VODKA

Virtualization obfuscation using dynamic key approach

Jae Yung Lee, Jae Hyuk Suk, Dong Hoon Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected. In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.

Original languageEnglish
Title of host publicationInformation Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers
EditorsBrent ByungHoon Kang, JinSoo Jang
PublisherSpringer Verlag
Pages131-145
Number of pages15
ISBN (Print)9783030179816
DOIs
Publication statusPublished - 2019 Jan 1
Event19th World International Conference on Information Security and Application, WISA 2018 - Jeju Island, Korea, Republic of
Duration: 2018 Aug 232018 Aug 25

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11402 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference19th World International Conference on Information Security and Application, WISA 2018
CountryKorea, Republic of
CityJeju Island
Period18/8/2318/8/25

Fingerprint

Obfuscation
Virtualization
Software Security
Debugging
Instrumentation
Correspondence
Methodology
Experiment

Keywords

  • Anti-analysis
  • Dynamic key
  • Software protection
  • Virtualization obfuscation

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Lee, J. Y., Suk, J. H., & Lee, D. H. (2019). VODKA: Virtualization obfuscation using dynamic key approach. In B. B. Kang, & J. Jang (Eds.), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers (pp. 131-145). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-17982-3_11

VODKA : Virtualization obfuscation using dynamic key approach. / Lee, Jae Yung; Suk, Jae Hyuk; Lee, Dong Hoon.

Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. ed. / Brent ByungHoon Kang; JinSoo Jang. Springer Verlag, 2019. p. 131-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Lee, JY, Suk, JH & Lee, DH 2019, VODKA: Virtualization obfuscation using dynamic key approach. in BB Kang & J Jang (eds), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11402 LNCS, Springer Verlag, pp. 131-145, 19th World International Conference on Information Security and Application, WISA 2018, Jeju Island, Korea, Republic of, 18/8/23. https://doi.org/10.1007/978-3-030-17982-3_11
Lee JY, Suk JH, Lee DH. VODKA: Virtualization obfuscation using dynamic key approach. In Kang BB, Jang J, editors, Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Springer Verlag. 2019. p. 131-145. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-17982-3_11
Lee, Jae Yung ; Suk, Jae Hyuk ; Lee, Dong Hoon. / VODKA : Virtualization obfuscation using dynamic key approach. Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. editor / Brent ByungHoon Kang ; JinSoo Jang. Springer Verlag, 2019. pp. 131-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{561d452e34134304b8ae4b58f326c2b5,
title = "VODKA: Virtualization obfuscation using dynamic key approach",
abstract = "The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected. In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.",
keywords = "Anti-analysis, Dynamic key, Software protection, Virtualization obfuscation",
author = "Lee, {Jae Yung} and Suk, {Jae Hyuk} and Lee, {Dong Hoon}",
year = "2019",
month = "1",
day = "1",
doi = "10.1007/978-3-030-17982-3_11",
language = "English",
isbn = "9783030179816",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "131--145",
editor = "Kang, {Brent ByungHoon} and JinSoo Jang",
booktitle = "Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers",

}

TY - GEN

T1 - VODKA

T2 - Virtualization obfuscation using dynamic key approach

AU - Lee, Jae Yung

AU - Suk, Jae Hyuk

AU - Lee, Dong Hoon

PY - 2019/1/1

Y1 - 2019/1/1

N2 - The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected. In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.

AB - The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected. In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.

KW - Anti-analysis

KW - Dynamic key

KW - Software protection

KW - Virtualization obfuscation

UR - http://www.scopus.com/inward/record.url?scp=85065021270&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85065021270&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-17982-3_11

DO - 10.1007/978-3-030-17982-3_11

M3 - Conference contribution

SN - 9783030179816

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 131

EP - 145

BT - Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers

A2 - Kang, Brent ByungHoon

A2 - Jang, JinSoo

PB - Springer Verlag

ER -