Tightly-coupled self-debugging software protection
| Autor: | Joris Wijnant, Stijn Volckaert, Bert Abrath, Bart Coppens, Bjorn De Sutter |
|---|---|
| Rok vydání: | 2016 |
| Předmět: |
Reverse engineering
021110 strategic defence & security studies Computer science media_common.quotation_subject 0211 other engineering and technologies Software protection 020207 software engineering 02 engineering and technology computer.software_genre Binary rewriting Control flow Debugging Software_SOFTWAREENGINEERING 0202 electrical engineering electronic engineering information engineering Operating system Use case Android (operating system) computer media_common Debugger |
| Zdroj: | SSPREW@ACSAC |
| Popis: | Existing anti-debugging protections are relatively weak. In existing self-debugger approaches, a custom debugger is attached to the main application, of which the control flow is obfuscated by redirecting it through the debugger. The coupling between the debugger and the main application is then quite loose, and not that hard to break by an attacker. In the tightly-coupled self-debugging technique proposed in this paper, full code fragments are migrated from the application to the debugger, making it harder for the attacker to reverse-engineer the program and to deconstruct it into the original unprotected program to attach a debugger or to collect traces. We evaluate a prototype implementation on three complex, real-world Android use cases and present the results of tests conducted by professional penetration testers. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|