Hybrid static-dynamic attacks against software protection mechanisms
Proceedings of the 5th ACM workshop on Digital rights management
LOCO: an interactive code (De)obfuscation tool
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Key evolution-based tamper resistance: a subgroup extension
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Program obfuscation: a quantitative approach
Proceedings of the 2007 ACM workshop on Quality of protection
Slicing obfuscations: design, correctness, and evaluation
Proceedings of the 2007 ACM workshop on Digital Rights Management
Towards experimental evaluation of code obfuscation techniques
Proceedings of the 4th ACM workshop on Quality of protection
Malware detection using adaptive data compression
Proceedings of the 1st ACM workshop on Workshop on AISec
A static API birthmark for Windows binary executables
Journal of Systems and Software
Analysis of Program Obfuscation Schemes with Variable Encoding Technique
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Application security code analysis: a step towards software assurance
International Journal of Information and Computer Security
Semantics-based code obfuscation by abstract interpretation
Journal of Computer Security
Control flow obfuscation with information flow tracking
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
A heuristic approach for detection of obfuscated malware
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
N-version disassembly: differential testing of x86 disassemblers
Proceedings of the 19th international symposium on Software testing and analysis
Detecting algorithms using dynamic analysis
Proceedings of the Ninth International Workshop on Dynamic Analysis
Deobfuscation of virtualization-obfuscated software: a semantics-based approach
Proceedings of the 18th ACM conference on Computer and communications security
Multi-stage binary code obfuscation using improved virtual machine
ISC'11 Proceedings of the 14th international conference on Information security
Replacement attacks against VM-protected applications
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Software protection for dynamically-generated code
PPREW '13 Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop
RAMC: runtime abstract memory context based plagiarism detection in binary code
Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication
Covert computation: hiding code in code for obfuscation purposes
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
DUET: integration of dynamic and static analyses for malware clustering with cluster ensembles
Proceedings of the 29th Annual Computer Security Applications Conference
MutantX-S: scalable malware clustering based on static features
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Proceedings of ACM SIGPLAN on Program Protection and Reverse Engineering Workshop 2014
Hi-index | 0.00 |
In recent years, code obfuscation has attracted attention as a low cost approach to improving software security by making it difficult for attackers to understand the inner workings of proprietary software systems. This paper examines techniques for automatic de-obfuscation of obfuscated programs, as a step towards reverse engineering such programs. Our results indicate that much of the effects of code obfuscation, designed to increase the difficulty of static analyses, can be defeated using simple combinations of straightforward static and dynamic analyses. Our results have applications to both software engineering and software security. In the context of software engineering, we show how dynamic analyses can be used to enhance reverse engineering, even for code that has been designed to be difficult to reverse engineer. For software security, our results serve as an attack model for code obfuscators, and can help with the development of obfuscation techniques that are more resilient to straightforward reverse engineering.