| With the continuous development of information technology,software market showing explosive growth.The security threats to software are becoming more and more serious,and the malicious reverse of software is an important aspect.Reverse engineering of software is the process of recovering higher-level structure and meaning from a lower-level program representation.It can be used for legitimate purposes—e.g.,to recover source code that has been lost—but it is often used for nefarious purposes,e.g.,to search for security vulnerabilities in binaries or to steal intellectual property.To raise the bar for adversaries to perform reverse engineering,plenty of work has been proposed to introduce obfuscation into the to-be-protected software.In this paper,we first analyze the principle and characteristics of disassembly and decompilation,and then analyze the limitations of existing obfuscation technology.We propose an obfuscation scheme for binaries based on Return Oriented Programming(ROP),which aims to serve as an efficient and deployable anti-reverse-engineering approach.The strength of our scheme derives from the fact that static analysis is typically insufficient to pinpoint target address of indirect control flow,our basic idea is to transform direct control flow to indirect control flow by changing basic block to gadget.We implement a tool,ROPOB,to achieve obfuscation in Commercial-off-the-Shelf(COTS)binaries,and test ROPOB with programs in SPEC2006.The results show that ROPOB can successfully transforms all identified direct control flow,without causing execution errors.The overhead is acceptable:the average performance overhead is less than 10%when obfuscation coverage is over 90%.Besides,ROPOB has better portability and deployment ability.It was implemented with static binary instrumentation. |
PDF Full Text Request