期刊文献+

基于符号执行和N-scope复杂度的代码混淆度量方法

Metrics for code obfuscation based on symbolic execution and N-scope complexity
下载PDF
导出
摘要 代码混淆可有效对抗逆向工程等各类MATE攻击威胁,作为攻击缓和性质的内生安全技术发展较为成熟,对代码混淆效果的合理度量具有重要价值。代码混淆度量研究相对较少,针对代码混淆弹性的度量方法与泛化性、实用性度量方法相对缺乏。符号执行技术广泛应用于反混淆攻击,其生成遍历程序完整路径输入测试集的难度可为混淆弹性度量提供参考,然而基于程序嵌套结构的对抗技术可显著降低符号执行效率,增加其混淆弹性参考误差。针对上述问题,提出结合符号执行技术和N-scope复杂度的代码混淆度量方法,该方法首先基于程序符号执行时间定义程序混淆弹性;其次提出适配符号执行的N-scope复杂度,定义程序混淆强度同时增强符号执行对多层嵌套结构程序的混淆弹性度量鲁棒性;进而提出结合动态分析与静态分析的混淆效果关联性分析,通过对程序进行符号执行与控制流图提取量化混淆效果。面向C程序构建了该度量方法的一种实现框架并验证,实验对3个公开程序集及其混淆后程序集约4000个程序进行混淆效果度量,度量结果表明,提出的度量方法在较好地刻画混淆效果的同时拥有一定的泛化能力与实用价值;模拟真实混淆应用场景给出了该度量方法的使用样例,为混淆技术使用人员提供有效的混淆技术度量与技术配置参考。 Code obfuscation has been well developed as mitigated endogenous security technology,to effectively resist MATE attacks(e.g.reverse engineering).And it also has important value for the reasonable metrics of code obfuscation effect.Since symbolic execution is widely used in anti-obfuscation attacks,metrics for code obfuscation resilience can refer to the efforts of generating input test set for executing all program paths.However,some adversarial techniques could reduce the symbol execution efficiency significantly based on the nested structure of the program and increase the error of the resilience reference.To solve the above problems,a metrics for code obfuscation was proposed based on symbolic execution and N-scope complexity.The obfuscation resilience was defined with symbolic execution time and obfuscation potency was defined based on the proposed N-scope complexity for better robustness in measuring the resilience of multi-nested structure programs.Furthermore,the correlation analysis of obfuscation effect was proposed and the effect was quantified by symbolic execution and control flow diagram extraction of programs.Over 4000 obfuscated programs from 3 open-sourced assemblies were evaluated with proposed metrics in the experiment,which indicated the generalization performance and practicality of the metrics.And an example of this metrics application was presented in a simulated obfuscation scenario which provided references of obfuscation technology metrics and obfuscation configuration for obfuscation users.
作者 肖玉强 郭云飞 王亚文 XIAO Yuqiang;GUO Yunfei;WANG Yawen(Information Engineering University,Zhengzhou 450001,China)
机构地区 信息工程大学
出处 《网络与信息安全学报》 2022年第6期123-134,共12页 Chinese Journal of Network and Information Security
基金 国家重点研发计划(2021YFB1006200,2021YFB1006201) 国家自然科学基金(62072467)。
关键词 代码混淆 混淆度量 符号执行 N-scope code obfuscation obfuscation metrics symbolic execution N-scope
  • 相关文献

参考文献2

二级参考文献22

  • 1Symantae. 2015 Internet Security Threat Report [OL]. [2014-07-06]. https://know, elq. symantec, com/LP=1542.
  • 2Barak B, Goldreich O, Impagliazzo R, et al. On the (ira) possibility of obfuscating programs [C] //Proc of Int Cryptology Conf(CRYPTO 2001). Berlin: Springer, 2001 1-18.
  • 3Falcarin P, Carlo S D, Cabutto A, et al. Exploiting code mobility for dynamic binary obfuscation [C] HProc of Internet Security (WorldCIS). Piscataway, NJ: IEEE, 2011:114-120.
  • 4Godefroid P, Levin M Y, Molnar D A. Automated whitebox fuzz testing [C] //Proc of the 16th Network and Distributed System Security Symp. Piseataway, NJ: IEEE, 2008: 151- 166.
  • 5Cadar C, Sen K. Symbolic execution for software testing: Three decades later[J]. Communications of the ACM, 2013, 56(2): 82-90.
  • 6Farooqui N, Schwan K, Yalamanchili S. Efficient instrumentation of GPGPU applications using information flow analysis and symbolic execution [C] //Proc of the 7th Workshop on General Purpose Processing Using GPUs. New York: ACM, 2014:19-27.
  • 7Bugrara S, gngler D. Redundant state detection for dynamic symbolic execulion [C] //Proc of the 21st USENIX Annual Technical Conf. Berkeley, CA: USENIX Association, 2013:199-211.
  • 8Brumley D, Hartwig C, I.iang Z, et al. Automatically identifying trigger-based behavior in malware, CMU- CS-07-105 [R]. Pittsburgh, PA: Carnegie Mellon University, 2007.
  • 9Caballero J, Johnson N M, MeCamant S, et al. Binary code extraction and interface identification for security applications, UCB/EECS-2009 133 [R]. Berkeley, CA: Department of Electrical Engineering and Computer Science, University of California, Berkeley, 2009.
  • 10Zeng J, Fu Y, Miller K A, et al. Obfuscation resilient binary code reuse through trace-oriented programming [C] //Proc of the 20th ACM SIGSAC Conf on Computer & Communications Security. New York: ACM, 2013:487-498.

共引文献8

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部