Abstract
Obfuscation is an important technique to protect software from adversary analysis. Control flow obfuscation effectively prevents attackers from understanding the program structure, hence impeding a broad set of reverse engineering efforts. In this paper, we propose a novel control flow obfuscation method which employs Turing machines to simulate the computation of branch conditions. By weaving the original program with Turing machine components, program control flow graph and call graph can become much more complicated. In addition, due to the runtime computation complexity of a Turing machine, program execution flow would be highly obfuscated and become resilient to advanced reverse engineering approaches via symbolic execution and concolic testing.
We have implemented a prototype tool for Turing obfuscation. Comparing with previous work, our control flow obfuscation technique delivers three distinct advantages. (1) Complexity: the complicated structure of a Turing machine makes it difficult for attackers to understand the program control flow. (2) Universality: Turing machines can encode any computation and hence applicable to obfuscate any program component. (3) Resiliency: Turing machine brings in complex execution model, which is shown to withstand automated reverse engineering efforts. Our evaluation obfuscates control flow predicates of two widely-used applications, and the experimental results show that the proposed technique can obfuscate programs in stealth with good performance and robustness.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Please refer to an extended version of this paper for more implementation details [25].
References
bzip2 (2017). http://www.bzip.org
IDA (2017). https://www.hex-rays.com/products/ida/
Klee sample (2017). http://klee.github.io/tutorials/testing-function/
slre (2017). https://github.com/cesanta/slre
Cadar, C., Dunbar, D., Engler, D.R., et al.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of 8th USENIX Conference on Operating Systems Design and Implementation (OSDI 2008), pp. 209–224 (2008)
Cadar, C., Ganesh, V., Pawlowski, P.M., Dill, D.L., Engler, D.R.: Exe: automatically generating inputs of death. In: Proceedings of 13th ACM Conference on Computer and Communications Security, CCS 2006 (2006)
Chen, H., Yuan, L., Wu, X., Zang, B., Huang, B., Yew, P.-C.: Control flow obfuscation with information flow tracking. In: Proceedings of 42nd Annual IEEE/ACM International Symposium on Microarchitecture (Micro 2009), pp. 391–400 (2009)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1998), pp. 184–196 (1998)
Copeland, B.J.: The church-turing thesis. Stanford encyclopedia of philosophy (2002)
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. In: Proceedings of 2013 IEEE 54th Annual Symposium on Foundations of Computer Science, FOCS 2013 (2013)
Godefroid, P., Levin, M.Y., Molnar, D.: Automated whitebox fuzz testing. In: Proceedings of 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (2008)
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
Lan, P., Wang, P., Wang, P., Wu, D.: Lambda obfuscation. In: Proceedings of 13th EAI International Conference on Security and Privacy in Communication Networks (SECURECOMM 2017) (2017)
Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: Proceedings of International Symposium on Code Generation and Optimization (CGO 2004), pp. 75–86, March 2004
Ma, H., Li, R., Yu, X., Jia, C., Gao, D.: Integrated software fingerprinting via neural-network-based control flow obfuscation. IEEE Trans. Inf. Forensics Secur. 11(10), 2322–2337 (2016)
Ma, H., Ma, X., Liu, W., Huang, Z., Gao, D., Jia, C.: Control flow obfuscation using neural network to fight concolic testing. In: Proceedings of 10th International Conference on Security and Privacy in Communication Networks (SECURECOMM 2014), pp. 287–304 (2014)
McCabe, T.J.: A complexity measure. IEEE Trans. Softw. Eng. SE–2(4), 308–320 (1976)
Popov, I.V., Debray, S.K., Andrews, G.R.: Binary obfuscation using signals. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (USENIX Security 2007) (2007)
Sen, K., Agha, G.: CUTE and jCUTE: concolic unit testing and explicit path model-checking tools. In: Proceedings of 18th International Conference on Computer Aided Verification, CAV 2006 (2006)
Sen, K., Marinov, D., Agha, G.: Cute: a concolic unit testing engine for C. In: Proceedings of 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE 2013), pp. 263–272 (2005)
Sharif, M.I., Lanzi, A., Giffin, J.T., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: Proceedings of 15th Annual Network and Distributed System Security Symposium (NDSS 2008) (2008)
SingleTape: Turing machine (2017). http://turingmaschine.klickagent.ch/
Wang, P., Wang, S., Ming, J., Jiang, Y., Wu, D.: Translingual obfuscation. In: Proceedings of 2016 IEEE European Symposium on Security and Privacy (EuroS&P 2016), pp. 128–144 (2016)
Wang, S., Wang, P., Wu, D.: Composite software diversification. In: Proceedings of 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME 2017) (2017)
Wang, Y.: Obfuscation with Turing machine. Master’s thesis, The Pennsylvania State University (2017)
Wang, Z., Jia, C., Liu, M., Yu, X.: Branch obfuscation using code mobility and signal. In: Proceedings of 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops (COMPSACW 2012), pp. 553–558 (2012)
Wang, Z., Ming, J., Jia, C., Gao, D.: Linear obfuscation to combat symbolic execution. In: Proceedings of 16th European Conference on Research in Computer Security, pp. 210–226 (2011)
Woodward, M.R., Hennell, M.A., Hedley, D.: A measure of control flow complexity in program text. IEEE Trans. Softw. Eng. 5(1), 45–50 (1979)
Xu, D., Ming, J., Wu, D.: Generalized dynamic opaque predicates: a new control flow obfuscation method. In: Proceedings of 19th Information Security Conference (ISC 2016), pp. 323–342 (2016)
Acknowledgment
We thank the anonymous reviewers for their valuable feedback. This research was supported in part by the National Science Foundation (NSF) under grant CNS-1652790, and the Office of Naval Research (ONR) under grants N00014-13-1-0175, N00014-16-1-2265, and N00014-16-1-2912.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Wang, Y., Wang, S., Wang, P., Wu, D. (2018). Turing Obfuscation. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 238. Springer, Cham. https://doi.org/10.1007/978-3-319-78813-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-78813-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78812-8
Online ISBN: 978-3-319-78813-5
eBook Packages: Computer ScienceComputer Science (R0)