TY - GEN
T1 - Symbolic execution of obfuscated code
AU - Yadegari, Babak
AU - Debray, Saumya
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/10/12
Y1 - 2015/10/12
N2 - Symbolic and concolic execution find important applications in a number of security-related program analyses, including analysis of malicious code. However, malicious code tend to very often be obfuscated, and current concolic analysis techniques have trouble dealing with some of these obfuscations, leading to imprecision and/or excessive resource usage. This paper discusses three such obfuscations: two of these are already found in obfuscation tools used by malware, while the third is a simple variation on an existing obfuscation technique. We show empirically that existing symbolic analyses are not robust against such obfuscations, and propose ways in which the problems can be mitigated using a combination of fine-grained bit-level taint analysis and architecture-aware constraint generations. Experimental results indicate that our approach is effective in allowing symbolic and concolic execution to handle such obfuscations.
AB - Symbolic and concolic execution find important applications in a number of security-related program analyses, including analysis of malicious code. However, malicious code tend to very often be obfuscated, and current concolic analysis techniques have trouble dealing with some of these obfuscations, leading to imprecision and/or excessive resource usage. This paper discusses three such obfuscations: two of these are already found in obfuscation tools used by malware, while the third is a simple variation on an existing obfuscation technique. We show empirically that existing symbolic analyses are not robust against such obfuscations, and propose ways in which the problems can be mitigated using a combination of fine-grained bit-level taint analysis and architecture-aware constraint generations. Experimental results indicate that our approach is effective in allowing symbolic and concolic execution to handle such obfuscations.
KW - Obfuscation
KW - Reverse engineering
KW - Symbolic execution
KW - Taint analysis
UR - http://www.scopus.com/inward/record.url?scp=84954093929&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84954093929&partnerID=8YFLogxK
U2 - 10.1145/2810103.2813663
DO - 10.1145/2810103.2813663
M3 - Conference contribution
AN - SCOPUS:84954093929
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 732
EP - 744
BT - CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
Y2 - 12 October 2015 through 16 October 2015
ER -