skip to main content
10.1145/3659211.3659272acmotherconferencesArticle/Chapter ViewAbstractPublication PagesbdeimConference Proceedingsconference-collections
research-article

Research on Improved OLLVM Based on Code Rearrangement Architecture

Published: 29 May 2024 Publication History

Abstract

Code obfuscation increases the difficulty of reverse engineering software and devices, improves the security of software and devices, and also prevents governments, enterprises, and socially important groups from the loss of information leakage. In recent years, with the continuous rise of LLVM architecture, OLLVM obfuscation solves cross-platform code obfuscation while increasing the difficulty of reverse engineering. for OLLVM obfuscation, we propose an improvement scheme for OLLVM obfuscation, which improves the degree of obfuscation of OLLVM and increases the difficulty of reverse engineering of software and device source code. Firstly, we propose an obfuscation scheme for code rearrangement; secondly, for control flow obfuscation, we propose an improvement scheme for NOLLVM control flow obfuscation and add an enhancement obfuscation module to increase the obfuscation capability of OLLVM, and lastly, the obfuscation effect of the code rearrangement scheme and the enhancement effect of the control flow obfuscation improvement module are verified through experiments and verified to improve the software and device source codes' Security.

References

[1]
J. V. d. Broeck, B. Coppens, and B. D. J. A. Sutter. "Flexible Software Protection"[J], 2020, vol. abs/2012.12603.
[2]
B. Abrath, B. Coppens, S. Volckaert B. D. J. P. o. t. t. W. o. S. Sutter, Protection, and R. Engineering[J]. "Tightly-coupled self-debugging software protection", 2016.
[3]
Sebastian Banescu and Alexander Pretschner. chapter Five-A Tutorial on Software[J]. Obfuscation, Advances in Computers. Technische Universität München. Volume 108, 2018, Pages 283-353.
[4]
S Motavalli. (1985) IEEE Transactions on Systems, Man, and Cybernetics. The University of Alabama in Birmingham, 1985, Volume, SMC-15, Issue: 2.
[5]
Chandan Kumar Behera, and D. Lalitha Bhaskar. Different Obfuscation Techniques for Code Protection[C]. Procedia Computer Science, 2015, Volume 70, 2015, Pages 757-763
[6]
Sebastian Schrittwieser and Stefan Katzenbeisser. Information Hiding, Vienna University of Technology, Austria, 2011, pp 270-284
[7]
Savio Antony Sebastian, Saurabh Malgaonkar and Paulami Shah. A study & review on code obfuscation[C]. 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare. Mukesh Patel School of Technology Management & Engineering, 2016.
[8]
Chris Lattner and Vikram Adve. LLVM: A Compilation Framework for Lifelong Program Analysis and Transformation [C]. Lifelong Program Analysis & Transformation. university of Illinois at Urbana-Champaign, 2004, 0-7695-2102-9.
[9]
Jianzhou Zhao, Santosh Nagarakatte, and Milo M.K. Martin. Formalizing the LLVM intermediate representation for verified program transformations. The 39th annual ACM SIGPLAN-SIGACT Symposium on Principles[C]. University of Pennsylvania, 2012, Pages 427-440.
[10]
Trevor L. McDonell, Manuel M. T. Chakravarty, and Vinod Grover. Type-safe Runtime Code Generation: Accelerate to LLVM.ACM SIGPLAN Notices[C]. Utrecht University, 2020, 50(12):201-212.
[11]
Zhou Hongwei, Zhang Yuchen, Qie Guanlin Transform: Complicating Control Flow by Inserting Confusion Instructions[C]. 2020 IEEE 3rd International Conference on Automation, Electronics and Electrical Engineering, 2021, 20-22 November 2020.
[12]
LLVM 16.0.6. (2023-6-14). https://github.com/llvm/llvm-project/releases, 2023.
[13]
LLVM17.0.3. (2023-10-17). https://github.com/llvm/llvm-project/releases/tag/llvmorg-17.0.3, 2023.
[14]
ollvm4.0. (2022-4-27). https://github.com/alax-mx/ollvm4.0, 2022.
[15]
D.E. Bakken, R. Rarameswaran and R. Rarameswaran l. Data obfuscation: anonymity and desensitization of usable data sets.IEEE Security & Privacy[C]. IEEE Security & Privacy, 2004, Volume: 2, Issue: 6, Nov.-Dec.
[16]
Ilsun You, Kangbin Yim Malware Obfuscation Techniques: A Brief Survey, 2010 International Conference on Broadband, Wireless Computing[C]. Communication and Applications. Korean Bible University, 2010, 04-06 November 2010.
[17]
C. Iwendi "KeySplitWatermark: Zero Watermarking Algorithm for Software Protection Against Cyber-Attacks,", 2020, vol. 8, pp. 72650-72660.
[18]
Shohreh Hosseinzadeh, Shohreh Hosseinzadeh and Samuel Laurén Diversification and obfuscation techniques for software security: a systematic literature review[J]. Information and Software Technology, 2018, Volume 104, Pages 72-93.
[19]
Arini Balakrishnan and Chloe SchulzeCode. Obfuscation Literature Survey[C].CS701 Construction of Compilers, University of Wisconsin, 2005.
[20]
Gerardo Canfora, Andrea Di Sorbo and Francesco Mercald Obfuscation Techniques against Signature-Based Detection: a Case Study[C]. Department of Engineering, 2015 Mobile Systems Technologies Workshop (MST), University of Sannio, Benevento, Italy, 2015, 22-22 May 2015.
[21]
P. Junod, J. Rinaldini, J. Wehrli, and J. Michielin. "Obfuscator-LLVM - Software Protection for the Masses," (in English). 2015 Ieee/Acm 1st International Workshop on Software Protection (Spro), 2015, pp. 3-9.
[22]
C. Collberg, C. Thompson, and D. Low. A taxonomy of obfuscating transformations [J]. Department of Computer Science, The University of Auckland, 1997, 1173-3500.
[23]
Pan Yan, Zhu Yuefei, Lin Wei. Code obfuscation method based on instruction exchange [J]. Journal of Software, 2019, 30(6):1778-1792. (PAN Y, ZHU Y F, LIN W. Code obfuscation based on instructions swapping [J]. Journal of Software, 2019, 30(6):1778-1792. (PAN Y, ZHU Y F, LIN W. Code obfuscation based on instructions swapping [J]. Journal of Software, 2019, 30(6):1778-1792.)
[24]
eShard. d810 [EB/OL], 2021, https: //gitlab. com/shard/d810.
[25]
Xinlei Yao, Jianmin Pang, Yichi Zhang, A Method and Implementation of Control Flow Obfuscation Using SHE[C]. 2012 Fourth International Conference on Multimedia Information Networking and Security.National Digital Switching System Engineering and National Digital Switching System Engineering and Technological R&D Centre, 2012.
[26]
A Algawi, M Kiperberg, Roee Leon, Using hypervisors to overcome Structured Exception Handler attacks [J]. ECCWS 2019 18th European Conference on Cyber Warfare and Security,2019.
[27]
Xinran Wang, Yoon-Chan Jhi, Sencun Zhu STILL: Exploit Code Detection via Static Taint and Initialisation Analyses[C]. 2008 Annual Computer Security Applications Conference (ACSAC). computer science and engineering from the Pennsylvania State University, 2008, 978-0-7695-3447-3.
[28]
Mihai Bucicoiu, Lucas Davi and Razvan Deaconescu XiOS: Extended Application Sandboxing on iOS[C].10th ACM Symposium on Information, Computer and Communications. Security University POLITEHNICA of Bucharest, 2015, Pages 43-54.
[29]
Beijnum, A.C.W. HALY: AUTOMATED EVALUATION OF HARDENING TECHNIQUES IN ANDROID AND IOS APPS[C]. EEMCS: Electrical Engineering, Mathematics, and Computer Science, 2023.
[30]
Jiancheng Qin, Zhongying Bai, and Yuan Bairandom Polymorphic Algorithm of JavaScript Code Protection[C]. 2008 International Symposium on Computer Science and Computational Technology. Beijing University of Posts and Telecommunications, 2008, 10.1109/ISCSCT.2008.48.
[31]
Prahlad Fogla, Monirul Sharif and Roberto Perdisci Polymorphic Blending Attacks, College of Computing, USENIX Association[C]. Georgia Institute of Technology, 2006, 241-256.
[32]
Lukas Zobernig, Steven D. Galbraith and Giovanni Russello When are Opaque Predicates Useful? [C].2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications. University of Auckland, Auckland, 2019, 10.1109/TrustCom/BigDataSE.2019.00031.
[33]
Anirban Majumdar and Clark Thomborson, Manufacturing Opaque Predicates in Distributed Systems for Code Obfuscation[J]. In Proceedings of the 29th Australasian Computer Science, Department of Computer Science The University of Auckland, 2006, Conference-Volume 48 (pp. . 187-196).
[34]
Xu D. Opaque Predicate: Attack and Defence in Obfuscated Binary Code[J], 2018.
[35]
Joonhyung Hwang and Taisook Han. Identifying Input-Dependent Jumps from Obfuscated Execution using Dynamic Data Flow Graphs[J]. the 8th Software Security, Protection, and Reverse Engineering Workshop. Korea Advanced I, stitute of Science and Technology, 2018, Article No. 3Pages 1-12.
[36]
Babak Yadegari and Saumya Debray, Symbolic Execution of Obfuscated Code[C]. The 22nd ACM Conference on Computer and Communications Security, The Association for Computing Machinery, 2015, October 12 - 16.
[37]
Vivek Balachandran and Sabu Emmanuel, Software code obfuscation by hiding control flow information in stack[C], 2011 IEEE International Workshop on Information Forensics and Security, School of Computer Engineering, Nanyang Technological University, 2012, 10.1109/WIFS.2011.6123121.
[38]
BANESCU S, COLLBERG C S, GANESH V, Code obfuscation against symbolic execution attacks [C] // Proceedings of the 32nd Annual Conference on Computer Security Applications. new York: ACM, 2016, 189-200.
[39]
Jens Ernst, William Evans and Christopher W. Fraser, Code compression [J], ACM SIGPLAN Notices, University of Arizona, Dept of Computer Science, 1997, Volume 32Issue 5, pp 358-365.
[40]
Debray S, Evans W. Profile-guided code compression[J]. ACM SIGPLAN Notices, 2002, 37(5): 95-105.
[41]
Ellison G, Wolitzky A. A search cost model of obfuscation[J]. The RAND Journal of Economics, 2012, 43(3): 417-441.
[42]
Ebad S A, Darem A A, Abawajy J H. Measuring software obfuscation quality-a systematic literature review[J]. IEEE Access, 2021, 9: 99024-99038.
[43]
Schneider F B. The state machine approach: a tutorial[J]. Fault-tolerant distributed computing, 2005, 18-41.
[44]
Lee D, Yannakakis M. Principles and methods of testing finite state machines-a survey [J]. Proceedings of the IEEE, 1996, 84(8): 1090-1123.
[45]
Reilly D, Fan L. A comparative evaluation of differentially private image obfuscation[C]//2021 Third IEEE International Conference on Trust, Privacy, and Security in Intelligent Systems and Applications (TPS-ISA). IEEE, 2021, 80-89.
[46]
Cheng B, Liu J, Chen J, Behavior-Obfuscation Resistance Malware Detection[J]. The Computer Journal, 2019, 62(12): 1734-1747.
[47]
Tang J, Li R, Jiang Y, Android malware obfuscation variants detection method based on multi-granularity opcode features[J]. Future Generation Computer Systems, 2022, 129: 141-151.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
BDEIM '23: Proceedings of the 2023 4th International Conference on Big Data Economy and Information Management
December 2023
917 pages
ISBN:9798400716669
DOI:10.1145/3659211
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 May 2024

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

BDEIM 2023

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 11
    Total Downloads
  • Downloads (Last 12 months)11
  • Downloads (Last 6 weeks)2
Reflects downloads up to 18 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media