No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs

Naiqian Zhang; Daroc Alden; Dongpeng Xu; Shuai Wang; Trent Jaeger; Wheeler Ruml

doi:10.1109/DSN58367.2023.00039

No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs

Naiqian Zhang
, Daroc Alden
, Dongpeng Xu
, Shuai Wang
, Trent Jaeger
, Wheeler Ruml

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Obfuscation has been widely employed to protect software from the malicious reverse analysis. However, its security risks have not previously been studied in detail. For example, most obfuscation methods introduce large blocks of opaque code that are black boxes to normal users. In this paper, we show that, indeed, obfuscation can increase the attack risk. Existing gadget search tools, while able to find more gadgets in obfuscated code, do not succeed in assembling them into more exploits. However, these tools use strict pattern matching, greedy searching strategies, and only very simple gadgets. We develop Gadget-Planner, a more flexible approach to building code-reuse attacks that overcomes previous limitations via symbolic execution and automated planning. In a study across both benchmark and real-world programs, this approach finds many more exploit payloads on obfuscated programs, both in terms of number and diversity.

Original language	English (US)
Title of host publication	Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	313-326
Number of pages	14
ISBN (Electronic)	9798350347937
DOIs	https://doi.org/10.1109/DSN58367.2023.00039
State	Published - 2023
Event	53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 - Porto, Portugal Duration: Jun 27 2023 → Jun 30 2023

Publication series

Name	Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023

Conference

Conference	53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023
Country/Territory	Portugal
City	Porto
Period	6/27/23 → 6/30/23

All Science Journal Classification (ASJC) codes

Artificial Intelligence
Computer Networks and Communications
Software
Safety, Risk, Reliability and Quality

Access to Document

10.1109/DSN58367.2023.00039

Cite this

Zhang, N., Alden, D., Xu, D., Wang, S., Jaeger, T., & Ruml, W. (2023). No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs. In Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 (pp. 313-326). (Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN58367.2023.00039

Zhang, Naiqian ; Alden, Daroc ; Xu, Dongpeng et al. / No Free Lunch : On the Increased Code Reuse Attack Surface of Obfuscated Programs. Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023. Institute of Electrical and Electronics Engineers Inc., 2023. pp. 313-326 (Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023).

@inproceedings{772484118d924138a9370ccc34e8042f,

title = "No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs",

abstract = "Obfuscation has been widely employed to protect software from the malicious reverse analysis. However, its security risks have not previously been studied in detail. For example, most obfuscation methods introduce large blocks of opaque code that are black boxes to normal users. In this paper, we show that, indeed, obfuscation can increase the attack risk. Existing gadget search tools, while able to find more gadgets in obfuscated code, do not succeed in assembling them into more exploits. However, these tools use strict pattern matching, greedy searching strategies, and only very simple gadgets. We develop Gadget-Planner, a more flexible approach to building code-reuse attacks that overcomes previous limitations via symbolic execution and automated planning. In a study across both benchmark and real-world programs, this approach finds many more exploit payloads on obfuscated programs, both in terms of number and diversity.",

author = "Naiqian Zhang and Daroc Alden and Dongpeng Xu and Shuai Wang and Trent Jaeger and Wheeler Ruml",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 ; Conference date: 27-06-2023 Through 30-06-2023",

year = "2023",

doi = "10.1109/DSN58367.2023.00039",

language = "English (US)",

series = "Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "313--326",

booktitle = "Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023",

address = "United States",

}

Zhang, N, Alden, D, Xu, D, Wang, S, Jaeger, T & Ruml, W 2023, No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs. in Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023. Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023, Institute of Electrical and Electronics Engineers Inc., pp. 313-326, 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023, Porto, Portugal, 6/27/23. https://doi.org/10.1109/DSN58367.2023.00039

No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs. / Zhang, Naiqian; Alden, Daroc; Xu, Dongpeng et al.
Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023. Institute of Electrical and Electronics Engineers Inc., 2023. p. 313-326 (Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - No Free Lunch

T2 - 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023

AU - Zhang, Naiqian

AU - Alden, Daroc

AU - Xu, Dongpeng

AU - Wang, Shuai

AU - Jaeger, Trent

AU - Ruml, Wheeler

PY - 2023

Y1 - 2023

N2 - Obfuscation has been widely employed to protect software from the malicious reverse analysis. However, its security risks have not previously been studied in detail. For example, most obfuscation methods introduce large blocks of opaque code that are black boxes to normal users. In this paper, we show that, indeed, obfuscation can increase the attack risk. Existing gadget search tools, while able to find more gadgets in obfuscated code, do not succeed in assembling them into more exploits. However, these tools use strict pattern matching, greedy searching strategies, and only very simple gadgets. We develop Gadget-Planner, a more flexible approach to building code-reuse attacks that overcomes previous limitations via symbolic execution and automated planning. In a study across both benchmark and real-world programs, this approach finds many more exploit payloads on obfuscated programs, both in terms of number and diversity.

AB - Obfuscation has been widely employed to protect software from the malicious reverse analysis. However, its security risks have not previously been studied in detail. For example, most obfuscation methods introduce large blocks of opaque code that are black boxes to normal users. In this paper, we show that, indeed, obfuscation can increase the attack risk. Existing gadget search tools, while able to find more gadgets in obfuscated code, do not succeed in assembling them into more exploits. However, these tools use strict pattern matching, greedy searching strategies, and only very simple gadgets. We develop Gadget-Planner, a more flexible approach to building code-reuse attacks that overcomes previous limitations via symbolic execution and automated planning. In a study across both benchmark and real-world programs, this approach finds many more exploit payloads on obfuscated programs, both in terms of number and diversity.

UR - https://www.scopus.com/pages/publications/85168998730

UR - https://www.scopus.com/pages/publications/85168998730#tab=citedBy

U2 - 10.1109/DSN58367.2023.00039

DO - 10.1109/DSN58367.2023.00039

M3 - Conference contribution

AN - SCOPUS:85168998730

T3 - Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023

SP - 313

EP - 326

BT - Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 27 June 2023 through 30 June 2023

ER -

Zhang N, Alden D, Xu D, Wang S, Jaeger T, Ruml W. No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs. In Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023. Institute of Electrical and Electronics Engineers Inc. 2023. p. 313-326. (Proceedings - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023). doi: 10.1109/DSN58367.2023.00039

No Free Lunch: On the Increased Code Reuse Attack Surface of Obfuscated Programs

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this