Software obfuscation is a crucial technology to protect intellectual property and manage digital rights within our society. Despite its huge practical importance, both commercial and academic state-of-the-art obfuscation methods are vulnerable to a plethora of automated deobfuscation attacks, such as symbolic execution, taint analysis, or program synthesis. While several enhanced obfuscation techniques were recently proposed to thwart taint analysis or symbolic execution, they either impose a prohibitive runtime overhead or can be removed in an automated way (e.g., via compiler optimizations). In general, these techniques suffer from focusing on a single attack vector, allowing an attacker to switch to other, more effective techniques, such as program synthesis.
In this work, we present Loki, an approach for software obfuscation that is resilient against all known automated deobfuscation attacks. To this end, we use and efficiently combine multiple techniques, including a generic approach to synthesize formally verified expressions of arbitrary complexity. Contrary to state-of-the-art approaches that rely on a few hardcoded generation rules, our expressions are more diverse and harder to pattern match against. Even the most recent state-of-the-art research on Mixed-Boolean Arithmetic (MBA) deobfuscation fails to simplify them. Moreover, Loki protects against previously unaccounted attack vectors such as program synthesis, for which it reduces the success rate to merely 19%. In a comprehensive evaluation, we show that our design incurs significantly less overhead while providing a much stronger protection level compared to existing works.
History
Preferred Citation
Moritz Schlögel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz and Ali Abbasi. Loki: Hardening Code Obfuscation Against Automated Attacks. In: Usenix Security Symposium (USENIX-Security). 2022.
Primary Research Area
Threat Detection and Defenses
Name of Conference
Usenix Security Symposium (USENIX-Security)
Legacy Posted Date
2022-05-04
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3590,
title = "Loki: Hardening Code Obfuscation Against Automated Attacks",
author = "Schlögel, Moritz and Blazytko, Tim and Contag, Moritz and Aschermann, Cornelius and Basler, Julius and Holz, Thorsten and Abbasi, Ali",
booktitle="{Usenix Security Symposium (USENIX-Security)}",
year="2022",
}