Software Protection via Obfuscation
|
|
- Jodie Parker
- 6 years ago
- Views:
Transcription
1 Software Protection via Obfuscation Ciprian Lucaci InfoSec Meetup #1 1
2 About me Software Protection via Obfuscation - Ciprian LUCACI 2
3 About me # Bachelor Computer Politehnica Univerity Timișoara Software Protection via Obfuscation - Ciprian LUCACI 2
4 About me # Bachelor Computer Politehnica Univerity Timișoara # Software Lasting Software Master Politehnica University, Timișoara Software Protection via Obfuscation - Ciprian LUCACI 2
5 About me # Bachelor Computer Politehnica Univerity Timișoara # Software Lasting Software Master Politehnica University, Timișoara # Master Technische Universität München 2014 Research Software Engineering chair Software Protection via Obfuscation - Ciprian LUCACI 2
6 About me # Bachelor Computer Politehnica Univerity Timișoara # Software Lasting Software Master Politehnica University, Timișoara # Master Technische Universität München 2014 Research Software Engineering chair 2015-today # Software Atigeo Software Protection via Obfuscation - Ciprian LUCACI 2
7 Outline Software Protection via Obfuscation - Ciprian LUCACI 3
8 Outline Context Software Protection Software Protection via Obfuscation - Ciprian LUCACI 3
9 Outline Context Software Protection Obfuscation Techniques and Tools Software Protection via Obfuscation - Ciprian LUCACI 3
10 Outline Context Software Protection Obfuscation Techniques and Tools Virtualization Obfuscation VOT4CS Tool Design Software Protection via Obfuscation - Ciprian LUCACI 3
11 Outline Context Software Protection Obfuscation Techniques and Tools Virtualization Obfuscation VOT4CS Tool Design Evaluation Selection Criteria Software Protection via Obfuscation - Ciprian LUCACI 3
12 Outline Context Software Protection Obfuscation Techniques and Tools Virtualization Obfuscation VOT4CS Tool Design Evaluation Selection Criteria Conclusion To Obfuscate Or Not To Obfuscate Software Protection via Obfuscation - Ciprian LUCACI 3
13 Context: Software protection Software Protection via Obfuscation - Ciprian LUCACI 4
14 Context: Software protection Threat Models [Ancakert2006] 1. Malicious Code Software security 2. Malicious Host Software protection Software Protection via Obfuscation - Ciprian LUCACI 4
15 Context: Software protection Threat Models [Ancakert2006] 1. Malicious Code Software security 2. Malicious Host Software protection Attack Scenario Man-At-The-End (MATE) Software Protection via Obfuscation - Ciprian LUCACI 4
16 Context: Software protection Threat Models [Ancakert2006] 1. Malicious Code Software security 2. Malicious Host Software protection Attack Scenario Man-At-The-End (MATE) Case Study Industry partner: Jungheinrich,.NET C# Master Technische Universität München Software Protection via Obfuscation - Ciprian LUCACI 4
17 Context: Software protection Means [Collberg1998] Software Protection via Obfuscation - Ciprian LUCACI 5
18 Context: Software protection Means [Collberg1998] 1. Legal Software Protection via Obfuscation - Ciprian LUCACI 5
19 Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services Software Protection via Obfuscation - Ciprian LUCACI 5
20 Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption Software Protection via Obfuscation - Ciprian LUCACI 5
21 Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption 4. Machine / Native code Software Protection via Obfuscation - Ciprian LUCACI 5
22 Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption 4. Machine / Native code 5. Obfuscation Software Protection via Obfuscation - Ciprian LUCACI 5
23 Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption 4. Machine / Native code 5. Obfuscation There is NO perfect security! Software Protection via Obfuscation - Ciprian LUCACI 5
24 Context: Software protection Means [Collberg1998] 1. Legal 2. Remote Services 3. Encryption 4. Machine / Native code 5. Obfuscation There is NO perfect security! Obfuscation First layer of defense against intelligent tampering Prevent understanding and reuse of intellectual property Software Protection via Obfuscation - Ciprian LUCACI 5
25 Context: Protection via Obfuscation Techniques [Collberg1997] Software Protection via Obfuscation - Ciprian LUCACI 6
26 Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Software Protection via Obfuscation - Ciprian LUCACI 6
27 Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Data transformations String encoding Software Protection via Obfuscation - Ciprian LUCACI 6
28 Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Data transformations String encoding Preventive transformations Code encryption Software Protection via Obfuscation - Ciprian LUCACI 6
29 Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Data transformations String encoding Preventive transformations Code encryption Control flow transformations Control flow flattening Software Protection via Obfuscation - Ciprian LUCACI 6
30 Context: Protection via Obfuscation Techniques [Collberg1997] Lexical transformations Renaming Data transformations String encoding Preventive transformations Code encryption Control flow transformations Control flow flattening Equivalence observable behavior Software Protection via Obfuscation - Ciprian LUCACI 6
31 State of the Art Obfuscation tools C# obfuscators Price Code Virtualization 1. Agile.NET $795 Yes 2. Crypto Obfuscator $149 $4469 Yes 3. Eazfuscator.NET $399 Yes 4. ConfuserEx Free (opensource) No 5. Dotfuscator ~ $1600 No Software Protection via Obfuscation - Ciprian LUCACI 7
32 State of the Art Obfuscation tools C# obfuscators Price Code Virtualization 1. Agile.NET $795 Yes 2. Crypto Obfuscator $149 $4469 Yes 3. Eazfuscator.NET $399 Yes 4. ConfuserEx Free (opensource) No 5. Dotfuscator ~ $1600 No C# decompilers Price 1. dotpeek 2. ILSpy Free 3. JustDecompile 4. ILDasm Software Protection via Obfuscation - Ciprian LUCACI 7
33 State of the Art Obfuscation tools C# obfuscators Price Code Virtualization 1. Agile.NET $795 Yes 2. Crypto Obfuscator $149 $4469 Yes 3. Eazfuscator.NET $399 Yes 4. ConfuserEx Free (opensource) No 5. Dotfuscator ~ $1600 No C# decompilers Price 1. dotpeek 2. ILSpy Free 3. JustDecompile 4. ILDasm C# tracers Price 1. dottrace ~$ Intel Pin (binary) Free Software Protection via Obfuscation - Ciprian LUCACI 7
34 Thesis: Virtualization Obfuscation Goals design and implement virtualization obfuscator for C# programs an open source alternative to commercial obfuscators no free obfuscation tool with virtualization as a feature Software Protection via Obfuscation - Ciprian LUCACI 8
35 Thesis: Virtualization Obfuscation Goals design and implement virtualization obfuscator for C# programs an open source alternative to commercial obfuscators no free obfuscation tool with virtualization as a feature perform a case-study on a real-world software solution performance evaluation security evaluation Software Protection via Obfuscation - Ciprian LUCACI 8
36 Background: Virtualization Obfuscation Input: Program P Generate a random new language Translate P to the new language as P` Synthetize an interpreter to translate the new instructions Program P Software Protection via Obfuscation - Ciprian LUCACI 9
37 Background: Virtualization Obfuscation Input: Program P Generate a random new language Translate P to the new language as P` Synthetize an interpreter to translate the new instructions Program P Virtualization Tool Program P` Obfuscated program Interpreter Software Protection via Obfuscation - Ciprian LUCACI 9
38 Background: Virtualization Obfuscation Input: Program P Generate a random new language Translate P to the new language as P` Synthetize an interpreter to translate the new instructions Program P Virtualization Tool Usage Software Diversification Mitigate MATE attacks Mitigate Static and Dynamic analysis Program P` Obfuscated program Interpreter Software Protection via Obfuscation - Ciprian LUCACI 9
39 Background: Virtualization Obfuscation Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
40 Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return... Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
41 Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return... Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
42 Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return... Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
43 Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return... Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
44 Background: Virtualization Obfuscation... Operations assignment addition subtraction method invocation return Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 10
45 Design and Implementation Virtualization Obfuscation Algorithm Refactoring Transformations Virtualization Transformations Virtualization tool Program P 1. Refactor 2. Virtualize Program P` Obfuscated program Interpreter Software Protection via Obfuscation - Ciprian LUCACI 11
46 Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Software Protection via Obfuscation - Ciprian LUCACI 12
47 Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Software Protection via Obfuscation - Ciprian LUCACI 12
48 Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Software Protection via Obfuscation - Ciprian LUCACI 12
49 Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Invocation simplification obj.m1().m2().m3() obj.member1.member13 Software Protection via Obfuscation - Ciprian LUCACI 12
50 Design and Implementation: Algorithm Refactoring transformations Virtualization tool Refactor Virtualize Arithmetic simplification +, -, *, /, ++, --, % Invocation simplification obj.m1().m2().m3() obj.member1.member13 Comparison simplification >, <, >=, <= For, ForEach, DoWhile conversion to While Switch conversion to chained If Local variables initialization Composed assignment Conditional expression Try/Catch statement Software Protection via Obfuscation - Ciprian LUCACI 12
51 Design and Implementation: Algorithm Virtualization transformations Virtualization tool Refactor Virtualize Step 1. Select method body to virtualize. Software Protection via Obfuscation - Ciprian LUCACI 13
52 Design and Implementation: Algorithm Virtualization transformations Virtualization tool Refactor Virtualize Step 1. Select method body to virtualize. Step 2. Virtualize constants, local arguments, parameters. - generate DATA array Software Protection via Obfuscation - Ciprian LUCACI 13
53 Design and Implementation: Algorithm Virtualization transformations Virtualization tool Refactor Virtualize Step 1. Select method body to virtualize. Step 2. Virtualize constants, local arguments, parameters. - generate DATA array Step 3. Process method s body statements. - generate CODE array Software Protection via Obfuscation - Ciprian LUCACI 13
54 Design and Implementation: Algorithm Virtualization transformations Virtualization tool Refactor Virtualize Step 1. Select method body to virtualize. Step 2. Virtualize constants, local arguments, parameters. - generate DATA array Step 3. Process method s body statements. - generate CODE array Step 4. For compound structures go to previous step and virtualize the statement s body. Software Protection via Obfuscation - Ciprian LUCACI 13
55 Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Software Protection via Obfuscation - Ciprian LUCACI 14
56 Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Operation Size Software Protection via Obfuscation - Ciprian LUCACI 14
57 Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Operation Size Operation Key Software Protection via Obfuscation - Ciprian LUCACI 14
58 Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Operation Size Prefix Size Operation Key Operand Fake Software Protection via Obfuscation - Ciprian LUCACI 14
59 Design and Implementation: Algorithm Virtualization transformations int[] code Virtual Operation Operation Key List<Operand> Prefix Size Postfix Size Offset Frequency Operation Size Prefix Size Operation Key Postfix Size Operand Fake Operand Fake Software Protection via Obfuscation - Ciprian LUCACI 14
60 Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Software Protection via Obfuscation - Ciprian LUCACI 15
61 Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Software Protection via Obfuscation - Ciprian LUCACI 15
62 Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Software Protection via Obfuscation - Ciprian LUCACI 15
63 Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Refactoring Max operands Max invocations Software Protection via Obfuscation - Ciprian LUCACI 16
64 Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Operation Prefix size Postfix size Junk code Refactoring Max operands Max invocations Software Protection via Obfuscation - Ciprian LUCACI 16
65 Design and Implementation: Obfuscation settings Interpreter Inside Method Class Instance Class Static Refactoring Max operands Max invocations Operation Prefix size Postfix size Junk code Switch Default section Operation size Software Protection via Obfuscation - Ciprian LUCACI 16
66 Design and Implementation: Obfuscation settings Randomization points Software Protection via Obfuscation - Ciprian LUCACI 17
67 Design and Implementation: Obfuscation settings Randomization points Operation key Software Protection via Obfuscation - Ciprian LUCACI 17
68 Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Software Protection via Obfuscation - Ciprian LUCACI 17
69 Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Switch sections Software Protection via Obfuscation - Ciprian LUCACI 17
70 Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Switch sections Array initialization VPC initialization Software Protection via Obfuscation - Ciprian LUCACI 17
71 Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Switch sections Array initialization VPC initialization Switch: Default section Software Protection via Obfuscation - Ciprian LUCACI 17
72 Design and Implementation: Obfuscation settings Randomization points Operation key Operands position Switch sections Array initialization VPC initialization Switch: Default section Operation size Software Protection via Obfuscation - Ciprian LUCACI 17
73 Evaluation Framework [Collberg1998] Potency: To what degree is a human reader confused? Resilience: How well are automatic deobfuscation attacks resisted? Cost: How much time/space overhead is added? Stealth: How well does obfuscated code blend in the original code? Software Protection via Obfuscation - Ciprian LUCACI 18
74 Evaluation - Potency To what degree is a human reader confused? Software Protection via Obfuscation - Ciprian LUCACI 19
75 Evaluation - Potency To what degree is a human reader confused? Layout transformations Remove comments Variable lose names Software Protection via Obfuscation - Ciprian LUCACI 19
76 Evaluation - Potency To what degree is a human reader confused? Layout transformations Remove comments Variable lose names Control flow obfuscation Logic hidden in CODE array Software Protection via Obfuscation - Ciprian LUCACI 19
77 Evaluation - Potency To what degree is a human reader confused? Layout transformations Remove comments Variable lose names Control flow obfuscation Logic hidden in CODE array Method overloading Class / Instance interpreter Same interpreter for multiple methods Software Protection via Obfuscation - Ciprian LUCACI 19
78 Evaluation - Potency To what degree is a human reader confused? Layout transformations Remove comments Variable lose names Control flow obfuscation Logic hidden in CODE array Method overloading Class / Instance interpreter Same interpreter for multiple methods Data transformations Variables and constants are stored in DATA array Software Protection via Obfuscation - Ciprian LUCACI 19
79 Evaluation - Resilience To what degree is an automatic tool confused? Obfuscation Goal Attacker Goal Attacker Model protect intellectual property extract source code or control flow graph man-at-the-end (MATE) Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 20
80 Evaluation - Resilience To what degree is an automatic tool confused? Virtualization Obfuscation analysis Obfuscation Goal Attacker Goal Attacker Model protect intellectual property extract source code or control flow graph man-at-the-end (MATE) Paper Level Automation Type Result Limitation Risk Applicable 1 [Rolles2009] binary no / partial static manual analysis extract original code time consuming not scalable 2 [Sharif2009] binary yes dynamic analysis control flow graph strong assumptions high no 3 [Coogan2011] binary yes dynamic automatic analysis approximation of original code significant trace 4 [Kinder2012] binary yes static analysis approximated data values 5 [Yadegari2015] binary yes dynamic analysis trace analysis control flow graph difficult to convert equations to CFG code of the emulator analyzed large input space trace simplification high high Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 20 low high yes yes no yes
81 Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
82 Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
83 Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Step 1: Mark method to trace ConfuserEx, CIL instructions Code injection Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
84 Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Step 1: Mark method to trace ConfuserEx, CIL instructions Code injection Step 2: Trace instructions Data Dump Runtime trace Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
85 Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Step 1: Mark method to trace ConfuserEx, CIL instructions Code injection Step 2: Trace instructions Data Dump Runtime trace Step 3: Simplify traces Python scripts Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
86 Evaluation - Resilience Manual static analysis: [Rolles2009] Revert Interpreter Automatic dynamic analysis [Coogan2011] Step 1: Mark method to trace ConfuserEx, CIL instructions Code injection Step 2: Trace instructions Data Dump Runtime trace Step 3: Simplify traces Python scripts Step 4: Compare traces Master Thesis: Virtualization Obfuscation - Ciprian Lucaci 21
87 Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
88 Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
89 Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
90 Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
91 Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
92 Evaluation - Resilience Step 3: Simplify traces Simplified Obfuscated Software Protection via Obfuscation - Ciprian LUCACI 22
93 Evaluation - Resilience Step 3: Simplify traces Software Protection via Obfuscation - Ciprian LUCACI 23
94 Evaluation - Resilience Step 3: Simplify traces Software Protection via Obfuscation - Ciprian LUCACI 23
95 Evaluation - Resilience Step 3: Simplify traces Software Protection via Obfuscation - Ciprian LUCACI 23
96 Evaluation - Resilience Step 4: Compare traces
97 Evaluation - Resilience Step 4: Compare traces Levenshtein distance (edit distance) Character = generic instruction, e.g. load, store, method call Compare: original simplified trace with obfuscated simplified trace
98 Evaluation - Resilience Step 4: Compare traces Levenshtein distance (edit distance) Character = generic instruction, e.g. load, store, method call Compare: original simplified trace with obfuscated simplified trace Different obfuscation settings Max number of operands Max number of invocations
99 Distance Evaluation - Resilience Distance / Iterations / Max # Invocations Maximum # Invocations Loop Iterations 1 invocation 2 invocations 3 invocations 4 invocations 5 invocations Maximum 4 Operands Software Protection via Obfuscation - Ciprian LUCACI 25
100 Evaluation - Resilience Resilience to Settings correlation More Aggressive Refactorization
101 Evaluation - Cost Runtime overhead How much overhead is added? Software Protection via Obfuscation - Ciprian LUCACI 27
102 Evaluation - Cost How much overhead is added? Runtime overhead Quick Sort: Iterative and Recursive Binary Search: Iterative and Recursive GitHub Opensource Project: ResourceLib Jungheinrich Components: Startup time Software Protection via Obfuscation - Ciprian LUCACI 27
103 Evaluation - Cost Runtime overhead Quick Sort: Iterative and Recursive Binary Search: Iterative and Recursive GitHub Opensource Project: ResourceLib Jungheinrich Components: Startup time Size Managed code assembly on the disk How much overhead is added? Software Protection via Obfuscation - Ciprian LUCACI 27
104 Evaluation - Cost Binary Search runtime performance elements Software Protection via Obfuscation - Ciprian LUCACI 28
105 Evaluation - Cost Binary Search runtime performance Binary Search iterative - slowdown trend Binary Search recursive - slowdown trend Software Protection via Obfuscation - Ciprian LUCACI 29
106 Evaluation - Cost Open Source Project: ResourceLib C# File Resource Management Library 46 unit tests 8 obfuscated methods in 4 different classes out of >100 methods, >40 classes >1300 calls to obfuscated methods 25 times evaluated runtime performance Software Protection via Obfuscation - Ciprian LUCACI 30
107 Evaluation - Cost Jungheinrich Components: Startup time Software Protection via Obfuscation - Ciprian LUCACI 31
108 Evaluation - Cost Jungheinrich Components: Startup time Logging Component 4 methods obfuscated Software Protection via Obfuscation - Ciprian LUCACI 31
109 Evaluation - Cost Size Software Protection via Obfuscation - Ciprian LUCACI 32
110 Evaluation - Cost Size Software Protection via Obfuscation - Ciprian LUCACI 32
111 Evaluation - Cost Size Software Protection via Obfuscation - Ciprian LUCACI 32
112 Evaluation - Stealth How well does obfuscated code blend in the original code? Software Protection via Obfuscation - Ciprian LUCACI 33
113 Evaluation - Stealth How well does obfuscated code blend in the original code? Method Signatures maintained No broken dependencies Software Protection via Obfuscation - Ciprian LUCACI 33
114 Evaluation - Stealth How well does obfuscated code blend in the original code? Method Signatures maintained No broken dependencies Side effects maintained Fields Lambda expressions Software Protection via Obfuscation - Ciprian LUCACI 33
115 Evaluation - Stealth How well does obfuscated code blend in the original code? Method Signatures maintained No broken dependencies Side effects maintained Fields Lambda expressions Annotations for non-intrusive tagging Use annotations to mark which methods to obfuscate Software Protection via Obfuscation - Ciprian LUCACI 33
116 Conclusion To Obfuscate or Not To Obfuscate Software Protection via Obfuscation - Ciprian LUCACI 34
117 Conclusion To Obfuscate or Not To Obfuscate Software Protection there is NO silver bullet!!! always consider the ENTIRE system use OWASP testing guide consider concurrency issues Software Protection via Obfuscation - Ciprian LUCACI 34
118 Conclusion To Obfuscate or Not To Obfuscate Software Protection there is NO silver bullet!!! always consider the ENTIRE system use OWASP testing guide consider concurrency issues Evaluation do you really need to obfuscate everything? consider worst case scenario use potency, resilience, cost, and stealth as criteria Software Protection via Obfuscation - Ciprian LUCACI 34
119 Conclusion To Obfuscate or Not To Obfuscate Software Protection there is NO silver bullet!!! always consider the ENTIRE system use OWASP testing guide consider concurrency issues Evaluation do you really need to obfuscate everything? consider worst case scenario use potency, resilience, cost, and stealth as criteria Reverse Engineering reconstruct source code from simplified traces think as the other side Software Protection via Obfuscation - Ciprian LUCACI 34
120 Conclusion To Obfuscate or Not To Obfuscate Software Protection there is NO silver bullet!!! always consider the ENTIRE system use OWASP testing guide consider concurrency issues Evaluation do you really need to obfuscate everything? consider worst case scenario use potency, resilience, cost, and stealth as criteria Little protection is always better than no protection Reverse Engineering reconstruct source code from simplified traces think as the other side Software Protection via Obfuscation - Ciprian LUCACI 34
121 Thank you for your attention! Any questions? References [Rolles2009] Unpacking Virtualization Obfuscators [Sharif2009] Automatic Reverse Engineering of Malware Emulators [Coogan2011] Deobfuscation of Virtualization-Obfuscated Software [Kinder2012] Towards Static Analysis of Virtualization-Obfuscated Binaries [Yadegari2015] A Generic Approach to Automatic Deobfuscation of Executable Code [Cazalas2014] Probing the Limits of Virtualized Software Protection [Anckaert2006] Proteus: Virtualization for Diversified Tamper-Resistance [Cohen1993] Operating system protection through program evolution [Collberg1998] Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs Microsoft Roslyn Project: Software Protection via Obfuscation - Ciprian LUCACI 35
VOT4CS: A Virtualization Obfuscation Tool for C#
VOT4CS: A Virtualization Obfuscation Tool for C# Sebastian Banescu, Ciprian Lucaci, Benjamin Kraemer, Alexander Pretschner Technical University of Munich, Germany 2 nd International Workshop on Software
More informationIndustrial Approach: Obfuscating Transformations
Industrial Approach: Obfuscating Transformations Yury Lifshits Steklov Institute of Mathematics, St.Petersburg, Russia yura@logic.pdmi.ras.ru Tartu University 17/03/2006 Yury Lifshits (Steklov Inst. of
More informationPredicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning
Fakultät für Informatik Technische Universität München 26th USENIX Security Symposium Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning Sebastian Banescu
More informationObfuscating Transformations. What is Obfuscator? Obfuscation Library. Obfuscation vs. Deobfuscation. Summary
? Obfuscating Outline? 1? 2 of Obfuscating 3 Motivation: Java Virtual Machine? difference between Java and others? Most programming languages: Java: Source Code Machine Code Predefined Architecture Java
More informationEfficient Data Structures for Tamper-Evident Logging
Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances
More informationPLT Course Project Demo Spring Chih- Fan Chen Theofilos Petsios Marios Pomonis Adrian Tang
PLT Course Project Demo Spring 2013 Chih- Fan Chen Theofilos Petsios Marios Pomonis Adrian Tang 1. Introduction To Code Obfuscation 2. LLVM 3. Obfuscation Techniques 1. String Transformation 2. Junk Code
More informationIntellectual Property Protection using Obfuscation
Intellectual Property Protection using Obfuscation Stephen Drape Collaboration between Siemens AG, Munich and the University of Oxford Research Project sponsored by Siemens AG, Munich March 2009 Contents
More informationUsing Exception Handling to Build Opaque Predicates in Intermediate Code Obfuscation Techniques
Using Exception Handling to Build Opaque Predicates in Intermediate Code Obfuscation Techniques Daniel Dolz Gerardo Parra Grupo de Investigación en Robótica Inteligente Departamento de Ciencias de la Computación
More informationMaster Thesis 60 credits
UNIVERSITY OF OSLO Department of informatics Analysis of Obfuscated CIL code Master Thesis 60 credits Linn Marie Frydenberg 1st August 2006 - 1 - Preface This master thesis is the result of one year s
More informationFormal verification of program obfuscations
Formal verification of program obfuscations Sandrine Blazy joint work with Roberto Giacobazzi and Alix Trieu IFIP WG 2.11, 2015-11-10 1 Background: verifying a compiler Compiler + proof that the compiler
More informationSoftware Protection with Obfuscation and Encryption
Software Protection with Obfuscation and Encryption Vivek Balachandran, Sabu Emmanuel Nanyang Technological University, Singapore Abstract. Software code released to the user has the risk of reverse engineering
More informationImplementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture *
Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture * Seongje Cho 1, Hyeyoung Chang 1, and Yookun Cho 2 1 Dept. of Computer Science & Engineering, Dankook
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationA methodology for Assessing JavaScript Software Protections. Pedro Fortuna
A methodology for Assessing JavaScript Software Protections About me Co-Founder & CTO @ JSCRAMBLER OWASP Member SECURITY, JAVASCRIPT @pedrofortuna 2 Agenda 1 What is Code Protection? 4 Testing Resilience
More informationLecture 14. System Integrity Services Obfuscation
Lecture 14 System Integrity Services Obfuscation OS independent integrity checking Observation Majority of critical server vulnerabilities are memory based Modern anti-virus software must scan memory Modern
More informationdroidcon Greece Thessaloniki September 2015
droidcon Greece Thessaloniki 10-12 September 2015 Reverse Engineering in Android Countermeasures and Tools $ whoami > Dario Incalza (@h4oxer) > Application Security Engineering Analyst > Android Developer
More informationThe Rise and Fall of
The Rise and Fall of AMSI @Tal_Liberman About me @Tal_Liberman Research & Reverse Engineering Founder @ Polarium Previously Head of Research Team @ ensilo #ProcessDoppelgänging #AtomBombing Overview Introduction
More informationA Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory
A Bytecode Interpreter for Secure Program Execution in Untrusted Main Memory Maximilian Seitzer, Michael Gruhn, Tilo Müller Friedrich Alexander Universität Erlangen-Nürnberg https://www1.cs.fau.de Introduction
More informationRemote Entrusting by Orthogonal Client Replacement. Ceccato Mariano 1, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella 1.
Remote Entrusting by Orthogonal Client Replacement Ceccato Mariano, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University
More informationMobileFindr: Function Similarity Identification for Reversing Mobile Binaries. Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li
MobileFindr: Function Similarity Identification for Reversing Mobile Binaries Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li Reverse Engineering The process of taking a software program s binary
More informationWhy do we need an interpreter? SICP Interpretation part 1. Role of each part of the interpreter. 1. Arithmetic calculator.
.00 SICP Interpretation part Parts of an interpreter Arithmetic calculator Names Conditionals and if Store procedures in the environment Environment as explicit parameter Defining new procedures Why do
More informationSoftware Protection with Obfuscation and Encryption
Software Protection with Obfuscation and Encryption Vivek Balachandran 1, Sabu Emmanuel 2 School of Computer Engineering Nanyang Technological University, Singapore 1 vivek2@e.ntu.edu.sg 2 asemmanuel@ntu.edu.sg
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationAnalysis of Java Code Protector
Analysis of Java Code Protector September 2005 December 2005 Submitted to Lockheed Martin Co. Principal Investigators Students Advisors Sean McGinnis ECE Dr. Gina Tang Matthew Sargent ECE Dr. Ravi Ramachandran
More informationDetecting Self-Mutating Malware Using Control-Flow Graph Matching
Detecting Self-Mutating Malware Using Control-Flow Graph Matching Danilo Bruschi Lorenzo Martignoni Mattia Monga Dipartimento di Informatica e Comunicazione Università degli Studi di Milano {bruschi,martign,monga}@dico.unimi.it
More informationProtecting binaries. Andrew Griffiths
Protecting binaries Andrew Griffiths andrewg@felinemenace.org Introduction This presentation is meant to be useful for people of all skill levels. Hopefully everyone will get something out of this presentation.
More informationAre Your Mobile Apps Well Protected? Daniel Xiapu Luo Department of Computing The Hong Kong Polytechnic Unviersity
Are Your Mobile Apps Well Protected? Daniel Xiapu Luo csxluo@comp.polyu.edu.hk Department of Computing The Hong Kong Polytechnic Unviersity 1 What if your mobile app is reverse-engineered by others? Core
More informationUnboxing the whitebox. Jasper van CTO Riscure North America ICMC 16
Unboxing the whitebox Jasper van Woudenberg @jzvw CTO Riscure North America ICMC 16 Riscure Certification Pay TV, EMVco, smart meter, CC Evaluation & consultancy Mobile (TEE/HCE/WBC) Secure architecture
More informationRUHR-UNIVERSITÄT BOCHUM. Probfuscation: An Obfuscation Approach using Probabilistic Control Flows
RUHR-UNIVERSITÄT BOCHUM Horst Görtz Institute for IT Security Technical Report TR-HGI-2016-002 Probfuscation: An Obfuscation Approach using Probabilistic Control Flows Andre Pawlowski, Moritz Contag, Thorsten
More informationForeword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1
Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network
More informationProtecting Against Unexpected System Calls
Protecting Against Unexpected System Calls C. M. Linn, M. Rajagopalan, S. Baker, C. Collberg, S. K. Debray, J. H. Hartman Department of Computer Science University of Arizona Presented By: Mohamed Hassan
More informationProbfuscation: An Obfuscation Approach using Probabilistic Control Flows
Probfuscation: An Obfuscation Approach using Probabilistic Control Flows Andre Pawlowski, Moritz Contag, and Thorsten Holz Horst Görtz Institute (HGI), Ruhr-University Bochum, Germany Abstract. Sensitive
More informationSOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications
Enabling and Securing Digital Business in Economy Protect s Serving Business Critical Applications 40 percent of the world s web applications will use an interface Most enterprises today rely on customers
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by behavior-based threat detection and intelligent automation.
More informationSuggesting Potency Measures for Obfuscated Arrays and Usage of Source Code Obfuscators for Intellectual Property Protection of Java Products
2011 International Conference on Information and Network Technology IPCSIT vol.4 (2011) (2011) IACSIT Press, Singapore Suggesting Potency Measures for Obfuscated Arrays and Usage of Source Code Obfuscators
More informationInstructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3 6 players. Play starts with the 3 of Tampering. Play
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 7: Tamperproofing II Minsk, Belarus, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 7: Tamperproofing II Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg c
More informationThe Android security jungle: pitfalls, threats and survival tips. Scott
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Google s protection Threats Risks Survival Network Data protection (encryption) App/device
More informationEmbedded/Connected Device Secure Coding. 4-Day Course Syllabus
Embedded/Connected Device Secure Coding 4-Day Course Syllabus Embedded/Connected Device Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationRemote Entrusting by Orthogonal Client Replacement
Remote Entrusting by Orthogonal Client Replacement Mariano Ceccato 1, Mila Dalla Preda 2, Anirban Majumdar 3, Paolo Tonella 1 1 Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University
More informationChallenge #7 Solution
Challenge #7 Solution by Matt Graeber YUSoMeta.exe is an obfuscated.net executable that claims to be 100% tamper proof. The goal of this challenge is to provide the correct password in the hopes of revealing
More informationIntroduction to Scientific Computing
Introduction to Scientific Computing Dr Hanno Rein Last updated: October 12, 2018 1 Computers A computer is a machine which can perform a set of calculations. The purpose of this course is to give you
More informationThe Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez
The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony
More informationSurveying the Physical Landscape
Surveying the Physical Landscape UL and the UL logo are trademarks of UL LLC 2017 What do we mean by physical security? Some might think about this Or this Or For this presentation, we mean protection
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationHonours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui
Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing
More informationMobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency
Mobilizing the Micro-Ops: Exploiting Context Sensitive Decoding for Security and Energy Efficiency Mohammadkazem Taram, Ashish Venkat, Dean Tullsen University of California, San Diego The Tension between
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More informationARIZONA CTE CAREER PREPARATION STANDARDS & MEASUREMENT CRITERIA SOFTWARE DEVELOPMENT,
SOFTWARE DEVELOPMENT, 15.1200.4 STANDARD 1.0 APPLY PROBLEM-SOLVING AND CRITICAL THINKING SKILLS TO INFORMATION 1.1 Describe methods of establishing priorities 1.2 Prepare a plan of work and schedule information
More informationBEAMJIT, a Maze of Twisty Little Traces
BEAMJIT, a Maze of Twisty Little Traces A walk-through of the prototype just-in-time (JIT) compiler for Erlang. Frej Drejhammar 130613 Who am I? Senior researcher at the Swedish Institute
More informationBachelor Level/ First Year/ Second Semester/ Science Full Marks: 60 Computer Science and Information Technology (CSc. 154) Pass Marks: 24
Prepared By ASCOL CSIT 2070 Batch Institute of Science and Technology 2065 Bachelor Level/ First Year/ Second Semester/ Science Full Marks: 60 Computer Science and Information Technology (CSc. 154) Pass
More informationRuntime Integrity Checking for Exploit Mitigation on Embedded Devices
Runtime Integrity Checking for Exploit Mitigation on Embedded Devices Matthias Neugschwandtner IBM Research, Zurich eug@zurich.ibm.com Collin Mulliner Northeastern University, Boston collin@mulliner.org
More information9/21/17. Outline. Expression Evaluation and Control Flow. Arithmetic Expressions. Operators. Operators. Notation & Placement
Outline Expression Evaluation and Control Flow In Text: Chapter 6 Notation Operator evaluation order Operand evaluation order Overloaded operators Type conversions Short-circuit evaluation of conditions
More informationTechnical Analysis of Established Blockchain Systems
Technical Analysis of Established Blockchain Systems Florian Haffke, 20.11.2017, Munich Chair of Software Engineering for Business Information Systems (sebis) Faculty of Informatics Technische Universität
More informationOperators. Lecture 12 Section Robb T. Koether. Hampden-Sydney College. Fri, Feb 9, 2018
Operators Lecture 12 Section 14.5 Robb T. Koether Hampden-Sydney College Fri, Feb 9, 2018 Robb T. Koether (Hampden-Sydney College) Operators Fri, Feb 9, 2018 1 / 21 Outline 1 Operators as Functions 2 Operator
More informationTale of a mobile application ruining the security of global solution because of a broken API design. SIGS Geneva 21/09/2016 Jérémy MATOS
Tale of a mobile application ruining the security of global solution because of a broken API design SIGS Geneva 21/09/2016 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationMitigating Security Breaches in Retail Applications WHITE PAPER
Mitigating Security Breaches in Retail Applications WHITE PAPER Executive Summary Retail security breaches have always been a concern in the past, present and will continue to be in the future. They have
More informationPhosphor: Illuminating Dynamic. Data Flow in Commodity JVMs
Phosphor: Illuminating Dynamic Fork me on Github Data Flow in Commodity JVMs Jonathan Bell and Gail Kaiser Columbia University, New York, NY USA Dynamic Data Flow Analysis: Taint Tracking Output that is
More informationAbout Codefrux While the current trends around the world are based on the internet, mobile and its applications, we try to make the most out of it. As for us, we are a well established IT professionals
More informationTribhuvan University Institute of Science and Technology Computer Science and Information Technology (CSC. 154) Section A Attempt any Two questions:
Tribhuvan University 2065 Bachelor Level/ First Year/ Second Semester/ Science Full Marks: 60 Computer Science and Information Technology (CSC. 154) Pass Marks: 24 (Data Structure and Algorithm) Time:
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationOutline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
More informationAutomated static deobfuscation in the context of Reverse Engineering
Automated static deobfuscation in the context of Reverse Engineering Sebastian Porst (sebastian.porst@zynamics.com) Christian Ketterer (cketti@gmail.com) Sebastian zynamics GmbH Lead Developer BinNavi
More informationFixed-Point Math and Other Optimizations
Fixed-Point Math and Other Optimizations Embedded Systems 8-1 Fixed Point Math Why and How Floating point is too slow and integers truncate the data Floating point subroutines: slower than native, overhead
More informationOutline. Performing Computations. Outline (cont) Expressions in C. Some Expression Formats. Types for Operands
Performing Computations C provides operators that can be applied to calculate expressions: tax is 8.5% of the total sale expression: tax = 0.085 * totalsale Need to specify what operations are legal, how
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationOS Security IV: Virtualization and Trusted Computing
1 OS Security IV: Virtualization and Trusted Computing Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 More questions? 3 Virtual machine monitor +-----------+----------------+-------------+
More informationCode deobfuscation by optimization. Branko Spasojević
Code deobfuscation by optimization Branko Spasojević branko.spasojevic@infigo.hr Overview Why? Project goal? How? Disassembly Instruction semantics Optimizations Assembling Demo! Questions? Why? To name
More informationAndroid Obfuscation and Deobfuscation. Group 11
Android Obfuscation and Deobfuscation Group 11 Password Diary App Overview App - Raj Obfuscation Cam and Jack Deobfuscation Adi and Shon Overview - Concept A password manager that lets you decide whether
More informationReverse Engineering Malware Binary Obfuscation and Protection
Reverse Engineering Malware Binary Obfuscation and Protection Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Binary Obfuscation and Protection What is covered in this
More informationSystem-Level Failures in Security
System-Level Failures in Security Non linear offset component (ms) 0.0 0.5 1.0 1.5 2.0 Variable skew De noised Non linear offset Temperature 26.4 26.3 26.2 26.1 26.0 25.9 25.8 Temperature ( C) Fri 11:00
More informationMalicious Code Analysis II
Malicious Code Analysis II STRANGER: An Automata-based String Analysis Tool for PHP Mitchell Adair November 28 th, 2011 Outline 1 STRANGER 2 Outline 1 STRANGER 2 STRANGER Credit: [STRANGER: An Automata-based
More informationJava Internals. Frank Yellin Tim Lindholm JavaSoft
Java Internals Frank Yellin Tim Lindholm JavaSoft About This Talk The JavaSoft implementation of the Java Virtual Machine (JDK 1.0.2) Some companies have tweaked our implementation Alternative implementations
More informationInline Reference Monitoring Techniques
Inline Reference Monitoring Techniques In the last lecture, we started talking about Inline Reference Monitors. The idea is that the policy enforcement code runs with the same address space as the code
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationBreaking and Securing Mobile Apps
Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationVideo Game Security. Carter Jones
Video Game Security Carter Jones Overview Industry overview Risks Business Technical Attack & Defense Thick client Network Industry comparisons Conclusion whoami Senior security consultant @ Cigital Previously
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More informationBackground. How it works. Parsing. Virtual Deobfuscator
Background The Virtual Deobfuscator was developed as part of the DARPA Cyber Fast Track program. The goal was to create a tool that could remove virtual machine (VM) based protections from malware. We
More informationA novel runtime technique for identifying malicious applications
HUNTING ANDROID MALWARE A novel runtime technique for identifying malicious applications WHOAMI @brompwnie THANK YOU SensePost Heroku OUTLINE The... Problem Question Idea PoC Results Conclusion THE PROBLEM
More informationMetadata Recovery From Obfuscated Programs Using Machine Learning
Metadata Recovery From Obfuscated Programs Using Machine Learning ABSTRACT Aleieldin Salem Technische Universität München Boltzmannstr. 3 85748 Garching bei München, Germany salem@cs.tum.edu Obfuscation
More informationRetDec: An Open-Source Machine-Code Decompiler. Jakub Křoustek Peter Matula
RetDec: An Open-Source Machine-Code Decompiler Jakub Křoustek Peter Matula Who Are We? 2 Jakub Křoustek Founder of RetDec Threat Labs lead @Avast (previously @AVG) Reverse engineer, malware hunter, security
More informationContents. Figures. Tables. Examples. Foreword. Preface. 1 Basics of Java Programming 1. xix. xxi. xxiii. xxvii. xxix
PGJC4_JSE8_OCA.book Page ix Monday, June 20, 2016 2:31 PM Contents Figures Tables Examples Foreword Preface xix xxi xxiii xxvii xxix 1 Basics of Java Programming 1 1.1 Introduction 2 1.2 Classes 2 Declaring
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 4: Code Obfuscation Minsk, Belarus, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 4: Code Obfuscation Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg c June
More informationThe Impact of Third-party Code on Android App Security. Erik Derr
The Impact of Third-party Code on Android App Security Erik Derr Third-party Code A Double-edged Sword Eases software development Code re-use Faster development, less costs Increases apps attack surface
More informationRANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise
RANSOMWARE PROTECTION A Best Practices Approach to Securing Your Enterprise TABLE OF CONTENTS Introduction...3 What is Ransomware?...4 Employee Education...5 Vulnerability Patch Management...6 System Backups...7
More informationISA 2 R: Improving Software Attack and Analysis Resilience via Compiler-level Software Diversity
ISA 2 R: Improving Software Attack and Analysis Resilience via Compiler-level Software Diversity Rafael Fedler, Sebastian Banescu, and Alexander Pretschner Technische Universität München, Boltzmannstr.
More informationBINARY-LEVEL SECURITY: SEMANTIC ANALYSIS TO THE RESCUE
BINARY-LEVEL SECURITY: SEMANTIC ANALYSIS TO THE RESCUE Sébastien Bardin (CEA LIST) Joint work with Richard Bonichon, Robin David, Adel Djoudi & many other people 1 ABOUT MY LAB @CEA 2 IN A NUTSHELL Binary-level
More informationS.E. (Computer) (First Semester) EXAMINATION, 2011 DATA STRUCTURES AND ALGORITHM (2008 PATTERN) Time : Three Hours Maximum Marks : 100
Total No. of Questions 12] [Total No. of Printed Pages 7 [4062]-204 S.E. (Computer) (First Semester) EXAMINATION, 2011 DATA STRUCTURES AND ALGORITHM (2008 PATTERN) Time : Three Hours Maximum Marks : 100
More informationModule: Return-oriented Programming. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Return-oriented Programming Professor Trent Jaeger 1 Anatomy of Control-Flow Exploits 2 Anatomy of Control-Flow Exploits Two steps in control-flow
More informationCodeHS: Arkansas Standards Alignment
The table below outlines the standards put forth in the Arkansas Essentials of Computer Programming course, and how CodeHS Introduction to Computer Science curriculum maps to those standards. Strand: Computational
More informationTable 1 lists the projects and teams. If you want to, you can switch teams with other students.
University of Arizona, Department of Computer Science CSc 620 Assignment 3 40% Christian Collberg August 27, 2008 1 Introduction This is your main project for the class. The project is worth 40% of your
More informationMain idea. Demonstrate how malware can increase its robustness against detection by taking advantage of the ubiquitous Graphics Processing Unit (GPU)
-Assisted Malware Giorgos Vasiliadis Michalis Polychronakis Sotiris Ioannidis ICS-FORTH, Greece Columbia University, USA ICS-FORTH, Greece Main idea Demonstrate how malware can increase its robustness
More informationCourse Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture
About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would
More informationBig and Bright - Security
Big and Bright - Security Big and Bright Security Embedded Tech Trends 2018 Does this mean: Everything is Big and Bright our security is 100% effective? or There are Big security concerns but Bright solutions?
More informationTHE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY
THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY DATA CENTER WEB APPS NEED MORE THAN IP-BASED DEFENSES AND NEXT-GENERATION FIREWALLS table of contents.... 2.... 4.... 5 A TechTarget White Paper Does
More informationAPPLICATION OF WATERMARKING TO SOFTWARE PIRACY
APPLICATION OF WATERMARKING TO SOFTWARE PIRACY Ekene Frank Ozioko Department of Computer and Information Science, Enugu State University of Science and Technology, Enugu.(ekene.ozioko@esut.edu.ng) ABSTRACT
More information