Probabilistic Obfuscation Through Covert Channels

Jon Stephens; Babak Yadegari; Christian S Collberg; Saumya K Debray; Carlos Eduardo Scheidegger

doi:10.1109/EuroSP.2018.00025

Probabilistic Obfuscation Through Covert Channels

Jon Stephens, Babak Yadegari, Christian S Collberg, Saumya K Debray, Carlos Eduardo Scheidegger

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

This paper presents a program obfuscation framework that uses covert channels through the program's execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program's runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety.

Original language	English (US)
Title of host publication	Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	243-257
Number of pages	15
ISBN (Electronic)	9781538642276
DOIs	https://doi.org/10.1109/EuroSP.2018.00025
State	Published - Jul 6 2018
Event	3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018 - London, United Kingdom Duration: Apr 24 2018 → Apr 26 2018

Other

Other	3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018
Country	United Kingdom
City	London
Period	4/24/18 → 4/26/18

Fingerprint

Keywords

Covert Channels
Malware
Obfuscation
Privacy
Symbolic Analysis
System Security

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Safety, Risk, Reliability and Quality

Cite this

Stephens, J., Yadegari, B., Collberg, C. S., Debray, S. K., & Scheidegger, C. E. (2018). Probabilistic Obfuscation Through Covert Channels. In Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018 (pp. 243-257). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/EuroSP.2018.00025

Probabilistic Obfuscation Through Covert Channels. / Stephens, Jon; Yadegari, Babak; Collberg, Christian S ; Debray, Saumya K ; Scheidegger, Carlos Eduardo.

Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018. Institute of Electrical and Electronics Engineers Inc., 2018. p. 243-257.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Stephens, J, Yadegari, B, Collberg, CS , Debray, SK & Scheidegger, CE 2018, Probabilistic Obfuscation Through Covert Channels. in Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018. Institute of Electrical and Electronics Engineers Inc., pp. 243-257, 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018, London, United Kingdom, 4/24/18. https://doi.org/10.1109/EuroSP.2018.00025

@inproceedings{055933552f9043d184ee6fe56bffb590,

title = "Probabilistic Obfuscation Through Covert Channels",

abstract = "This paper presents a program obfuscation framework that uses covert channels through the program's execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program's runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety.",

keywords = "Covert Channels, Malware, Obfuscation, Privacy, Symbolic Analysis, System Security",

author = "Jon Stephens and Babak Yadegari and Collberg, {Christian S} and Debray, {Saumya K} and Scheidegger, {Carlos Eduardo}",

year = "2018",

month = jul,

day = "6",

doi = "10.1109/EuroSP.2018.00025",

language = "English (US)",

pages = "243--257",

booktitle = "Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018 ; Conference date: 24-04-2018 Through 26-04-2018",

}

TY - GEN

T1 - Probabilistic Obfuscation Through Covert Channels

AU - Stephens, Jon

AU - Yadegari, Babak

AU - Collberg, Christian S

AU - Debray, Saumya K

AU - Scheidegger, Carlos Eduardo

PY - 2018/7/6

Y1 - 2018/7/6

N2 - This paper presents a program obfuscation framework that uses covert channels through the program's execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program's runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety.

AB - This paper presents a program obfuscation framework that uses covert channels through the program's execution environment to obfuscate information flow through the program. Unlike prior works on obfuscation, the use of covert channels removes visible information flows from the computation of the program and reroutes them through the program's runtime system and/or the operating system. This renders these information flows, and the corresponding control and data dependencies, invisible to program analysis tools such as symbolic execution engines. Additionally, we present the idea of probabilistic obfuscation which uses imperfect covert channels to leak information with some probabilistic guarantees. Experimental evaluation of our approach against state of the art detection and analysis techniques show the engines are not well-equipped to handle these obfuscations, particularly those of the probabilistic variety.

KW - Covert Channels

KW - Malware

KW - Obfuscation

KW - Privacy

KW - Symbolic Analysis

KW - System Security

UR - http://www.scopus.com/inward/record.url?scp=85050770697&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050770697&partnerID=8YFLogxK

U2 - 10.1109/EuroSP.2018.00025

DO - 10.1109/EuroSP.2018.00025

M3 - Conference contribution

AN - SCOPUS:85050770697

SP - 243

EP - 257

BT - Proceedings - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 3rd IEEE European Symposium on Security and Privacy, EURO S and P 2018

Y2 - 24 April 2018 through 26 April 2018

ER -

Access to Document

10.1109/EuroSP.2018.00025