Turing obfuscation

Yan Wang; Shuai Wang; Pei Wang; Dinghao Wu

doi:10.1007/978-3-319-78813-5_12

Turing obfuscation

Yan Wang, Shuai Wang, Pei Wang, Dinghao Wu^*

^*Corresponding author for this work

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

6 Citations (Scopus)

Abstract

Obfuscation is an important technique to protect software from adversary analysis. Control flow obfuscation effectively prevents attackers from understanding the program structure, hence impeding a broad set of reverse engineering efforts. In this paper, we propose a novel control flow obfuscation method which employs Turing machines to simulate the computation of branch conditions. By weaving the original program with Turing machine components, program control flow graph and call graph can become much more complicated. In addition, due to the runtime computation complexity of a Turing machine, program execution flow would be highly obfuscated and become resilient to advanced reverse engineering approaches via symbolic execution and concolic testing. We have implemented a prototype tool for Turing obfuscation. Comparing with previous work, our control flow obfuscation technique delivers three distinct advantages. (1) Complexity: the complicated structure of a Turing machine makes it difficult for attackers to understand the program control flow. (2) Universality: Turing machines can encode any computation and hence applicable to obfuscate any program component. (3) Resiliency: Turing machine brings in complex execution model, which is shown to withstand automated reverse engineering efforts. Our evaluation obfuscates control flow predicates of two widely-used applications, and the experimental results show that the proposed technique can obfuscate programs in stealth with good performance and robustness.

Original language	English
Title of host publication	Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings
Editors	Ali Ghorbani, Xiaodong Lin, Kui Ren, Sencun Zhu, Aiqing Zhang
Publisher	Springer Verlag
Pages	225-244
Number of pages	20
ISBN (Print)	9783319788128
DOIs	https://doi.org/10.1007/978-3-319-78813-5_12
Publication status	Published - 2018
Externally published	Yes
Event	13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017 - [state] ON, Canada Duration: 22 Oct 2017 → 25 Oct 2017

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume	238
ISSN (Print)	1867-8211

Conference

Conference	13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017
Country/Territory	Canada
City	[state] ON
Period	22/10/17 → 25/10/17

Bibliographical note

Publisher Copyright:
© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.

Keywords

Control flow obfuscation
Reverse engineering
Software security
Turing machine

Access to Document

10.1007/978-3-319-78813-5_12

Cite this

Wang, Y., Wang, S., Wang, P., & Wu, D. (2018). Turing obfuscation. In A. Ghorbani, X. Lin, K. Ren, S. Zhu, & A. Zhang (Eds.), Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings (pp. 225-244). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 238). Springer Verlag. https://doi.org/10.1007/978-3-319-78813-5_12

Wang, Yan ; Wang, Shuai ; Wang, Pei et al. / Turing obfuscation. Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings. editor / Ali Ghorbani ; Xiaodong Lin ; Kui Ren ; Sencun Zhu ; Aiqing Zhang. Springer Verlag, 2018. pp. 225-244 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST).

@inproceedings{f05ec6d785b84a6c9da44a9364f73676,

title = "Turing obfuscation",

abstract = "Obfuscation is an important technique to protect software from adversary analysis. Control flow obfuscation effectively prevents attackers from understanding the program structure, hence impeding a broad set of reverse engineering efforts. In this paper, we propose a novel control flow obfuscation method which employs Turing machines to simulate the computation of branch conditions. By weaving the original program with Turing machine components, program control flow graph and call graph can become much more complicated. In addition, due to the runtime computation complexity of a Turing machine, program execution flow would be highly obfuscated and become resilient to advanced reverse engineering approaches via symbolic execution and concolic testing. We have implemented a prototype tool for Turing obfuscation. Comparing with previous work, our control flow obfuscation technique delivers three distinct advantages. (1) Complexity: the complicated structure of a Turing machine makes it difficult for attackers to understand the program control flow. (2) Universality: Turing machines can encode any computation and hence applicable to obfuscate any program component. (3) Resiliency: Turing machine brings in complex execution model, which is shown to withstand automated reverse engineering efforts. Our evaluation obfuscates control flow predicates of two widely-used applications, and the experimental results show that the proposed technique can obfuscate programs in stealth with good performance and robustness.",

keywords = "Control flow obfuscation, Reverse engineering, Software security, Turing machine",

author = "Yan Wang and Shuai Wang and Pei Wang and Dinghao Wu",

note = "Publisher Copyright: {\textcopyright} ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.; 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017 ; Conference date: 22-10-2017 Through 25-10-2017",

year = "2018",

doi = "10.1007/978-3-319-78813-5\_12",

language = "English",

isbn = "9783319788128",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST",

publisher = "Springer Verlag",

pages = "225--244",

editor = "Ali Ghorbani and Xiaodong Lin and Kui Ren and Sencun Zhu and Aiqing Zhang",

booktitle = "Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings",

}

Wang, Y, Wang, S, Wang, P & Wu, D 2018, Turing obfuscation. in A Ghorbani, X Lin, K Ren, S Zhu & A Zhang (eds), Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, vol. 238, Springer Verlag, pp. 225-244, 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017, [state] ON, Canada, 22/10/17. https://doi.org/10.1007/978-3-319-78813-5_12

Turing obfuscation. / Wang, Yan; Wang, Shuai; Wang, Pei et al.
Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings. ed. / Ali Ghorbani; Xiaodong Lin; Kui Ren; Sencun Zhu; Aiqing Zhang. Springer Verlag, 2018. p. 225-244 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST; Vol. 238).

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

TY - GEN

T1 - Turing obfuscation

AU - Wang, Yan

AU - Wang, Shuai

AU - Wang, Pei

AU - Wu, Dinghao

N1 - Publisher Copyright: © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018.

PY - 2018

Y1 - 2018

N2 - Obfuscation is an important technique to protect software from adversary analysis. Control flow obfuscation effectively prevents attackers from understanding the program structure, hence impeding a broad set of reverse engineering efforts. In this paper, we propose a novel control flow obfuscation method which employs Turing machines to simulate the computation of branch conditions. By weaving the original program with Turing machine components, program control flow graph and call graph can become much more complicated. In addition, due to the runtime computation complexity of a Turing machine, program execution flow would be highly obfuscated and become resilient to advanced reverse engineering approaches via symbolic execution and concolic testing. We have implemented a prototype tool for Turing obfuscation. Comparing with previous work, our control flow obfuscation technique delivers three distinct advantages. (1) Complexity: the complicated structure of a Turing machine makes it difficult for attackers to understand the program control flow. (2) Universality: Turing machines can encode any computation and hence applicable to obfuscate any program component. (3) Resiliency: Turing machine brings in complex execution model, which is shown to withstand automated reverse engineering efforts. Our evaluation obfuscates control flow predicates of two widely-used applications, and the experimental results show that the proposed technique can obfuscate programs in stealth with good performance and robustness.

AB - Obfuscation is an important technique to protect software from adversary analysis. Control flow obfuscation effectively prevents attackers from understanding the program structure, hence impeding a broad set of reverse engineering efforts. In this paper, we propose a novel control flow obfuscation method which employs Turing machines to simulate the computation of branch conditions. By weaving the original program with Turing machine components, program control flow graph and call graph can become much more complicated. In addition, due to the runtime computation complexity of a Turing machine, program execution flow would be highly obfuscated and become resilient to advanced reverse engineering approaches via symbolic execution and concolic testing. We have implemented a prototype tool for Turing obfuscation. Comparing with previous work, our control flow obfuscation technique delivers three distinct advantages. (1) Complexity: the complicated structure of a Turing machine makes it difficult for attackers to understand the program control flow. (2) Universality: Turing machines can encode any computation and hence applicable to obfuscate any program component. (3) Resiliency: Turing machine brings in complex execution model, which is shown to withstand automated reverse engineering efforts. Our evaluation obfuscates control flow predicates of two widely-used applications, and the experimental results show that the proposed technique can obfuscate programs in stealth with good performance and robustness.

KW - Control flow obfuscation

KW - Reverse engineering

KW - Software security

KW - Turing machine

UR - https://www.webofscience.com/wos/woscc/full-record/WOS:000550307100012

UR - https://openalex.org/W4235428720

UR - https://www.scopus.com/pages/publications/85045988175

U2 - 10.1007/978-3-319-78813-5_12

DO - 10.1007/978-3-319-78813-5_12

M3 - Conference Paper published in a book

SN - 9783319788128

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

SP - 225

EP - 244

BT - Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings

A2 - Ghorbani, Ali

A2 - Lin, Xiaodong

A2 - Ren, Kui

A2 - Zhu, Sencun

A2 - Zhang, Aiqing

PB - Springer Verlag

T2 - 13th EAI International Conference on Security and Privacy in Communication Networks, SecureComm 2017

Y2 - 22 October 2017 through 25 October 2017

ER -

Wang Y, Wang S, Wang P, Wu D. Turing obfuscation. In Ghorbani A, Lin X, Ren K, Zhu S, Zhang A, editors, Security and Privacy in Communication Networks - 13th International Conference, SecureComm 2017, Proceedings. Springer Verlag. 2018. p. 225-244. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST). doi: 10.1007/978-3-319-78813-5_12

Turing obfuscation

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this