Binary obfuscation using signals

Igor V. Popov, Saumya K. Debray, Gregory R. Andrews

Research output: Contribution to conferencePaperpeer-review

115 Scopus citations

Abstract

Reverse engineering of software is the process of recovering higher-level structure and meaning from a lower-level program representation. It can be used for legitimate purposes—e.g., to recover source code that has been lost—but it is often used for nefarious purposes, e.g., to search for security vulnerabilities in binaries or to steal intellectual property. This paper addresses the problem of making it hard to reverse engineering binary programs by making it difficult to disassemble machine code statically. Binaries are obfuscated by changing many control transfers into signals (traps) and inserting dummy control transfers and “junk” instructions after the signals. The resulting code is still a correct program, but even the best current disassemblers are unable to disassemble 40%–60% of the instructions in the program. Furthermore, the disassemblers have a mistaken understanding of over half of the control flow edges. However, the obfuscated program necessarily executes more slowly than the original. Experimental results quantify the degree of obfuscation, stealth of the code, and effects on execution time and code size.

Original languageEnglish (US)
Pages275-290
Number of pages16
StatePublished - 2007
Externally publishedYes
Event16th USENIX Security Symposium - Boston, United States
Duration: Aug 6 2007Aug 10 2007

Conference

Conference16th USENIX Security Symposium
Country/TerritoryUnited States
CityBoston
Period8/6/078/10/07

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Binary obfuscation using signals'. Together they form a unique fingerprint.

Cite this