English

Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation

Cryptography and Security 2021-08-12 v2 Software Engineering
Authors: Pietro Borrello , Emilio Coppa , Daniele Cono D'Elia
View on arXiv PDF DOI

Abstract

Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that are appealing also for program obfuscation. We explore the popular return-oriented programming paradigm under this light, transforming program functions into ROP chains that coexist seamlessly with the surrounding software stack. We show how to build chains that can withstand popular static and dynamic deobfuscation approaches, evaluating the robustness and overheads of the design over common programs. The results suggest a significant amount of computational resources would be required to carry a deobfuscation attack for secret finding and code coverage goals.

Keywords

side-channel attack programming languages

Cite

@article{arxiv.2012.06658,
  title  = {Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation},
  author = {Pietro Borrello and Emilio Coppa and Daniele Cono D'Elia},
  journal= {arXiv preprint arXiv:2012.06658},
  year   = {2021}
}

Comments

Published in the proceedings of DSN'21 (51st IEEE/IFIP Int. Conf. on Dependable Systems and Networks). Code and BibTeX entry available at https://github.com/pietroborrello/raindrop

Related papers

View all related →
Cryptography and Security · Computer Science
ROPfuscator: Robust Obfuscation with ROP
Giulio De Pasquale, Fukutomo Nakanishi, Daniele Ferla, Lorenzo Cavallaro
2023-04-05
Cryptography and Security · Computer Science
The never ending war in the stack and the reincarnation of ROP attacks
Ammari Nader, Joan Calvet, Jose M. Fernandez
2020-05-26
Cryptography and Security · Computer Science
Obfuscation using Encryption
Johannes Schneider, Thomas Locher
2016-12-13
Cryptography and Security · Computer Science
On Secure and Usable Program Obfuscation: A Survey
Hui Xu, Yangfan Zhou, Yu Kang, Michael R. Lyu
2017-10-04
Cryptography and Security · Computer Science
Zipper Stack: Shadow Stacks Without Shadow
Jinfeng Li, Liwei Chen, Qizhen Xu, Linan Tian +3
2020-07-16
Cryptography and Security · Computer Science
ROPNN: Detection of ROP Payloads Using Deep Neural Networks
Xusheng Li, Zhisheng Hu, Haizhou Wang, Yiwei Fu +3
2024-02-14
Cryptography and Security · Computer Science
Return Oriented Programming - Exploit Implementation using functions
Sunil Kumar Sathyanarayan, Dr. Makan Pourzandi, Katayoun Aliyari
2017-06-28
Cryptography and Security · Computer Science
A practical analysis of ROP attacks
Ayush Bansal, Debadatta Mishra
2021-11-08
Cryptography and Security · Computer Science
JConstHide: A Framework for Java Source Code Constant Hiding
Praveen Sivadasan, P Sojan Lal
2009-04-23
Cryptography and Security · Computer Science
CodeTrolley: Hardware-Assisted Control Flow Obfuscation
Novak Boskov, Mihailo Isakov, Michel A. Kinsy
2019-08-28
Cryptography and Security · Computer Science
DeepObfusCode: Source Code Obfuscation Through Sequence-to-Sequence Networks
Siddhartha Datta
2021-02-26
Cryptography and Security · Computer Science
Use of Cryptography in Malware Obfuscation
Hassan Jameel Asghar, Benjamin Zi Hao Zhao, Muhammad Ikram, Giang Nguyen +3
2023-09-11
Cryptography and Security · Computer Science
Flexible Software Protection
Jens Van den Broeck, Bart Coppens, Bjorn De Sutter
2020-12-24
Cryptography and Security · Computer Science
Empirical Assessment of the Code Comprehension Effort Needed to Attack Programs Protected with Obfuscation
Leonardo Regano, Daniele Canavese, Cataldo Basile, Marco Torchiano
2025-11-27
Programming Languages · Computer Science
Concept-Oriented Programming
Alexandr Savinov
2010-09-28
Quantum Physics · Physics
Obfuscation of Unitary Quantum Programs
Mi-Ying Huang, Er-Cheng Tang
2025-10-13
Cryptography and Security · Computer Science
Extended Report on the Obfuscated Integration of Software Protections
Jens Van den Broeck, Bart Coppens, Bjorn De Sutter
2019-07-04
Software Engineering · Computer Science
Obfuscating Java Programs by Translating Selected Portions of Bytecode to Native Libraries
Davide Pizzolotto, Mariano Ceccato
2019-01-16
Cryptography and Security · Computer Science
JDATATRANS for Array Obfuscation in Java Source Code to Defeat Reverse Engineering from Decompiled Codes
Praveen Sivadasan, P Sojan Lal, Naveen Sivadasan
2008-09-23
Machine Learning · Computer Science
Generating Adversarial Computer Programs using Optimized Obfuscations
Shashank Srikant, Sijia Liu, Tamara Mitrovska, Shiyu Chang +3
2021-03-23
Cryptography and Security · Computer Science
Security Mitigations for Return-Oriented Programming Attacks
Piotr Bania
2010-08-25
Programming Languages · Computer Science
A Core Calculus for Provenance
Umut A. Acar, Amal Ahmed, James Cheney, Roly Perera
2014-01-06
Software Engineering · Computer Science
Assessment of Source Code Obfuscation Techniques
Alessio Viticchié, Leonardo Regano, Marco Torchiano, Cataldo Basile +3
2017-04-10
Programming Languages · Computer Science
Erlang Binary and Source Code Obfuscation
Gregory Morse, Tamás Kozsik
2026-04-16
Cryptography and Security · Computer Science
Towards a Theory of Special-purpose Program Obfuscation
Muhammad Rizwan Asghar, Steven Galbraith, Andrea Lanzi, Giovanni Russello +1
2020-11-06