Obfuscation of executable code to improve resistance to static disassembly

Cullen Linn, Saumya Debray

Research output: Contribution to journalConference article

Abstract

A great deal of software is distributed in the form of executable code. The ability to reverse engineer such executables can create opportunities for theft of intellectual property via software piracy, as well as security breaches by allowing attackers to discover vulnerabilities in an application. The process of reverse engineering an executable program typically begins with disassembly, which translates machine code to assembly code. This is then followed by various decompilation steps that aim to recover higher-level abstractions from the assembly code. Most of the work to date on code obfuscation has focused on disrupting or confusing the de-compilation phase. This paper, by contrast, focuses on the initial disassembly phase. Our goal is to disrupt the static disassembly process so as to make programs harder to disassemble correctly. We describe two widely used static disassembly algorithms, and discuss techniques to thwart each of them. Experimental results indicate that significant portions of executables that have been obfuscated using our techniques are disassembled incorrectly, thereby showing the efficacy of our methods.

Original languageEnglish (US)
Pages (from-to)290-299
Number of pages10
JournalProceedings of the ACM Conference on Computer and Communications Security
StatePublished - Dec 1 2003
EventProceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003 - Washington, DC, United States
Duration: Oct 27 2003Oct 31 2003

    Fingerprint

Keywords

  • Code obfuscation
  • Disassembly

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this