Sökning: WFRF:(Holmgren Ulf 1952 ) > desync-cc: An Autom...
Fältnamn | Indikatorer | Metadata |
---|---|---|
000 | 03737naa a2200385 4500 | |
001 | oai:DiVA.org:liu-188915 | |
003 | SwePub | |
008 | 220930s2022 | |||||||||||000 ||eng| | |
024 | 7 | a https://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1889152 URI |
024 | 7 | a https://doi.org/10.1109/SANER53432.2022.000632 DOI |
040 | a (SwePub)liu | |
041 | a engb eng | |
042 | 9 SwePub | |
072 | 7 | a ref2 swepub-contenttype |
072 | 7 | a kon2 swepub-publicationtype |
100 | 1 | a Kargén, Ulf,c Doktor,d 1984-u Linköpings universitet,Databas och informationsteknik,Tekniska fakulteten4 aut0 (Swepub:liu)ulfka17 |
245 | 1 0 | a desync-cc: An Automatic Disassembly-Desynchronization Obfuscator |
264 | 1 | b IEEE Computer Society,c 2022 |
338 | a print2 rdacarrier | |
520 | a Code obfuscation is an important topic, both in terms of defense, when trying to prevent intellectual property theft, and from the offensive point of view, when trying to break obfuscation used by malware authors to hide their malicious intents. Consequently, several works in recent years have discussed techniques that aim to prevent or delay reverse-engineering of binaries. While most works focus on methods that obscure the program logic from potential attackers, the complimentary approach of disassembly desynchronization has received relatively little attention. This technique puts another hurdle in the way of attackers by targeting the most fundamental step of the reverse-engineering process: recovering assembly code from a program binary. The technique works by tricking a disassembler into decoding the instruction stream at an invalid offset. On CPU architectures with variable-length instructions, this often yields valid albeit meaningless assembly code, while hiding a part of the original code.In the interest of furthering research into disassembly desynchronization, both from a defensive and offensive point of view, we have created desync-cc, a tool for automatic application of disassembly-desynchronization obfuscation. The tool is designed as a drop-in replacement for gcc, and works by intercepting and modifying intermediate assembly code during compilation. By applying obfuscation after the code generation phase, our tool allows a much more granular control over where obfuscation is applied, compared to a source-code level obfuscator. In this paper, we describe the design and implementation of desync-cc, and present a preliminary evaluation of its effectiveness and efficiency on a number of real-world Linux programs. | |
650 | 7 | a NATURVETENSKAPx Data- och informationsvetenskapx Datavetenskap0 (SwePub)102012 hsv//swe |
650 | 7 | a NATURAL SCIENCESx Computer and Information Sciencesx Computer Sciences0 (SwePub)102012 hsv//eng |
653 | a Disassembly desynchronization | |
653 | a Code obfuscation | |
653 | a Reverse engineering | |
653 | a x86 architecture | |
700 | 1 | a Härnqvist, Ivaru Linköpings universitet4 aut0 (Swepub:liu)n/a |
700 | 1 | a Wilson, Johannesu Linköpings universitet4 aut0 (Swepub:liu)n/a |
700 | 1 | a Eriksson, Gustavu Linköpings universitet4 aut0 (Swepub:liu)n/a |
700 | 1 | a Holmgren, Evelinau Linköpings universitet4 aut0 (Swepub:liu)n/a |
700 | 1 | a Shahmehri, Nahid,c Professor,d 1952-u Linköpings universitet,Databas och informationsteknik,Tekniska fakulteten4 aut0 (Swepub:liu)nahsh37 |
710 | 2 | a Linköpings universitetb Databas och informationsteknik4 org |
773 | 0 | t 2022 IEEE International Conference on Software Analysis, Evolution and Reengineeringd : IEEE Computer Societyg , s. 464-468q <464-468z 9781665437868 |
856 | 4 8 | u https://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-188915 |
856 | 4 8 | u https://doi.org/10.1109/SANER53432.2022.00063 |
Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.
Kopiera och spara länken för att återkomma till aktuell vy