Abstract
A great deal of software is distributed in the form of executable code. The ability to reverse engineer such executables can create opportunities for theft of intellectual property via software piracy, as well as security breaches by allowing attackers to discover vulnerabilities in an application. The process of reverse engineering an executable program typically begins with disassembly, which translates machine code to assembly code. This is then followed by various decompilation steps that aim to recover higher-level abstractions from the assembly code. Most of the work to date on code obfuscation has focused on disrupting or confusing the de-compilation phase. This paper, by contrast, focuses on the initial disassembly phase. Our goal is to disrupt the static disassembly process so as to make programs harder to disassemble correctly. We describe two widely used static disassembly algorithms, and discuss techniques to thwart each of them. Experimental results indicate that significant portions of executables that have been obfuscated using our techniques are disassembled incorrectly, thereby showing the efficacy of our methods.
Original language | English (US) |
---|---|
Pages (from-to) | 290-299 |
Number of pages | 10 |
Journal | Proceedings of the ACM Conference on Computer and Communications Security |
DOIs | |
State | Published - 2003 |
Event | Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003 - Washington, DC, United States Duration: Oct 27 2003 → Oct 31 2003 |
Keywords
- Code obfuscation
- Disassembly
ASJC Scopus subject areas
- Software
- Computer Networks and Communications