Home > Research > Publications & Outputs > Exploiting Code Diversity to Enhance Code Virtu...

Electronic data

  • ICPADS2018_paper_254

    Accepted author manuscript, 1 MB, PDF-document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

Exploiting Code Diversity to Enhance Code Virtualization Protection

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paper

Published
  • Chao Xue
  • Zhanyong Tang
  • Guixin Ye
  • Guanghui Li
  • Xiaoqing Gong
  • Wei Wang
  • Dingyi Fang
  • Zheng Wang
Close
Publication date11/12/2018
Host publication2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS)
PublisherIEEE
Pages620-627
Number of pages8
ISBN (Electronic)9781538673089
Original languageEnglish

Abstract

Code virtualization built upon virtual machine (VM)technologies is emerging as a viable method for implementing code obfuscation to protect programs against unauthorized analysis. State-of-the-art VM-based protection approaches use a fixed set of virtual instructions and bytecode interpreters across programs. This, however, exposes a security vulnerability where an experienced attacker can use knowledge extracted from other programs to quickly uncover the mapping between virtual instructions and native code for applications protected under the same scheme. In this paper, we propose a novel VM-based code obfuscation system to address this problem. The core idea of our approach is to obfuscate the mapping between the opcodes of bytecode instructions and their semantics. We achieve this by partitioning each protected code region into multiple segments where the mapping of opcodes and their semantics is randomized in different ways in different segments. In this way, each bytecode instruction will be translated into different native code in different sections of the obfuscated code. This significantly increases the diversity of the program behavior. As a result, the knowledge of bytecode to native code mappings obtained from other programs will be less useful when targeting a new program. We evaluate our approach on a set of real-world applications and compare it against two state-of-the-art VM-based code obfuscation approaches. Experimental results show that our approach is effective, which provides stronger protection with comparable runtime overhead and code size.