Standalone static binary executable rewriting for software protection

Download
2015
Bican, Özgür Saygın
This study introduces a static binary rewriting method for improving security of executable binaries. For software security, when the network and host-based precautions are passed by the adversary or they are not present at all, the software has to defend itself. Nevertheless, applying software protection methods during software development requires extra source code development and know-how. Furthermore, these methods inherently make the software undesirably complex. Applying these methods after compilation of the software will decouple the software development and protection processes. Binary rewriting is such a method that externally modifies an executable file in order to make binary hard to reverse engineer and tamper. Along with software protection, binary rewriting is also applied on other areas such as binary instrumentation and semantic patching etc. that are out of the scope of this study. Some prior proposed approaches use a special compiler and/or linker and some others use a third party commercial disassemblers to make analysis on the binary file, making process highly dependent on performance of these tools. In this study, a standalone static binary rewriting framework that can work directly on the output of the compiler without any third party disassembler or special compiler/linker dependency is developed. The framework uses debug information in binary to get function locations, and then relocates functions, then update the references to point to the new addresses in the binary. The implementation is tested on various open source software written in C and C++ for performance overhead. Then, as a case study, a software protection method is applied to a program using our framework, and the security of resulting binary is compared in terms of how control flow graph reveals information about software structure.

Suggestions

Model-based code generation for HLA federates
Adak, Mehmet; Topcu, Okan; Oğuztüzün, Mehmet Halit S. (Wiley, 2010-02-01)
This paper addresses the problem of automated code generation for a High Level Architecture compliant federate application given its behavior model. The behavior model is a part of the architectural model of a federation that the federate can participate in. The federate behavior model is based on Live Sequence Charts, adopted as the behavioral specification formalism in the Federation Architecture Metamodel (FAMM). FAMM serves as a formal language for describing federation architectures. An objective is to...
Content based packet filtering in linux kernel using deterministic finite automata
Bilal, Tahir; Şehitoğlu, Onur Tolga; Department of Computer Engineering (2011)
In this thesis, we present a content based packet filtering Architecture in Linux using Deterministic Finite Automata and iptables framework. New generation firewalls and intrusion detection systems not only filter or inspect network packets according to their header fields but also take into account the content of payload. These systems use a set of signatures in the form of regular expressions or plain strings to scan network packets. This scanning phase is a CPU intensive task which may degrade network p...
Dosso - automatic detector of shared objects in multithreaded java programs
Tolubaeva, Munara; Betin Can, Aysu; Department of Information Systems (2009)
In this thesis, we present a simple and efficient automated analysis tool called DoSSO that detects shared objects in multithreaded Java programs. DoSSO reports only the shared objects that are modified by at least one thread. Based on this tool, we propose a new approach in developing concurrent software where programmers implement the system without considering synchronization issues first and then use appropriate locking mechanism only for the objects reported by DoSSO. To evaluate the applicability of D...
Comparative evaluation of command distribution via DDS and CORBA in a software reference architecture
Duran, Mustafa Berk; Bilgen, Semih; Department of Electrical and Electronics Engineering (2014)
Communication between modules in distributed system architectures plays a crucial role in proper system operation. Therefore, selection of the method for the communication of software running on di erent platforms becomes important. Two of the alternatives for data distribution are the Common Object Request Broker Architecture (CORBA) and Data-Distribution Service (DDS). In this study, e ects of the selection on the Overall software quality and performance are investigated for real-time embedded systems dev...
Data integration over horizontally partitioned databases in service-oriented data grids
Sunercan, Hatice Kevser Sönmez; Çiçekli, Fehime Nihan; Alpdemir, Mahmut Nedim; Department of Computer Engineering (2010)
Information integration over distributed and heterogeneous resources has been challenging in many terms: coping with various kinds of heterogeneity including data model, platform, access interfaces; coping with various forms of data distribution and maintenance policies, scalability, performance, security and trust, reliability and resilience, legal issues etc. It is obvious that each of these dimensions deserves a separate thread of research efforts. One particular challenge among the ones listed above tha...
Citation Formats
Ö. S. Bican, “Standalone static binary executable rewriting for software protection,” M.S. - Master of Science, Middle East Technical University, 2015.