Control flow obfuscation with information flow tracking

Authors:
Haibo Chen;Liwei Yuan;Xi Wu;Binyu Zang;Bo Huang;Pen-chung Yew
Affiliations:
Fudan University;Fudan University;Fudan University;Fudan University;Intel China Software Center;University of Minnesota
Venue:
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Year:
2009

Citing 24
Cited 2

Decompilation of binary programs

Software—Practice & Experience
Manufacturing cheap, resilient, and stealthy opaque constructs

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Code red worm propagation modeling and analysis

Proceedings of the 9th ACM conference on Computer and communications security
Introducing the IA-64 Architecture

IEEE Micro
Protection of Software-Based Survivability Mechanisms

DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs

ISC '01 Proceedings of the 4th International Conference on Information Security
Experience with software watermarking

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Program slicing

ICSE '81 Proceedings of the 5th international conference on Software engineering
Obfuscation of executable code to improve resistance to static disassembly

Proceedings of the 10th ACM conference on Computer and communications security
Secure program execution via dynamic information flow tracking

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Minos: Control Data Attack Prevention Orthogonal to Memory Model

Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Control flow based obfuscation

Proceedings of the 5th ACM workshop on Digital rights management
Deobfuscation: Reverse Engineering Obfuscated Code

WCRE '05 Proceedings of the 12th Working Conference on Reverse Engineering
Software watermarking via opaque predicates: Implementation, analysis, and attacks

Electronic Commerce Research
Raksha: a flexible information flow architecture for software security

Proceedings of the 34th annual international symposium on Computer architecture
Statically detecting likely buffer overflow vulnerabilities

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Static disassembly of obfuscated binaries

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Understanding data lifetime via whole system simulation

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Software Protection through Anti-Debugging

IEEE Security and Privacy
Slicing obfuscations: design, correctness, and evaluation

Proceedings of the 2007 ACM workshop on Digital Rights Management
Understanding and visualizing full systems with data flow tomography

Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
Discoverer: automatic protocol reverse engineering from network traces

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Binary obfuscation using signals

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
From Speculation to Security: Practical and Efficient Information Flow Tracking Using Speculative Hardware

ISCA '08 Proceedings of the 35th Annual International Symposium on Computer Architecture

Security breaches as PMU deviation: detecting and identifying security attacks using performance counters

Proceedings of the Second Asia-Pacific Workshop on Systems
Hardware-enforced Protection against Software Reverse-Engineering based on an Instruction Set Encoding

Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recent micro-architectural research has proposed various schemes to enhance processors with additional tags to track various properties of a program. Such a technique, which is usually referred to as information flow tracking, has been widely applied to secure software execution (e.g., taint tracking), protect software privacy and improve performance (e.g., control speculation). In this paper, we propose a novel use of information flow tracking to obfuscate the whole control flow of a program with only modest performance degradation, to defeat malicious code injection, discourage software piracy and impede malware analysis. Specifically, we exploit two common features in information flow tracking: the architectural support for automatic propagation of tags and violation handling of tag misuses. Unlike other schemes that use tags as oracles to catch attacks (e.g., taint tracking) or speculation failures, we use the tags as flow-sensitive predicates to hide normal control flow transfers: the tags are used as predicates for control flow transfers to the violation handler, where the real control flow transfer happens. We have implemented a working prototype based on Itanium processors, by leveraging the hardware support for control speculation. Experimental results show that BOSH can obfuscate the whole control flow with only a mean of 26.7% (ranging from 4% to 59%) overhead on SPECINT2006. The increase in code size and compilation time is also modest.