On Preventing Symbolic Execution Attacks by Low Cost Obfuscation

Toshiki Seto; Akito Monden; Zeynep Yucel; Yuichiro Kanzaki

doi:10.1109/SNPD.2019.8935642

On Preventing Symbolic Execution Attacks by Low Cost Obfuscation

Toshiki Seto, Akito Monden, Zeynep Yucel, Yuichiro Kanzaki

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

While various software obfuscation techniques have been proposed to protect software, new types of threats keep emerging such as the symbolic execution attacks. Such attacks automatically analyze programs and are not accounted for by many of the existing obfuscation methods. Nevertheless, several methods against symbolic execution attacks exist such as linear obfuscation methods relying on Collatz conjuncture or obfuscation methods based on one-way hash functions. However, these methods bear several issues. Namely, linear obfuscation is weak against manual analysis due to its deterministic output. On the other hand, SHA-1 requires significant computational cost; and thus, it can be applied to only a limited number of targets. Therefore, in this research, we propose to employ a combination of several computationally cheap (arithmetic) obfuscating operations for preventing symbolic execution attacks. Through an experiment using angr and KLEE as symbolic execution tools, we demonstrate that obfuscation operation using array reference, bit rotation and XOR effectively prevents symbolic execution attacks at a low computational cost.

Original language	English
Title of host publication	Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019
Editors	Masahide Nakamura, Hiroaki Hirata, Takayuki Ito, Takanobu Otsuka, Shun Okuhara
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	495-500
Number of pages	6
ISBN (Electronic)	9781728116518
DOIs	https://doi.org/10.1109/SNPD.2019.8935642
Publication status	Published - Jul 2019
Externally published	Yes
Event	20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019 - Toyama, Japan Duration: Jul 8 2019 → Jul 11 2019

Publication series

Name	Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019

Conference

Conference	20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019
Country	Japan
City	Toyama
Period	7/8/19 → 7/11/19

Keywords

program analysis
security
software protection

ASJC Scopus subject areas

Artificial Intelligence
Computer Networks and Communications
Computer Vision and Pattern Recognition
Hardware and Architecture
Software
Information Systems and Management

Access to Document

10.1109/SNPD.2019.8935642

Fingerprint Dive into the research topics of 'On Preventing Symbolic Execution Attacks by Low Cost Obfuscation'. Together they form a unique fingerprint.

Cite this

Seto, T., Monden, A., Yucel, Z., & Kanzaki, Y. (2019). On Preventing Symbolic Execution Attacks by Low Cost Obfuscation. In M. Nakamura, H. Hirata, T. Ito, T. Otsuka, & S. Okuhara (Eds.), Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019 (pp. 495-500). [8935642] (Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SNPD.2019.8935642

On Preventing Symbolic Execution Attacks by Low Cost Obfuscation. / Seto, Toshiki; Monden, Akito ; Yucel, Zeynep; Kanzaki, Yuichiro.

Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019. ed. / Masahide Nakamura; Hiroaki Hirata; Takayuki Ito; Takanobu Otsuka; Shun Okuhara. Institute of Electrical and Electronics Engineers Inc., 2019. p. 495-500 8935642 (Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Seto, T, Monden, A , Yucel, Z & Kanzaki, Y 2019, On Preventing Symbolic Execution Attacks by Low Cost Obfuscation. in M Nakamura, H Hirata, T Ito, T Otsuka & S Okuhara (eds), Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019., 8935642, Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019, Institute of Electrical and Electronics Engineers Inc., pp. 495-500, 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019, Toyama, Japan, 7/8/19. https://doi.org/10.1109/SNPD.2019.8935642

Seto T, Monden A , Yucel Z, Kanzaki Y. On Preventing Symbolic Execution Attacks by Low Cost Obfuscation. In Nakamura M, Hirata H, Ito T, Otsuka T, Okuhara S, editors, Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 495-500. 8935642. (Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019). https://doi.org/10.1109/SNPD.2019.8935642

Seto, Toshiki ; Monden, Akito ; Yucel, Zeynep ; Kanzaki, Yuichiro. / On Preventing Symbolic Execution Attacks by Low Cost Obfuscation. Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019. editor / Masahide Nakamura ; Hiroaki Hirata ; Takayuki Ito ; Takanobu Otsuka ; Shun Okuhara. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 495-500 (Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019).

@inproceedings{734ae6bf9155438bb44f0647c7d86055,

title = "On Preventing Symbolic Execution Attacks by Low Cost Obfuscation",

abstract = "While various software obfuscation techniques have been proposed to protect software, new types of threats keep emerging such as the symbolic execution attacks. Such attacks automatically analyze programs and are not accounted for by many of the existing obfuscation methods. Nevertheless, several methods against symbolic execution attacks exist such as linear obfuscation methods relying on Collatz conjuncture or obfuscation methods based on one-way hash functions. However, these methods bear several issues. Namely, linear obfuscation is weak against manual analysis due to its deterministic output. On the other hand, SHA-1 requires significant computational cost; and thus, it can be applied to only a limited number of targets. Therefore, in this research, we propose to employ a combination of several computationally cheap (arithmetic) obfuscating operations for preventing symbolic execution attacks. Through an experiment using angr and KLEE as symbolic execution tools, we demonstrate that obfuscation operation using array reference, bit rotation and XOR effectively prevents symbolic execution attacks at a low computational cost.",

keywords = "program analysis, security, software protection",

author = "Toshiki Seto and Akito Monden and Zeynep Yucel and Yuichiro Kanzaki",

year = "2019",

month = jul,

doi = "10.1109/SNPD.2019.8935642",

language = "English",

series = "Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "495--500",

editor = "Masahide Nakamura and Hiroaki Hirata and Takayuki Ito and Takanobu Otsuka and Shun Okuhara",

booktitle = "Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019",

note = "20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019 ; Conference date: 08-07-2019 Through 11-07-2019",

}

TY - GEN

T1 - On Preventing Symbolic Execution Attacks by Low Cost Obfuscation

AU - Seto, Toshiki

AU - Monden, Akito

AU - Yucel, Zeynep

AU - Kanzaki, Yuichiro

PY - 2019/7

Y1 - 2019/7

N2 - While various software obfuscation techniques have been proposed to protect software, new types of threats keep emerging such as the symbolic execution attacks. Such attacks automatically analyze programs and are not accounted for by many of the existing obfuscation methods. Nevertheless, several methods against symbolic execution attacks exist such as linear obfuscation methods relying on Collatz conjuncture or obfuscation methods based on one-way hash functions. However, these methods bear several issues. Namely, linear obfuscation is weak against manual analysis due to its deterministic output. On the other hand, SHA-1 requires significant computational cost; and thus, it can be applied to only a limited number of targets. Therefore, in this research, we propose to employ a combination of several computationally cheap (arithmetic) obfuscating operations for preventing symbolic execution attacks. Through an experiment using angr and KLEE as symbolic execution tools, we demonstrate that obfuscation operation using array reference, bit rotation and XOR effectively prevents symbolic execution attacks at a low computational cost.

AB - While various software obfuscation techniques have been proposed to protect software, new types of threats keep emerging such as the symbolic execution attacks. Such attacks automatically analyze programs and are not accounted for by many of the existing obfuscation methods. Nevertheless, several methods against symbolic execution attacks exist such as linear obfuscation methods relying on Collatz conjuncture or obfuscation methods based on one-way hash functions. However, these methods bear several issues. Namely, linear obfuscation is weak against manual analysis due to its deterministic output. On the other hand, SHA-1 requires significant computational cost; and thus, it can be applied to only a limited number of targets. Therefore, in this research, we propose to employ a combination of several computationally cheap (arithmetic) obfuscating operations for preventing symbolic execution attacks. Through an experiment using angr and KLEE as symbolic execution tools, we demonstrate that obfuscation operation using array reference, bit rotation and XOR effectively prevents symbolic execution attacks at a low computational cost.

KW - program analysis

KW - security

KW - software protection

UR - http://www.scopus.com/inward/record.url?scp=85077954565&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85077954565&partnerID=8YFLogxK

U2 - 10.1109/SNPD.2019.8935642

DO - 10.1109/SNPD.2019.8935642

M3 - Conference contribution

AN - SCOPUS:85077954565

T3 - Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019

SP - 495

EP - 500

BT - Proceedings - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019

A2 - Nakamura, Masahide

A2 - Hirata, Hiroaki

A2 - Ito, Takayuki

A2 - Otsuka, Takanobu

A2 - Okuhara, Shun

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 20th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, SNPD 2019

Y2 - 8 July 2019 through 11 July 2019

ER -