skip to main content
10.1145/3338503.3357722acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Epona and the Obfuscation Paradox: Transparent for Users and Developers, a Pain for Reversers

Published: 15 November 2019 Publication History

Abstract

Code obfuscation aims at protecting the intellectual property of applications delivered in an unmanaged environment. The process usually involves selecting and successively applying various transformation techniques, for instance at compile time, with the goal of providing a good trade-off between protection and performance. However, solving this problem is known to be very difficult as the selection of the assets to protect is application and context dependent, the number of transformation combinations can be overwhelming, and modeling the transformation combinations impact on performances can be tricky.
Obfuscators thus usually rely on some guidance from the users, but this displaces the responsibility of the protection quality on their shoulders. Some feedback about the effects of the transformations is then necessary for the users to be able to assess the requested protection.
Therefore, developing a code obfuscator amounts to solving several paradoxes: hiding code and data to the attacker vs. providing traceability for the user; helping balancing obfuscation quality vs. performance penalty; ensuring obfuscation diversity vs. ease of development and usage.
While developing the Epona obfuscator, we found out that several of these aspects concern the management of the flow of information in the obfuscator: external reporting to the user or verifying tools, and internal reporting between code transformations.
This paper presents the framework we set up to unify this management, and achieve the double challenge of facilitating the everyday experience of both Epona users and maintainers. Epona maintainers can now quickly develop new user-exposed high-level obfuscations, combining several existing basic obfuscation bricks, thus promoting protection diversity and limiting performance penalty by allowing to distinctively protect the newly produced code. In addition, this greatly enhances the feedback to the users, and eases our development of a verifying tool that checks some protection properties of the generated code at the user request.

References

[1]
L. Almagor, Keith D. Cooper, Alexander Grosul, Timothy J. Harvey, Steven W. Reeves, Devika Subramanian, Linda Torczon, and Todd Waterman. 2004. Finding Effective Compilation Sequences. In Proceedings of the 2004 ACM SIG-PLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES '04). ACM, New York, NY, USA, 231--239. https://doi.org/10.1145/997163.997196
[2]
Mehdi Amini, Corinne Ancourt, Fabien Coelho, Béatrice Creusillet, Serge Guelton, François Irigoin, Pierre Jouvelot, Ronan Keryell, and Pierre Villalon. 2011. PIPSIs not (only) Polyhedral Software, Adding GPU Code Generation in PIPS. In Firs tInternational Workshop on Polyhedral Compilation Techniques (IMPACT 2011) in conjonction with CGO 2011.
[3]
Sebastian Banescu, Christian Collberg, Vijay Ganesh, Zack Newsham, and Alexander Pretschner. 2016. Code Obfuscation Against Symbolic Execution Attacks. In Proceedings of the 32Nd Annual Conference on Computer Security Applications(ACSAC'16). ACM, New York, NY, USA, 189--200. https://doi.org/10.1145/2991079.2991114
[4]
Boaz Barak. 2016. Hopes, Fears, and Software Obfuscation. Commun. ACM59, 3(Feb. 2016), 88--96. https://doi.org/10.1145/2757276
[5]
Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, and Ke Yang. 2012. On the (Im)Possibility of Obfuscating Programs. J. ACM59, 2, Article 6 (May 2012), 48 pages. https://doi.org/10.1145/2160158.2160159
[6]
Cataldo Basile, Daniele Canavese, Leonardo Regano, Paolo Falcarin, and Bjorn De Sutter. 2019. A Meta-model for Software Protections and Reverse Engineering Attacks.Journal of Systems and Software150 (April 2019), 3--21. https://doi.org/10.1016/j.jss.2018.12.025
[7]
Christian Collberg, Clark Thomborson, and Douglas Low. 1997. A Taxonomy of Obfuscating Transformations. Technical Report 148. Department of Computer Sciences, The University of Auckland. http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborsonLow97a/index.html
[8]
Bruce Dang, Alexandre Gazet, Elias Bachaalany, and Sébastien Josse. 2014.Practical Reverse Engineering: X86, x64, ARM, Windows Kernel, Reversing Tools, andObfuscation(1st ed.). Wiley Publishing.
[9]
Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, and Brent Waters. 2013. Candidate Indistinguishability Obfuscation and Functional Encryption for All Circuits. In Proceedings of the 2013 IEEE 54th Annual Symposium on Foundations of Computer Science (FOCS '13). IEEE Computer Society, Washington,DC, USA, 40--49. https://doi.org/10.1109/FOCS.2013.13
[10]
Serge Guelton. 2011.Building Source-to-Source Compilers for Heterogeneous Targets. Ph. D. Dissertation. Mines Paris Tech.
[11]
Serge Guelton, Adrien Guinet, Pierrick Brunet, Juan Manuel Martinez Caamaño, Fabien Dagnat, and Nicolas Szlifierski. 2018. [Research Paper] Combining Obfus-cation and Optimizations in the Real World. In18th IEEE International Working Conference on Source Code Analysis and Manipulation, SCAM 2018, Madrid, Spain,September 23-24, 2018. 24--33. https://doi.org/10.1109/SCAM.2018.00010
[12]
Serge Guelton, Adrien Guinet, Pierrick Brunet, Juan Manuel Martinez, and Béatrice Creusillet. 2018. Gaining Fine-grain Control over Pass Management. Poster,2018 Bay Area LLVM Developers' Meeting.https://llvm.org/devmtg/2018-10/talk-abstracts.html#poster0
[13]
Kelly Heffner and Christian Collberg. 2004. The Obfuscation Executive. In Information Security, Kan Zhang and Yuliang Zheng (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 428--440.
[14]
Shohreh Hosseinzadeh, Sampsa Rauti, Samuel Laurén, Jari-Matti Mäkelä, Johannes Holvitie, Sami Hyrynsalmi, and Ville Leppänen. 2018. Diversification and Obfuscation Techniques for Software Security: A Systematic Literature Review. Information and Software Technology104 (2018), 72--93.https://doi.org/10.1016/j.infsof.2018.07.007
[15]
François Irigoin, Pierre Jouvelot, and Rémi Triolet. 1991. Semantical Interprocedural Parallelization: An Overview of the PIPS project. In ACM International Conference on Supercomputing. 144--151.
[16]
Timea László and Ádam K. Kiss. 2007. Obfuscating C++ Programs via Control Flow Flattening. In Proceedings of the 10th Symposium on Programming Languages and Software Tools (SPLST'07). 15--29.
[17]
Chris Lattner and Devang Patel. 2010. Extensible Metadata in LLVM IR. LLVMProject Blog. http://blog.llvm.org/2010/04/extensible-metadata-in-llvm-ir.html
[18]
Anirban Majumdar, Antoine Monsifrot, and Clark D. Thomborson. 2006. On Evaluating Obfuscatory Strength Of Alias-Based Transforms Using Static Analysis. In Proceedings of the 14th International Conference on Advanced Computing and Communication (ADCOM 2006). IEEE Computer Society.
[19]
Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. 2016. Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis? Comput. Surveys 49, 1 (28 7 2016). https://doi.org/10.1145/2886012
[20]
Clang Compiler User's Manual. 2019.Options to Emit OptimizationReports.http://clang.llvm.org/docs/UsersManual.html#options-to-emit-optimization-reports
[21]
Ilsun You and Kangbin Yim. 2010. Malware Obfuscation Techniques: A Brief Survey. In Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications (BWCCA'10). IEEE Computer Society, Washington, DC, USA, 297--300. https://doi.org/10.1109/BWCCA.2010.85
[22]
Yongxin Zhou, Alec Main, Yuan X. Gu, and Harold Johnson. 2007. Information Hiding in Software with Mixed Boolean-arithmetic Transforms. In Proceedings of the 8th International Conference on Information Security Applications (WISA'07). Springer-Verlag, Berlin, Heidelberg, 61--75. http://dl.acm.org/citation.cfm?id=1784964.1784971

Cited By

View all
  • (2024)Evaluation Methodologies in Software Protection ResearchACM Computing Surveys10.1145/3702314Online publication date: 2-Nov-2024
  • (2023)Simplifying Mixed Boolean-Arithmetic Obfuscation by Program Synthesis and Term RewritingProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623186(2351-2365)Online publication date: 15-Nov-2023
  • (2021)Zero Footprint Opaque Predicates: Synthesizing Opaque Predicates from Naturally Occurring InvariantsDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-030-80825-9_15(299-318)Online publication date: 9-Jul-2021

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SPRO'19: Proceedings of the 3rd ACM Workshop on Software Protection
November 2019
87 pages
ISBN:9781450368353
DOI:10.1145/3338503
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 November 2019

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. compilers
  2. obfuscation
  3. traceability

Qualifiers

  • Research-article

Conference

CCS '19
Sponsor:

Acceptance Rates

Overall Acceptance Rate 8 of 14 submissions, 57%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Evaluation Methodologies in Software Protection ResearchACM Computing Surveys10.1145/3702314Online publication date: 2-Nov-2024
  • (2023)Simplifying Mixed Boolean-Arithmetic Obfuscation by Program Synthesis and Term RewritingProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623186(2351-2365)Online publication date: 15-Nov-2023
  • (2021)Zero Footprint Opaque Predicates: Synthesizing Opaque Predicates from Naturally Occurring InvariantsDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-030-80825-9_15(299-318)Online publication date: 9-Jul-2021

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media