Storing a Sparse Table with 0(1) Worst Case Access Time
Journal of the ACM (JACM)
Producing good code for the case statement
Software—Practice & Experience
Handbook of theoretical computer science (vol. A)
Communications of the ACM
Decompilation of binary programs
Software—Practice & Experience
Manufacturing cheap, resilient, and stealthy opaque constructs
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Software watermarking: models and dynamic embeddings
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Optimizing alpha executables on Windows NT with spike
Digital Technical Journal
Alto: a link-time optimizer for the Compaq alpha
Software—Practice & Experience
Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Recovery of jump table case statements from binary code
Science of Computer Programming - Special issue on program comprehension (IWPC '99)
Linkers and Loaders
Tamper Resistant Software: An Implementation
Proceedings of the First International Workshop on Information Hiding
Protection of Software-Based Survivability Mechanisms
DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
Extracting safe and precise control flow from binaries
RTCSA '00 Proceedings of the Seventh International Conference on Real-Time Systems and Applications
Breaking Abstractions and Unstructuring Data Structures
ICCL '98 Proceedings of the 1998 International Conference on Computer Languages
Disassembly of Executable Code Revisited
WCRE '02 Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE'02)
Software Tamper Resistance: Obstructing Static Analysis of Programs
Software Tamper Resistance: Obstructing Static Analysis of Programs
Dynamic path-based software watermarking
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
HOIST: a system for automatically deriving static analyzers for embedded systems
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Review and analysis of synthetic diversity for breaking monocultures
Proceedings of the 2004 ACM workshop on Rapid malcode
Hybrid static-dynamic attacks against software protection mechanisms
Proceedings of the 5th ACM workshop on Digital rights management
A Method for Detecting Obfuscated Calls in Malicious Binaries
IEEE Transactions on Software Engineering
LOCO: an interactive code (De)obfuscation tool
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks
IEEE Transactions on Dependable and Secure Computing
BIRD: Binary Interpretation using Runtime Disassembly
Proceedings of the International Symposium on Code Generation and Optimization
Practical analysis of stripped binary code
ACM SIGARCH Computer Architecture News - Special issue on the 2005 workshop on binary instrumentation and application
Architecture Support for 3D Obfuscation
IEEE Transactions on Computers
IBM Systems Journal
Proteus: virtualization for diversified tamper-resistance
Proceedings of the ACM workshop on Digital rights management
Diversify sensor nodes to improve resilience against node compromise
Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks
A semantics-based approach to malware detection
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Protecting against unexpected system calls
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Key evolution-based tamper resistance: a subgroup extension
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Proceedings of the 9th workshop on Multimedia & security
Program obfuscation: a quantitative approach
Proceedings of the 2007 ACM workshop on Quality of protection
Renovo: a hidden code extractor for packed executables
Proceedings of the 2007 ACM workshop on Recurring malcode
Using hypervisor to provide data secrecy for user applications on a per-page basis
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Towards self-propagate mal-packets in sensor networks
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Binary obfuscation using signals
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
Flashproxy: transparently enabling rich web content via remote execution
Proceedings of the 6th international conference on Mobile systems, applications, and services
A semantics-based approach to malware detection
ACM Transactions on Programming Languages and Systems (TOPLAS)
A hypervisor-based system for protecting software runtime memory and persistent storage
Proceedings of the 2008 Spring simulation multiconference
Jakstab: A Static Analysis Platform for Binaries
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
BinHunt: Automatically Finding Semantic Differences in Binary Programs
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Self-healing control flow protection in sensor applications
Proceedings of the second ACM conference on Wireless network security
A static API birthmark for Windows binary executables
Journal of Systems and Software
Instruction Set Limitation in Support of Software Diversity
Information Security and Cryptology --- ICISC 2008
Reconstructing a Packed DLL Binary for Static Analysis
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Application security code analysis: a step towards software assurance
International Journal of Information and Computer Security
Learning to analyze binary computer code
AAAI'08 Proceedings of the 23rd national conference on Artificial intelligence - Volume 2
Semantics-based code obfuscation by abstract interpretation
Journal of Computer Security
Control flow obfuscation with information flow tracking
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Context-sensitive analysis of obfuscated x86 executables
Proceedings of the 2010 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Efficient code diversification for network reprogramming in sensor networks
Proceedings of the third ACM conference on Wireless network security
binOb+: a framework for potent and stealthy binary obfuscation
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
A model for self-modifying code
IH'06 Proceedings of the 8th international conference on Information hiding
Obfuscation for cryptographic purposes
TCC'07 Proceedings of the 4th conference on Theory of cryptography
ACM SIGOPS Operating Systems Review
Improving the efficiency of dynamic malware analysis
Proceedings of the 2010 ACM Symposium on Applied Computing
Efficient and practical control flow monitoring for program security
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Remote entrusting by run-time software authentication
SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
Towards tamper resistant code encryption: practice and experience
ISPEC'08 Proceedings of the 4th international conference on Information security practice and experience
Simple dynamic key management in SQL randomization
NTMS'09 Proceedings of the 3rd international conference on New technologies, mobility and security
Learning more about the underground economy: a case-study of keyloggers and dropzones
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
N-version disassembly: differential testing of x86 disassemblers
Proceedings of the 19th international symposium on Software testing and analysis
Gross product simulation with pooling of linear and nonlinear regression models
Proceedings of the 6th International Workshop on Enterprise & Organizational Modeling and Simulation
Range and Set Abstraction using SAT
Electronic Notes in Theoretical Computer Science (ENTCS)
Conqueror: tamper-proof code execution on legacy systems
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Preventing illegal usage of mobile phone software
COMPSAC-W'05 Proceedings of the 29th annual international conference on Computer software and applications conference
Hybrid analysis and control of malware
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Heap Taichi: exploiting memory allocation granularity in heap-spraying attacks
Proceedings of the 26th Annual Computer Security Applications Conference
A secure and robust approach to software tamper resistance
IH'10 Proceedings of the 12th international conference on Information hiding
Misleading malware similarities analysis by automatic data structure obfuscation
ISC'10 Proceedings of the 13th international conference on Information security
Self destructive tamper response for software protection
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Thwarting real-time dynamic unpacking
Proceedings of the Fourth European Workshop on System Security
Mobile Agent Protection with Self-Modifying Code
Journal of Signal Processing Systems
Linear obfuscation to combat symbolic execution
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Code obfuscation against static and dynamic reverse engineering
IH'11 Proceedings of the 13th international conference on Information hiding
Multi-stage binary code obfuscation using improved virtual machine
ISC'11 Proceedings of the 14th international conference on Information security
Embedded software security through key-based control flow obfuscation
InfoSecHiComNet'11 Proceedings of the First international conference on Security aspects in information technology
Lightweight monitoring of the progress of remotely executing computations
LCPC'05 Proceedings of the 18th international conference on Languages and Compilers for Parallel Computing
Context-sensitive analysis without calling-context
Higher-Order and Symbolic Computation
An attack on SMC-based software protection
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Network–Level polymorphic shellcode detection using emulation
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Detecting self-mutating malware using control-flow graph matching
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Remote software-based attestation for wireless sensors
ESAS'05 Proceedings of the Second European conference on Security and Privacy in Ad-Hoc and Sensor Networks
A compiler-based approach to data security
CC'05 Proceedings of the 14th international conference on Compiler Construction
There's plenty of room at the bottom: analyzing and verifying machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Directed proof generation for machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Analyzing memory accesses in obfuscated x86 executables
DIMVA'05 Proceedings of the Second international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Self-validating branch-based software watermarking
IH'05 Proceedings of the 7th international conference on Information Hiding
Polymorphic worm detection using structural information of executables
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
A fast static analysis approach to detect exploit code inside network flows
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Using image steganography for decryptor distribution
OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I
Replacement attacks against VM-protected applications
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Towards better software tamper resistance
ISC'05 Proceedings of the 8th international conference on Information Security
Using purpose capturing signatures to defeat computer virus mutating
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
TIVA: trusted integrity verification architecture
DRMTICS'05 Proceedings of the First international conference on Digital Rights Management: technologies, Issues, Challenges and Systems
Opaque predicates detection by abstract interpretation
AMAST'06 Proceedings of the 11th international conference on Algebraic Methodology and Software Technology
A new view on normativeness in distributed reputation systems: beyond behavioral beliefs
AP2PC'05 Proceedings of the 4th international conference on Agents and Peer-to-Peer Computing
Securing agents against malicious host in an intrusion detection system
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Secure remote execution of sequential computations
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Instruction embedding for improved obfuscation
Proceedings of the 50th Annual Southeast Regional Conference
Automated identification of cryptographic primitives in binary programs
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Plagiarizing smartphone applications: attack strategies and defense techniques
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
A code morphing methodology to automate power analysis countermeasures
Proceedings of the 49th Annual Design Automation Conference
AutoDunt: dynamic latent dependence analysis for detection of zero day vulnerability
ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
On the concept of software obfuscation in computer security
ISC'07 Proceedings of the 10th international conference on Information Security
Feedback-driven binary code diversification
ACM Transactions on Architecture and Code Optimization (TACO) - Special Issue on High-Performance Embedded Architectures and Compilers
Down to the bare metal: using processor features for binary analysis
Proceedings of the 28th Annual Computer Security Applications Conference
Jarhead analysis and detection of malicious Java applets
Proceedings of the 28th Annual Computer Security Applications Conference
Software protection for dynamically-generated code
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
TSL: A System for Generating Abstract Interpreters and its Application to Machine-Code Analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
Zero-day malware detection based on supervised learning algorithms of API call signatures
AusDM '11 Proceedings of the Ninth Australasian Data Mining Conference - Volume 121
Detecting malicious behaviour using supervised learning algorithms of the function calls
International Journal of Electronic Security and Digital Forensics
Binary-code obfuscations in prevalent packer tools
ACM Computing Surveys (CSUR)
Proceedings of the 6th International Conference on Security of Information and Networks
Towards automatic software lineage inference
SEC'13 Proceedings of the 22nd USENIX conference on Security
Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014
RopSteg: program steganography with return oriented programming
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.00 |
A great deal of software is distributed in the form of executable code. The ability to reverse engineer such executables can create opportunities for theft of intellectual property via software piracy, as well as security breaches by allowing attackers to discover vulnerabilities in an application. The process of reverse engineering an executable program typically begins with disassembly, which translates machine code to assembly code. This is then followed by various decompilation steps that aim to recover higher-level abstractions from the assembly code. Most of the work to date on code obfuscation has focused on disrupting or confusing the decompilation phase. This paper, by contrast, focuses on the initial disassembly phase. Our goal is to disrupt the static disassembly process so as to make programs harder to disassemble correctly. We describe two widely used static disassembly algorithms, and discuss techniques to thwart each of them. Experimental results indicate that significant portions of executables that have been obfuscated using our techniques are disassembled incorrectly, thereby showing the efficacy of our methods.