient Key-based Obfuscation for HLS in an Untrusted Cloud Environment
    2019 Design Automation & Test in Europe Conference & Exhibition (DATE), 2019
    Co-Authors: Hannah Badier, Jean-christophe Le Lann, Philippe Coussy, Guy Gogniat
    Abstract:

    Recent advances in cloud computing have led to the advent of Business-to-Business Software as a Service (SaaS) solutions, opening new opportunities for EDA. High-Level Synthesis (HLS) in the cloud is likely to offer great opportunities to hardware design companies. However, these companies are still reluctant to make such a transition, due to the new risks of Behavioral Intellectual Property (BIP) theft that a cloud-based solution presents. In this paper, we introduce a key-based Obfuscation approach to protect BIPs during cloud-based HLS. The source-to-source transformations we propose hide functionality and make normal behavior dependent on a series of input keys. In our process, the Obfuscation is transient: once an obfuscated BIP is synthesized through HLS by a service provider in the cloud, the Obfuscation Code can only be removed at Register Transfer Level (RTL) by the design company that owns the correct Obfuscation keys. Original functionality is thus restored and design overhead is kept at a minimum. Our method significantly increases the level of security of cloud-based HLS at low performance overhead. The average area overhead after Obfuscation and subsequent de-Obfuscation with tests performed on ASIC and FPGA is 0.39%, and over 95% of our tests had an area overhead under 5%.

Tho Quan - One of the best experts on this subject based on the ideXlab platform.

  • a memory based abstraction approach to handle Obfuscation in polymorphic virus
    Asia-Pacific Software Engineering Conference, 2012
    Co-Authors: Binh Nguyen, Binh T Ngo, Tho Quan
    Abstract:

    This paper describes a PhD proposal aiming at dealing with Obfuscation in polymorphic virus. The major characteristic of polymorphic virus is the capability of infinitely self-modifying when infecting victim programs. It makes the traditional signature-based virus detection technique ineffective since this approach needs to collect all of signature instances. A recent emerging approach to counter this problem is abstracting the program from binary level, then extracting an abstracted model for further analysis. The most common model to be extracted is perhaps the control flow graph (CFG) of the binary program. However, this control-based abstraction approach is currently suffering from some advanced Obfuscation techniques which change not only the signatures but also modify significantly the control flow of the programs. Thus, the control analysis will become quickly too complicated. Hence, we propose a novel approach of abstracting the binary Code based on memory states. This approach allows us to detect useless instructions which are part of Obfuscation Code. Moreover, for the next step, our approach can be extended as new efficient technique for virus detection based on common abstracted pattern.

  • APSEC Workshops - A Memory-Based Abstraction Approach to Handle Obfuscation in Polymorphic Virus
    2012 19th Asia-Pacific Software Engineering Conference, 2012
    Co-Authors: Binh Nguyen, Binh T Ngo, Tho Quan
    Abstract:

    This paper describes a PhD proposal aiming at dealing with Obfuscation in polymorphic virus. The major characteristic of polymorphic virus is the capability of infinitely self-modifying when infecting victim programs. It makes the traditional signature-based virus detection technique ineffective since this approach needs to collect all of signature instances. A recent emerging approach to counter this problem is abstracting the program from binary level, then extracting an abstracted model for further analysis. The most common model to be extracted is perhaps the control flow graph (CFG) of the binary program. However, this control-based abstraction approach is currently suffering from some advanced Obfuscation techniques which change not only the signatures but also modify significantly the control flow of the programs. Thus, the control analysis will become quickly too complicated. Hence, we propose a novel approach of abstracting the binary Code based on memory states. This approach allows us to detect useless instructions which are part of Obfuscation Code. Moreover, for the next step, our approach can be extended as new efficient technique for virus detection based on common abstracted pattern.

Giuseppe Crincoli - One of the best experts on this subject based on the ideXlab platform.

  • Code reordering Obfuscation technique detection by means of weak bisimulation
    Advanced Information Networking and Applications, 2020
    Co-Authors: Giuseppe Crincoli, Tiziano Marinaro, Fabio Martinelli, Francesco Mercaldo, Antonella Santone
    Abstract:

    As evidenced from current literature in software security, the current signature detection mechanisms can be easily evaded by attackers simply applying trivial Obfuscation techniques, usually with software engines able to automatically inject junk Code into malicious applications. In fact, the employment of Obfuscation Code techniques is adopted by attackers to generate several (undetected) variants of one malicious sample, making its signature obsolete. Considering that the signature definition is a laborious process manually performed by security analysts, in this paper we propose a method, exploiting weak bisimulation, to detect whether an Android application is modified by means of the Code reordering Obfuscation technique. We present an experimental analysis performed on a real-world data-set of Android applications (obfuscated and not obfuscated), reaching interesting results in the Code reordering Obfuscation technique detection.

  • AINA - Code Reordering Obfuscation Technique Detection by Means of Weak Bisimulation.
    Advanced Information Networking and Applications, 2020
    Co-Authors: Giuseppe Crincoli, Tiziano Marinaro, Fabio Martinelli, Francesco Mercaldo, Antonella Santone
    Abstract:

    As evidenced from current literature in software security, the current signature detection mechanisms can be easily evaded by attackers simply applying trivial Obfuscation techniques, usually with software engines able to automatically inject junk Code into malicious applications. In fact, the employment of Obfuscation Code techniques is adopted by attackers to generate several (undetected) variants of one malicious sample, making its signature obsolete. Considering that the signature definition is a laborious process manually performed by security analysts, in this paper we propose a method, exploiting weak bisimulation, to detect whether an Android application is modified by means of the Code reordering Obfuscation technique. We present an experimental analysis performed on a real-world data-set of Android applications (obfuscated and not obfuscated), reaching interesting results in the Code reordering Obfuscation technique detection.

Quan Thanh Tho - One of the best experts on this subject based on the ideXlab platform.

  • FPS - Obfuscation Code Localization Based on CFG Generation of Malware
    Foundations and Practice of Security, 2016
    Co-Authors: Nguyen Minh Hai, Mizuhito Ogawa, Quan Thanh Tho
    Abstract:

    This paper presents a tool BE-PUM (Binary Emulator for PUshdown Model generation), which generates a precise control flow graph (CFG), under presence of typical Obfuscation techniques of malware, e.g., indirect jump, self-modification, overlapping instructions, and structured exception handler (SEH), which cover packers. Experiments are performed on 2000 real-world malware examples taken from VX Heaven and compare the results of a popular commercial disassembler IDA Pro, a state-of-the-art tool JakStab, and BE-PUM. It shows that BE-PUM correctly traces CFGs, whereas IDA Pro and JakStab fail. By manual inspection on 300 malware examples, we also observe that the starts of these failures exactly locate the entries of Obfuscation Code.

  • Obfuscation Code localization based on cfg generation of malware
    Foundations and Practice of Security, 2015
    Co-Authors: Nguyen Minh Hai, Mizuhito Ogawa, Quan Thanh Tho
    Abstract:

    This paper presents a tool BE-PUM (Binary Emulator for PUshdown Model generation), which generates a precise control flow graph (CFG), under presence of typical Obfuscation techniques of malware, e.g., indirect jump, self-modification, overlapping instructions, and structured exception handler (SEH), which cover packers. Experiments are performed on 2000 real-world malware examples taken from VX Heaven and compare the results of a popular commercial disassembler IDA Pro, a state-of-the-art tool JakStab, and BE-PUM. It shows that BE-PUM correctly traces CFGs, whereas IDA Pro and JakStab fail. By manual inspection on 300 malware examples, we also observe that the starts of these failures exactly locate the entries of Obfuscation Code.