On-stack replacement to improve JIT-based obfuscation a preliminary study

Abstract

As more devices are connecting together, more effective security techniques are needed to protect running software from hackers. One possible security technique is to continuously change the binary code running of given software by recompiling it on the fly. This switching need to be done frequently, quickly, and randomly, not constrained by specific locations in code, to make it difficult for the hacker to track the behavior of the running code or predict its functionality. In our research we are working on a technique that recompiles speculatively and concurrently with current execution, and switches to the new compiled version dynamically, at arbitrary points. This paper presents an early analytical study augmented by experimental analysis on manually applying this technique on simple kernels, to study the concept in comparison with other similar techniques.