Probabilistic Obfuscation Through Covert Channels

Jon Stephens, Babak Yadegari, Christian S Collberg, Saumya K Debray, Carlos Eduardo Scheidegger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

This paper presents a program obfuscation framework that uses covert channels through the program's execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program's runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety.

Original languageEnglish (US)
Title of host publicationProceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages243-257
Number of pages15
ISBN (Electronic)9781538642276
DOIs
StatePublished - Jul 6 2018
Event3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018 - London, United Kingdom
Duration: Apr 24 2018Apr 26 2018

Other

Other3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018
CountryUnited Kingdom
CityLondon
Period4/24/184/26/18

Fingerprint

Engines

Keywords

  • Covert Channels
  • Malware
  • Obfuscation
  • Privacy
  • Symbolic Analysis
  • System Security

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Stephens, J., Yadegari, B., Collberg, C. S., Debray, S. K., & Scheidegger, C. E. (2018). Probabilistic Obfuscation Through Covert Channels. In Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018 (pp. 243-257). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/EuroSP.2018.00025

Probabilistic Obfuscation Through Covert Channels. / Stephens, Jon; Yadegari, Babak; Collberg, Christian S; Debray, Saumya K; Scheidegger, Carlos Eduardo.

Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 243-257.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Stephens, J, Yadegari, B, Collberg, CS, Debray, SK & Scheidegger, CE 2018, Probabilistic Obfuscation Through Covert Channels. in Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018. Institute of Electrical and Electronics Engineers Inc., pp. 243-257, 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018, London, United Kingdom, 4/24/18. https://doi.org/10.1109/EuroSP.2018.00025
Stephens J, Yadegari B, Collberg CS, Debray SK, Scheidegger CE. Probabilistic Obfuscation Through Covert Channels. In Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018. Institute of Electrical and Electronics Engineers Inc. 2018. p. 243-257 https://doi.org/10.1109/EuroSP.2018.00025
Stephens, Jon ; Yadegari, Babak ; Collberg, Christian S ; Debray, Saumya K ; Scheidegger, Carlos Eduardo. / Probabilistic Obfuscation Through Covert Channels. Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 243-257
@inproceedings{055933552f9043d184ee6fe56bffb590,
title = "Probabilistic Obfuscation Through Covert Channels",
abstract = "This paper presents a program obfuscation framework that uses covert channels through the program's execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program's runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety.",
keywords = "Covert Channels, Malware, Obfuscation, Privacy, Symbolic Analysis, System Security",
author = "Jon Stephens and Babak Yadegari and Collberg, {Christian S} and Debray, {Saumya K} and Scheidegger, {Carlos Eduardo}",
year = "2018",
month = "7",
day = "6",
doi = "10.1109/EuroSP.2018.00025",
language = "English (US)",
pages = "243--257",
booktitle = "Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - Probabilistic Obfuscation Through Covert Channels

AU - Stephens, Jon

AU - Yadegari, Babak

AU - Collberg, Christian S

AU - Debray, Saumya K

AU - Scheidegger, Carlos Eduardo

PY - 2018/7/6

Y1 - 2018/7/6

N2 - This paper presents a program obfuscation framework that uses covert channels through the program's execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program's runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety.

AB - This paper presents a program obfuscation framework that uses covert channels through the program's execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program's runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety.

KW - Covert Channels

KW - Malware

KW - Obfuscation

KW - Privacy

KW - Symbolic Analysis

KW - System Security

UR - http://www.scopus.com/inward/record.url?scp=85050770697&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050770697&partnerID=8YFLogxK

U2 - 10.1109/EuroSP.2018.00025

DO - 10.1109/EuroSP.2018.00025

M3 - Conference contribution

AN - SCOPUS:85050770697

SP - 243

EP - 257

BT - Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Access to Document