Research Article
ROPOB: Obfuscating Binary Code via Return Oriented Programming
@INPROCEEDINGS{10.1007/978-3-319-78813-5_38, author={Dongliang Mu and Jia Guo and Wenbiao Ding and Zhilong Wang and Bing Mao and Lei Shi}, title={ROPOB: Obfuscating Binary Code via Return Oriented Programming}, proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM}, year={2018}, month={4}, keywords={Obfuscation Return-oriented programming Reverse engineering}, doi={10.1007/978-3-319-78813-5_38} }
- Dongliang Mu
Jia Guo
Wenbiao Ding
Zhilong Wang
Bing Mao
Lei Shi
Year: 2018
ROPOB: Obfuscating Binary Code via Return Oriented Programming
SECURECOMM
Springer
DOI: 10.1007/978-3-319-78813-5_38
Abstract
Software reverse engineering has been widely employed for software reuse, serving malicious purposes, such as software plagiarism and malware camouflage. To raise the bar for adversaries to perform reverse engineering, plenty of work has been proposed to introduce obfuscation into the to-be-protected software. However, existing obfuscation methods are either inefficient or hard to be deployed. In this paper, we propose an obfuscation scheme for binaries based on (ROP), which aims to serve as an efficient and deployable anti-reverse-engineering approach. Our basic idea is to transform direct control flow to indirect control flow. The strength of our scheme derives from the fact that static analysis is typically insufficient to pinpoint target address of indirect control flow. We implement a tool, ROPOB, to achieve obfuscation in Commercial-off-the-Shelf (COTS) binaries, and test ROPOB with programs in SPEC2006. The results show that ROPOB can successfully transform all identified direct control flow, without causing execution errors. The overhead is acceptable: the average performance overhead is less than 10% when obfuscation coverage is over 90%.