| 1. |
- Kargén, Ulf, et al.
(författare)
-
desync-cc: A research tool for automatically applying disassembly desynchronization during compilation
- 2023
-
Ingår i: Science of Computer Programming. - : ELSEVIER. - 0167-6423 .- 1872-7964. ; 228
-
Tidskriftsartikel (refereegranskat)abstract
- Code obfuscation is an important topic, both in terms of defense, when trying to prevent intellectual property theft, and from the offensive point of view, when trying to break obfuscation used in malware. Several recent works have discussed techniques for preventing or delaying reverse engineering of binaries. While most works focus on methods that obscure program logic, the complimentary approach of disassembly desynchronizationhas received relatively little attention, despite being often used by, for example, malware authors. The technique puts another hurdle in the way of attackers by targeting the most fundamental step of the reverse-engineering process: recovering assembly code from a program binary. In the interest of furthering research into this kind of obfuscation, we present desync-cc, a tool for automatic application of disassembly desynchronization. To facilitate maximal ease-of-use, the tool is designed as a drop-in replacement for gcc, and works by intercepting and modifying intermediate assembly-code during compilation. (c) 2023 The Authors. Published by Elsevier B.V.
|
|
| 2. |
- Kargén, Ulf, Doktor, 1984-, et al.
(författare)
-
desync-cc: An Automatic Disassembly-Desynchronization Obfuscator
- 2022
-
Ingår i: 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering. - : IEEE Computer Society. - 9781665437868 ; , s. 464-468
-
Konferensbidrag (refereegranskat)abstract
- Code obfuscation is an important topic, both in terms of defense, when trying to prevent intellectual property theft, and from the offensive point of view, when trying to break obfuscation used by malware authors to hide their malicious intents. Consequently, several works in recent years have discussed techniques that aim to prevent or delay reverse-engineering of binaries. While most works focus on methods that obscure the program logic from potential attackers, the complimentary approach of disassembly desynchronization has received relatively little attention. This technique puts another hurdle in the way of attackers by targeting the most fundamental step of the reverse-engineering process: recovering assembly code from a program binary. The technique works by tricking a disassembler into decoding the instruction stream at an invalid offset. On CPU architectures with variable-length instructions, this often yields valid albeit meaningless assembly code, while hiding a part of the original code.In the interest of furthering research into disassembly desynchronization, both from a defensive and offensive point of view, we have created desync-cc, a tool for automatic application of disassembly-desynchronization obfuscation. The tool is designed as a drop-in replacement for gcc, and works by intercepting and modifying intermediate assembly code during compilation. By applying obfuscation after the code generation phase, our tool allows a much more granular control over where obfuscation is applied, compared to a source-code level obfuscator. In this paper, we describe the design and implementation of desync-cc, and present a preliminary evaluation of its effectiveness and efficiency on a number of real-world Linux programs.
|
|
| 3. |
- Tiger, Mattias, 1989-, et al.
(författare)
-
On-Demand Multi-Agent Basket Picking for Shopping Stores
- 2023
-
Ingår i: 2023 IEEE International Conference on Robotics and Automation (ICRA). - : IEEE. - 9798350323658 - 9798350323665 ; , s. 5793-5799
-
Konferensbidrag (refereegranskat)abstract
- Imagine placing an online order on your way to the grocery store, then being able to pick the collected basket upon arrival or shortly after. Likewise, imagine placing any online retail order, made ready for pickup in minutes instead of days. In order to realize such a low-latency automatic warehouse logistics system, solvers must be made to be basketaware. That is, it is more important that the full order (the basket) is picked timely and fast, than that any single item in the order is picked quickly. Current state-of-the-art methods are not basket-aware. Nor are they optimized for a positive customer experience, that is; to prioritize customers based on queue place and the difficulty associated with picking their order. An example of the latter is that it is preferable to prioritize a customer ordering a pack of diapers over a customer shopping a larger order, but only as long as the second customer has not already been waiting for too long. In this work we formalize the problem outlined, propose a new method that significantly outperforms the state-of-the-art, and present a new realistic simulated benchmark. The proposed method is demonstrated to work in an on-line and real-time setting, and to solve the on-demand multi-agent basket picking problem for automated shopping stores under realistic conditions.
|
|
