research-article

VOT4CS: A Virtualization Obfuscation Tool for C#

Authors:

Sebastian Banescu,

Ciprian Lucaci,

Benjamin Krämer,

Alexander PretschnerAuthors Info & Claims

SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

Pages 39 - 49

https://doi.org/10.1145/2995306.2995312

Published: 28 October 2016 Publication History

Abstract

Software protection is a difficult task especially for managed code, which executes only on a runtime environment such as C# or Java. Applications developed in such languages can be accurately decompiled, as opposed to x86 machine code. This facilitates reverse engineering attacks, with the goal of extracting proprietary algorithms. Due to the ease of distributing software copies across different jurisdictions, software developers cannot only rely on legal means for protection against reverse engineering attacks. Therefore, they have to employ technical means for software protection such as obfuscation. This paper presents an open source tool for virtualization obfuscation of programs written in the C# language, called VOT4CS. Our tool offers several possibilities for randomization that aim to confuse attacks based on pattern recognition. An evaluation of VOT4CS is performed based on several case-studies, which show the performance-security trade-off offered by the tool.

References

[1]

Agile.NET. Code Protection. http://secureteam.net/obfuscator.aspx. {Online; accessed 16-March-2015}.

[2]

B. Anckaert, M. Jakubowski, and R. Venkatesan. Proteus: Virtualization for Diversified Tamper-resistance. In Proceedings of the ACM Workshop on Digital Rights Management, DRM '06, pages 47--58, New York, NY, USA, 2006. ACM.

Digital Library

[3]

B. W. B. Yadegari, B. Johannesmeyer and S. Debray. A generic approach to automatic deobfuscation of executable code. In 2015 IEEE Symposium on Security and Privacy, pages 674--691, 2015.

Digital Library

[4]

S. Banescu, M. Ochoa, and A. Pretschner. A framework for measuring software obfuscation resilience against automated attacks. In Proceedings of the 1st International Workshop on Software Protection, SPRO '15, pages 45--51, Piscataway, NJ, USA, 2015. IEEE Press.

Digital Library

[5]

J. Cazalas, J. T. McDonald, T. R. Andel, and N. Stakhanova. Probing the limits of virtualized software protection. In Proceedings of the 4th Program Protection and Reverse Engineering Workshop, PPREW-4, pages 5:1--5:11, New York, NY, USA, 2014. ACM.

Digital Library

[6]

M. Ceccato, M. D. Penta, P. Falcarin, F. Ricca, M. Torchiano, and P. Tonella. A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques. Empirical Software Engineering, 19(4):1040--1074, Feb. 2013.

Digital Library

[7]

C. Collberg, I. Clark, and T. D. Low. D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In In: Proc. of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pages 184--196, 1998.

Digital Library

[8]

C. Collberg, C. Thomborson, and D. Low. A taxonomy of obfuscating transformations, 1997.

[9]

ConfuserEx. free, open-source protector for .NET applications. https://yck1509.github.io/ConfuserEx//. {Online; accessed 20-May-2015}.

[10]

K. Coogan, G. Lu, and S. Debray. Deobfuscation of virtualization-obfuscated software: A semantics-based approach. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pages 275--284, New York, NY, USA, 2011. ACM.

Digital Library

[11]

Crypto. Obfuscator For .Net. http://www.ssware.com/cryptoobfuscator/obfuscator-net.htm. {Online; accessed 20-May-2015}.

[12]

Dotfuscator. .NET Obfuscation. https://www.preemptive.com/products/dotfuscator/overview. {Online; accessed 20-May-2015}.

[13]

dotTrace. .NET Profiler. https://www.jetbrains.com/profiler/index.html. {Online; accessed 20-May-2015}.

[14]

Eazfuscator.NET. obfuscator and optimizer for .NET. http://www.gapotchenko.com/eazfuscator.net. {Online; accessed 16-March-2015}.

[15]

S. Forrest, A. Somayaji, and D. H. Ackley. Building diverse computer systems. In Operating Systems, 1997., The Sixth Workshop on Hot Topics in, pages 67--72. IEEE, 1997.

Digital Library

[16]

M. Gravell. Expression as a compiler. http://www.infoq.com/articles/expression-compiler. {Online; accessed 12-July-2015}.

[17]

ILSpy. open-source .NET assembly browser and decompiler. http://ilspy.net/. {Online; accessed 20-May-2015}.

[18]

JustDecompile. .NET assembly browser and decompiler. http://www.telerik.com/products/decompiler.aspx. {Online; accessed 20-May-2015}.

[19]

J. Kinder. Towards static analysis of virtualization-obfuscated binaries. In Proceedings of the 2012 19th Working Conference on Reverse Engineering, WCRE '12, pages 61--70, Washington, DC, USA, 2012. IEEE Computer Society.

Digital Library

[20]

T. László and A. Kiss. Obfuscating c+ programs via control flow flattening. In Annales Univ. Sci. Budapest., Sect. Comp. 30, pages 3--19, 2009.

[21]

C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: building customized program analysis tools with dynamic instrumentation. In ACM Sigplan Notices, volume 40, pages 190--200. ACM, 2005.

Digital Library

[22]

R. Rolles. Unpacking virtualization obfuscators. In Proceedings of the 3rd USENIX Conference on Offensive Technologies, WOOT'09, pages 1--1, Berkeley, CA, USA, 2009. USENIX Association.

Digital Library

[23]

Roslyn. The .NET Compiler Platform provides open-source C# and Visual Basic compilers with rich code analysis APIs. https://github.com/dotnet/roslyn. {Online; accessed 16-March-2015}.

[24]

M. Sharif, A. Lanzi, J. Giffin, and W. Lee. Automatic Reverse Engineering of Malware Emulators. In Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP '09, pages 94--109, Washington, DC, USA, 2009. IEEE Computer Society.

Digital Library

[25]

stackoverflow.com. Passing an explicit cast as a ref parameter (c#). http://stackoverflow.com/questions/2165892/passing-an-explicit-cast-as-a-ref-parameter-c. {Online; accessed 12-July-2015}.

[26]

Z. Su, B.-R. Ahn, K.-Y. Eom, M.-K. Kang, J.-P. Kim, and M.-K. Kim. Plagiarism detection using the levenshtein distance and smith-waterman algorithm. In Innovative Computing Information and Control, 2008. ICICIC '08. 3rd International Conference on, pages 569--569, June 2008.

Digital Library

[27]

W. Systems. Protection Suite - AxProtector - Automatic Protection. http://www.wibu.com/axprotector.html. {Online; accessed 05-December-2015}.

[28]

Tigress. The Tigress C Diversifier/Obfuscator. http://tigress.cs.arizona.edu. {Online; accessed 05-December-2015}.

Cited By

Ahmadvand MBelow DBanescu SPretschner AFalcarin PZunke M(2019)VirtSCProceedings of the 3rd ACM Workshop on Software Protection10.1145/3338503.3357723(53-63)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338503.3357723
Ben Yehuda RZaidenberg N(2019)Protection against reverse engineering in ARMInternational Journal of Information Security10.1007/s10207-019-00450-1Online publication date: 2-Jul-2019
https://doi.org/10.1007/s10207-019-00450-1
Cheng XLin YGao DJia C(2019)DynOpVm: VM-Based Software Obfuscation with Dynamic Opcode MappingApplied Cryptography and Network Security10.1007/978-3-030-21568-2_8(155-174)Online publication date: 29-May-2019
https://doi.org/10.1007/978-3-030-21568-2_8
Show More Cited By

Index Terms

VOT4CS: A Virtualization Obfuscation Tool for C#
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

Comparing the effectiveness of commercial obfuscators against MATE attacks
SSPREW '16: Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering

The ability to protect software from malicious reverse engineering remains a challenge faced by commercial software companies who invest a large amount of resources in the development of their software product. In order to protect their investment from ...
Probing the Limits of Virtualized Software Protection
PPREW-4: Proceedings of the 4th Program Protection and Reverse Engineering Workshop

Virtualization is becoming a prominent field of research not only in distributed systems, but also in software protection and obfuscation. Software virtualization has given rise to advanced techniques that may provide intellectual property protection ...
Hybrid static-dynamic attacks against software protection mechanisms
DRM '05: Proceedings of the 5th ACM workshop on Digital rights management

Advances in reverse engineering and program analyses have made software extremely vulnerable to malicious host attacks. These attacks typically take the form of intellectual property violations, against which the software needs to be protected. The ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

October 2016

100 pages

ISBN:9781450345767

DOI:10.1145/2995306

General Chair:
Brecht Wyseur
Nagravision S.A., Switzerland
,
Program Chair:
Bjorn De Sutter
Ghent University, Belgium

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 28, 2016

Vienna, Austria

Acceptance Rates

SPRO '16 Paper Acceptance Rate 8 of 14 submissions, 57%;

Overall Acceptance Rate 8 of 14 submissions, 57%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
240
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)1

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ahmadvand MBelow DBanescu SPretschner AFalcarin PZunke M(2019)VirtSCProceedings of the 3rd ACM Workshop on Software Protection10.1145/3338503.3357723(53-63)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338503.3357723
Ben Yehuda RZaidenberg N(2019)Protection against reverse engineering in ARMInternational Journal of Information Security10.1007/s10207-019-00450-1Online publication date: 2-Jul-2019
https://doi.org/10.1007/s10207-019-00450-1
Cheng XLin YGao DJia C(2019)DynOpVm: VM-Based Software Obfuscation with Dynamic Opcode MappingApplied Cryptography and Network Security10.1007/978-3-030-21568-2_8(155-174)Online publication date: 29-May-2019
https://doi.org/10.1007/978-3-030-21568-2_8
Tang ZLi MYe GCao SChen MGong XFang DWang Z(2018)VMGuards: A Novel Virtual Machine Based Code Protection System with VM Security as the First Class Design ConcernApplied Sciences10.3390/app80507718:5(771)Online publication date: 12-May-2018
https://doi.org/10.3390/app8050771
Xu DMing JFu YWu DLie DMannan MBackes MWang X(2018)VMHuntProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243827(442-458)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243827

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents