Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22–25, 2017, Proceedings

Research Article

Lambda Obfuscation

Download
383 downloads
  • @INPROCEEDINGS{10.1007/978-3-319-78813-5_11,
        author={Pengwei Lan and Pei Wang and Shuai Wang and Dinghao Wu},
        title={Lambda Obfuscation},
        proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings},
        proceedings_a={SECURECOMM},
        year={2018},
        month={4},
        keywords={Software obfuscation Control flow obfuscation Reverse engineering Lambda calculus},
        doi={10.1007/978-3-319-78813-5_11}
    }
    
  • Pengwei Lan
    Pei Wang
    Shuai Wang
    Dinghao Wu
    Year: 2018
    Lambda Obfuscation
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-319-78813-5_11
Pengwei Lan1,*, Pei Wang1,*, Shuai Wang1,*, Dinghao Wu1,*
  • 1: The Pennsylvania State University
*Contact email: pul139@ist.psu.edu, pxw172@ist.psu.edu, szw175@ist.psu.edu, dwu@ist.psu.edu

Abstract

With the rise of increasingly advanced reverse engineering technique, especially more scalable symbolic execution tools, software obfuscation faces great challenges. Branch conditions contain important control flow logic of a program. Adversaries can use powerful program analysis tools to collect sensitive program properties and recover a program’s internal logic, stealing intellectual properties from the original owner. In this paper, we propose a novel control obfuscation technique that uses lambda calculus to hide the original computation semantics and makes the original program more obscure to understand and reverse engineer. Our obfuscator replaces the conditional instructions with lambda calculus function calls that simulate the same behavior with a more complicated execution model. Our experiment result shows that our obfuscation method can protect sensitive branch conditions from state-of-the-art symbolic execution techniques, with only modest overhead.