一种抵抗符号执行的路径分支混淆技术

程序在动态执行过程中泄露了大量的路径分支信息,这些路径分支信息是其内部逻辑关系的二进制表示.符号执行技术可以自动地收集并推理程序执行过程所泄露的路径信息,可用于逆向工程并可削弱代码混淆的保护强度.哈希函数可以有效保护基于等于关系的路径分支信息,但是难以保护基于上下边界判断的不等关系的路径分支信息.将保留前缀算法与哈希函数相结合提出了一种新的路径分支混淆技术,将符号执行推理路径分支信息的难度等价到逆向推理哈希函数的难度.该路径分支混淆方法在SPECint-2006程序测试集上进行了实验,试验结果表明该混淆方法能有效保护程序路径分支信息,具有实用性.

Branch Obfuscation to Combat Symbolic Execution

At run time,a large number of program branching information is leaked.Branching information is the binary representation of program internal logic.Symbolic execution could automatically collect and reason about the leaked branch information,which could be used for reverse engineering and weaken the strength of code obfuscation.Hash function can effectively safeguard equal branch conditions,but it can't be used to protect branching information containing unequal trigger conditions,such as greater than or less than.In this paper,a new branch obfuscation approach combining prefix-preserving algorithm and hash function,which extends the protection scope of hash function.The strength and resilience of the branch obfuscation are discussed.This branch obfuscation approach has been tested on 7 programs from the SPECint-2006 benchmark suite,and the experimental results show that this approach could effectively mitigate branch information leaking,yet practical in terms of performance.