CISPA
Browse

Loki: Hardening Code Obfuscation Against Automated Attacks

Download (437.49 kB)
conference contribution
posted on 2023-11-29, 18:19 authored by Moritz Schlögel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten HolzThorsten Holz, Ali AbbasiAli Abbasi
Software obfuscation is a crucial technology to protect intellectual property and manage digital rights within our society. Despite its huge practical importance, both commercial and academic state-of-the-art obfuscation methods are vulnerable to a plethora of automated deobfuscation attacks, such as symbolic execution, taint analysis, or program synthesis. While several enhanced obfuscation techniques were recently proposed to thwart taint analysis or symbolic execution, they either impose a prohibitive runtime overhead or can be removed in an automated way (e.g., via compiler optimizations). In general, these techniques suffer from focusing on a single attack vector, allowing an attacker to switch to other, more effective techniques, such as program synthesis. In this work, we present Loki, an approach for software obfuscation that is resilient against all known automated deobfuscation attacks. To this end, we use and efficiently combine multiple techniques, including a generic approach to synthesize formally verified expressions of arbitrary complexity. Contrary to state-of-the-art approaches that rely on a few hardcoded generation rules, our expressions are more diverse and harder to pattern match against. Even the most recent state-of-the-art research on Mixed-Boolean Arithmetic (MBA) deobfuscation fails to simplify them. Moreover, Loki protects against previously unaccounted attack vectors such as program synthesis, for which it reduces the success rate to merely 19%. In a comprehensive evaluation, we show that our design incurs significantly less overhead while providing a much stronger protection level compared to existing works.

History

Preferred Citation

Moritz Schlögel, Tim Blazytko, Moritz Contag, Cornelius Aschermann, Julius Basler, Thorsten Holz and Ali Abbasi. Loki: Hardening Code Obfuscation Against Automated Attacks. In: Usenix Security Symposium (USENIX-Security). 2022.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

Usenix Security Symposium (USENIX-Security)

Legacy Posted Date

2022-05-04

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3590, title = "Loki: Hardening Code Obfuscation Against Automated Attacks", author = "Schlögel, Moritz and Blazytko, Tim and Contag, Moritz and Aschermann, Cornelius and Basler, Julius and Holz, Thorsten and Abbasi, Ali", booktitle="{Usenix Security Symposium (USENIX-Security)}", year="2022", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC