A Security Model and Implementation of Embedded Software Based on Code Obfuscation

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) Pub Date : 2020-12-01 DOI:10.1109/TrustCom50675.2020.00222

Jiajia Yi, Lirong Chen, Haitao Zhang, Yun Li, Huanyu Zhao

{"title":"A Security Model and Implementation of Embedded Software Based on Code Obfuscation","authors":"Jiajia Yi, Lirong Chen, Haitao Zhang, Yun Li, Huanyu Zhao","doi":"10.1109/TrustCom50675.2020.00222","DOIUrl":null,"url":null,"abstract":"Current approaches for the security of embedded software mainly focused on some specific platforms. In this paper, a security model based on code obfuscation is applied to embedded software. A control flow flattening algorithm is used to implement an automated obfuscator, which obfuscates C code first, and does source-to-source conversions to protect software on different platforms. The effectiveness of code obfuscation is evaluated by a multi-level quantitative model proposed in this paper. Related experiments are carried out on the NUC140VE3CN board and MC9S12XEPIOOMAG board, which are typical hardware platforms used in the application domain of automotive. The result of experiments shows that for one thing, the quantitative value of the effectiveness of the obfuscated program is obviously higher than that of the original program, namely the strength for software to keep it from being reversed is greater, and the overhead of time and space is acceptable; for another, the efficiency of the evaluation model is also demonstrated.","PeriodicalId":221956,"journal":{"name":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom50675.2020.00222","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Current approaches for the security of embedded software mainly focused on some specific platforms. In this paper, a security model based on code obfuscation is applied to embedded software. A control flow flattening algorithm is used to implement an automated obfuscator, which obfuscates C code first, and does source-to-source conversions to protect software on different platforms. The effectiveness of code obfuscation is evaluated by a multi-level quantitative model proposed in this paper. Related experiments are carried out on the NUC140VE3CN board and MC9S12XEPIOOMAG board, which are typical hardware platforms used in the application domain of automotive. The result of experiments shows that for one thing, the quantitative value of the effectiveness of the obfuscated program is obviously higher than that of the original program, namely the strength for software to keep it from being reversed is greater, and the overhead of time and space is acceptable; for another, the efficiency of the evaluation model is also demonstrated.

查看原文本刊更多论文

基于代码混淆的嵌入式软件安全模型与实现

目前对嵌入式软件安全的研究主要集中在特定的平台上。本文将基于代码混淆的安全模型应用于嵌入式软件。控制流平坦化算法用于实现自动混淆器，它首先混淆C代码，然后进行源代码到源代码的转换，以保护不同平台上的软件。本文提出了一个多层次的定量模型来评估代码混淆的有效性。在汽车应用领域的典型硬件平台NUC140VE3CN板和MC9S12XEPIOOMAG板上进行了相关实验。实验结果表明:一方面，混淆后的程序有效性的定量值明显高于原程序，即软件防止其被反转的强度更大，时间和空间的开销是可以接受的;另一方面，也证明了评价模型的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

自引率

0.00%

发文量