Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

ROPOB: Obfuscating Binary Code via Return Oriented Programming

  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_38,
        author={Dongliang Mu and Jia Guo and Wenbiao Ding and Zhilong Wang and Bing Mao and Lei Shi},
        title={ROPOB: Obfuscating Binary Code via Return Oriented Programming},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Obfuscation Return-oriented programming Reverse engineering},
        doi={10.1007/978-3-319-78813-5_38}
    }
    
  • Dongliang Mu
    Jia Guo
    Wenbiao Ding
    Zhilong Wang
    Bing Mao
    Lei Shi
    Year: 2018
    ROPOB: Obfuscating Binary Code via Return Oriented Programming
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_38
Dongliang Mu1,*, Jia Guo1,*, Wenbiao Ding1,*, Zhilong Wang1,*, Bing Mao1,*, Lei Shi2,*
  • 1: Nanjing University
  • 2: Zhengzhou University
*Contact email: mudongliangabcd@163.com, njuguojia@163.com, wbdingzx@163.com, njuwangzhilong@163.com, maobing@nju.edu.cn, shilei@zzu.edu.cn

Abstract

Software reverse engineering has been widely employed for software reuse, serving malicious purposes, such as software plagiarism and malware camouflage. To raise the bar for adversaries to perform reverse engineering, plenty of work has been proposed to introduce obfuscation into the to-be-protected software. However, existing obfuscation methods are either inefficient or hard to be deployed. In this paper, we propose an obfuscation scheme for binaries based on (ROP), which aims to serve as an efficient and deployable anti-reverse-engineering approach. Our basic idea is to transform direct control flow to indirect control flow. The strength of our scheme derives from the fact that static analysis is typically insufficient to pinpoint target address of indirect control flow. We implement a tool, ROPOB, to achieve obfuscation in Commercial-off-the-Shelf (COTS) binaries, and test ROPOB with programs in SPEC2006. The results show that ROPOB can successfully transform all identified direct control flow, without causing execution errors. The overhead is acceptable: the average performance overhead is less than 10% when obfuscation coverage is over 90%.