ROPOB: Obfuscating binary code via return oriented programming

Dongliang Mu, Jia Guo, Wenbiao Ding, Zhilong Wang, Bing Mao, Lei Shi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

Software reverse engineering has been widely employed for software reuse, serving malicious purposes, such as software plagiarism and malware camouflage. To raise the bar for adversaries to perform reverse engineering, plenty of work has been proposed to introduce obfuscation into the to-be-protected software. However, existing obfuscation methods are either inefficient or hard to be deployed. In this paper, we propose an obfuscation scheme for binaries based on Return Oriented Programming (ROP), which aims to serve as an efficient and deployable anti-reverse-engineering approach. Our basic idea is to transform direct control flow to indirect control flow. The strength of our scheme derives from the fact that static analysis is typically insufficient to pinpoint target address of indirect control flow. We implement a tool, ROPOB, to achieve obfuscation in Commercial-off-the-Shelf (COTS) binaries, and test ROPOB with programs in SPEC2006. The results show that ROPOB can successfully transform all identified direct control flow, without causing execution errors. The overhead is acceptable: the average performance overhead is less than 10% when obfuscation coverage is over 90%.

Original languageEnglish (US)
Title of host publicationSecurity and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings
EditorsAli Ghorbani, Xiaodong Lin, Kui Ren, Sencun Zhu, Aiqing Zhang
PublisherSpringer Verlag
Pages721-737
Number of pages17
ISBN (Print)9783319788128
DOIs
StatePublished - Jan 1 2018
Event13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017 - [state] ON, Canada
Duration: Oct 22 2017Oct 25 2017

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume238
ISSN (Print)1867-8211

Other

Other13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
CountryCanada
City[state] ON
Period10/22/1710/25/17

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'ROPOB: Obfuscating binary code via return oriented programming'. Together they form a unique fingerprint.

  • Cite this

    Mu, D., Guo, J., Ding, W., Wang, Z., Mao, B., & Shi, L. (2018). ROPOB: Obfuscating binary code via return oriented programming. In A. Ghorbani, X. Lin, K. Ren, S. Zhu, & A. Zhang (Eds.), Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings (pp. 721-737). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 238). Springer Verlag. https://doi.org/10.1007/978-3-319-78813-5_38