TY - GEN
T1 - Comparing the effectiveness of commercial obfuscators against MATE attacks
AU - Manikyam, Ramya
AU - McDonald, J. Todd
AU - Mahoney, William R.
AU - Andel, Todd R.
AU - Russ, Samuel H.
N1 - Funding Information:
This material is based in part upon work supported by the National Science Foundation under grants DGE-1303384 and CNS-1305369.
Publisher Copyright:
© 2016 ACM.
PY - 2016/12/5
Y1 - 2016/12/5
N2 - The ability to protect software from malicious reverse engineering remains a challenge faced by commercial software companies who invest a large amount of resources in the development of their software product. In order to protect their investment from potential attacks such as illegal copying, tampering, and malicious reverse engineering, most companies utilize some type of protection software, also known as obfuscators, to create variants of their products that are more resilient to adversarial analysis. In this paper, we report on the effectiveness of different commercial obfuscators against traditional man-at-the-end (MATE) attacks where an adversary can utilize tools such as debuggers, disassemblers, and de-compilers as a legitimate end-user of a binary executable. Our case study includes four benchmark programs that have associated adversarial goals categorized as either comprehension or change tasks. We use traditional static and dynamic analysis techniques to identify the adversarial workload and outcomes before and after each program is transformed by a set of three commercial obfuscators. Our results confirm what is typically assumed: an adversary with a reasonable background in the computing disciplines can both comprehend and make changes to any of our completely unprotected programs using standard tools. Additionally, given the same skill set and attack approach, protected programs can still be probed to leak certain information, but none could be successfully altered and saved to create a cracked version. As a contribution, our methodology is unique compared to prior studies on obfuscation effectiveness in that we categorize adversarial skill and delineate program goals into comprehension and change ability, while considering the load time and overhead of obfuscated variants.
AB - The ability to protect software from malicious reverse engineering remains a challenge faced by commercial software companies who invest a large amount of resources in the development of their software product. In order to protect their investment from potential attacks such as illegal copying, tampering, and malicious reverse engineering, most companies utilize some type of protection software, also known as obfuscators, to create variants of their products that are more resilient to adversarial analysis. In this paper, we report on the effectiveness of different commercial obfuscators against traditional man-at-the-end (MATE) attacks where an adversary can utilize tools such as debuggers, disassemblers, and de-compilers as a legitimate end-user of a binary executable. Our case study includes four benchmark programs that have associated adversarial goals categorized as either comprehension or change tasks. We use traditional static and dynamic analysis techniques to identify the adversarial workload and outcomes before and after each program is transformed by a set of three commercial obfuscators. Our results confirm what is typically assumed: an adversary with a reasonable background in the computing disciplines can both comprehend and make changes to any of our completely unprotected programs using standard tools. Additionally, given the same skill set and attack approach, protected programs can still be probed to leak certain information, but none could be successfully altered and saved to create a cracked version. As a contribution, our methodology is unique compared to prior studies on obfuscation effectiveness in that we categorize adversarial skill and delineate program goals into comprehension and change ability, while considering the load time and overhead of obfuscated variants.
KW - Anti-tamper
KW - Commercial obfuscators
KW - Cracked programs
KW - Dynamic analysis
KW - Malicious reverse engineering
KW - Manat-the-end (MATE) attacks
KW - Obfuscation
KW - Software protection
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=85008238133&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85008238133&partnerID=8YFLogxK
U2 - 10.1145/3015135.3015143
DO - 10.1145/3015135.3015143
M3 - Conference contribution
AN - SCOPUS:85008238133
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 6th Software Security, Protection, and Reverse Engineering Workshop 2016, SSPREW 2016
PB - Association for Computing Machinery
T2 - 6th Software Security, Protection, and Reverse Engineering Workshop, SSPREW 2016
Y2 - 5 December 2016 through 6 December 2016
ER -