Mixed Obfuscation of Overlapping Instruction and Self-Modify Code Based on Hyper-Chaotic Opaque Predicates

Author

Xin Xie ; Fenlin Liu ; Bin Lu ; Fei Xiang

Author_Institution

State Key Lab. of Math. Eng. & Adv. Comput., Zhengzhou Inf. Sci. & Technol. Inst., Zhengzhou, China

fYear

2014

fDate

15-16 Nov. 2014

Firstpage

524

Lastpage

528

Abstract

Static disassembly is used to analyze program control flow that is the key process of reverse analysis. Aiming at the problem that attackers are always using static disassembly to analyze control transfer instructions and control flow graph, a mixed obfuscation of overlapping instruction and self-modify code based on hyper-chaotic opaque predicates is proposed, jump offsets in overlapping instructions and data offsets in self-modify code are constructed with opaque predicates. Control transfer instructions are modified into control transfer unrelated ones with the combination of characteristics of overlapping instruction and self-modify code. Experiments and analysis show that control flow graph can be obfuscated by mixed obfuscation due to the difficulty of hyper-chaotic opaque predicates for attackers to analyze.

Keywords

program control structures; safety-critical software; software engineering; code obfuscation; control flow graph; control transfer instructions; hyper-chaotic opaque predicates; program control flow analyze; reverse analysis; self-modify code; Chaos; Flow graphs; Resistance; Resists; Software; Watermarking; code obfuscation; hyper-chaotic opaque predicate; overlapping instruction; self-modify code;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence and Security (CIS), 2014 Tenth International Conference on

Conference_Location

Kunming

Print_ISBN

978-1-4799-7433-7

Type

conf

DOI

10.1109/CIS.2014.45

Filename

7016951