数据污染和混淆:提高错误污染的可信性

2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM) Pub Date : 2015-09-01 DOI:10.1109/SCAM.2015.7335407

Sandrine Blazy, Stéphanie Riaud, Thomas Sirvent

{"title":"数据污染和混淆:提高错误污染的可信性","authors":"Sandrine Blazy, Stéphanie Riaud, Thomas Sirvent","doi":"10.1109/SCAM.2015.7335407","DOIUrl":null,"url":null,"abstract":"Code obfuscation is designed to impede the reverse engineering of a binary software. Dynamic data tainting is an analysis technique used to identify dependencies between data in a software. Performing dynamic data tainting on obfuscated software usually yields hard to exploit results, due to over-tainted data. Such results are clearly identifiable as useless: an attacker will immediately discard them and opt for an alternative tool. In this paper, we present a code transformation technique meant to prevent the identification of useless results: a few lines of code are inserted in the obfuscated software, so that the results obtained by the dynamic data tainting approach appear acceptable. These results remain however wrong and lead an attacker to waste enough time and resources trying to analyze incorrect data dependencies, so that he will usually decide to use less automated and advanced analysis techniques, and maybe give up reverse engineering the current binary software. This improves the security of the software against malicious analysis.","PeriodicalId":192232,"journal":{"name":"2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM)","volume":"114 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Data tainting and obfuscation: Improving plausibility of incorrect taint\",\"authors\":\"Sandrine Blazy, Stéphanie Riaud, Thomas Sirvent\",\"doi\":\"10.1109/SCAM.2015.7335407\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Code obfuscation is designed to impede the reverse engineering of a binary software. Dynamic data tainting is an analysis technique used to identify dependencies between data in a software. Performing dynamic data tainting on obfuscated software usually yields hard to exploit results, due to over-tainted data. Such results are clearly identifiable as useless: an attacker will immediately discard them and opt for an alternative tool. In this paper, we present a code transformation technique meant to prevent the identification of useless results: a few lines of code are inserted in the obfuscated software, so that the results obtained by the dynamic data tainting approach appear acceptable. These results remain however wrong and lead an attacker to waste enough time and resources trying to analyze incorrect data dependencies, so that he will usually decide to use less automated and advanced analysis techniques, and maybe give up reverse engineering the current binary software. This improves the security of the software against malicious analysis.\",\"PeriodicalId\":192232,\"journal\":{\"name\":\"2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM)\",\"volume\":\"114 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SCAM.2015.7335407\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SCAM.2015.7335407","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

代码混淆的目的是阻止二进制软件的逆向工程。动态数据污染是一种用于识别软件中数据之间依赖关系的分析技术。由于过度污染的数据，在混淆的软件上执行动态数据污染通常会产生难以利用的结果。这样的结果显然是无用的:攻击者将立即丢弃它们并选择替代工具。在本文中，我们提出了一种代码转换技术，旨在防止识别无用的结果:在混淆的软件中插入几行代码，使动态数据污染方法获得的结果看起来可以接受。然而，这些结果仍然是错误的，并且导致攻击者浪费了足够的时间和资源来分析错误的数据依赖关系，因此他通常会决定使用较少自动化和高级分析技术，并且可能放弃对当前二进制软件进行逆向工程。这提高了软件的安全性，防止恶意分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Data tainting and obfuscation: Improving plausibility of incorrect taint

Code obfuscation is designed to impede the reverse engineering of a binary software. Dynamic data tainting is an analysis technique used to identify dependencies between data in a software. Performing dynamic data tainting on obfuscated software usually yields hard to exploit results, due to over-tainted data. Such results are clearly identifiable as useless: an attacker will immediately discard them and opt for an alternative tool. In this paper, we present a code transformation technique meant to prevent the identification of useless results: a few lines of code are inserted in the obfuscated software, so that the results obtained by the dynamic data tainting approach appear acceptable. These results remain however wrong and lead an attacker to waste enough time and resources trying to analyze incorrect data dependencies, so that he will usually decide to use less automated and advanced analysis techniques, and maybe give up reverse engineering the current binary software. This improves the security of the software against malicious analysis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM)

自引率

0.00%

发文量