{"title":"COVER: Enhancing virtualization obfuscation through dynamic scheduling using flash controller-based secure module","authors":"","doi":"10.1016/j.cose.2024.104038","DOIUrl":null,"url":null,"abstract":"<div><p>Virtualization obfuscation is a very effective method used to protect programs from malicious analysis by obscuring their code. Due to the fixed scheduling structures, typical virtualization obfuscation schemes can be compromised by automated analysis tools. To enhance the protection strength of virtualization obfuscation, additional protection techniques of the virtualization structure have been proposed. However, previously proposed solutions incur significant performance overhead or require a strong assumption in software-protection techniques. We present COVER, a novel virtualization obfuscation technique in conjunction with the flash controller. COVER enhances the obfuscation and protects the secret parameters of the virtualization structure with a flash controller-based secure module. We implement a prototype of COVER and describe a prototype implementation of a flash controller-based secure module on a Solid State Drive (SSD). We demonstrate COVER’s efficacy against various code analysis methods, and evaluate COVER’s performance using a set of real-world applications. The evaluation results demonstrate that COVER effectively protects the secret parameters of the virtualization structure and increases the effort involved in deobfuscation. Compared with two commercial obfuscators, COVER provides additional protection strength without incurring significantly more overhead in terms of runtime and code size.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-08-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003432","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
Virtualization obfuscation is a very effective method used to protect programs from malicious analysis by obscuring their code. Due to the fixed scheduling structures, typical virtualization obfuscation schemes can be compromised by automated analysis tools. To enhance the protection strength of virtualization obfuscation, additional protection techniques of the virtualization structure have been proposed. However, previously proposed solutions incur significant performance overhead or require a strong assumption in software-protection techniques. We present COVER, a novel virtualization obfuscation technique in conjunction with the flash controller. COVER enhances the obfuscation and protects the secret parameters of the virtualization structure with a flash controller-based secure module. We implement a prototype of COVER and describe a prototype implementation of a flash controller-based secure module on a Solid State Drive (SSD). We demonstrate COVER’s efficacy against various code analysis methods, and evaluate COVER’s performance using a set of real-world applications. The evaluation results demonstrate that COVER effectively protects the secret parameters of the virtualization structure and increases the effort involved in deobfuscation. Compared with two commercial obfuscators, COVER provides additional protection strength without incurring significantly more overhead in terms of runtime and code size.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.