abstract.tex

\begin{abstract}
Code virtualization built upon virtual machine (VM) technologies are emerging
as a viable method for implementing code obfuscation to protect programs
against unauthorized analysis. State-of-the-art VM-based protection
approaches use a fixed set of virtual instructions and bytecode interpreters
across programs. This, however, opens up a security hole where an experienced
attacker can use knowledge extracted from other programs to quickly uncover
the mapping between virtual instructions and native code for applications
protected under the same scheme. In this paper, we propose a novel VM-based code
obfuscation system to address this problem. The core idea of our approach is
to obfuscate the mapping between the opcodes of bytecode instructions and
their semantics. We achieve this by partitioning each protected code region
into multiple segments where the mapping of opcodes and their semantics is
randomized in different ways in different segments. In this way, each
bytecode instruction will be translated into different native code in
different sections of the obfuscated code. This significantly increases the
diversity of the program behavior. As a result, the knowledge of bytecode to
native code mappings obtained from other programs is unlikely to be useful
for a new program. We evaluate our approach on a set of real-world
applications and compare it against two state-of-the-art VM-based code
obfuscation approaches. Experimental results show that our simple approach is effective,
which provides stronger protection at the cost of little extra overhead.
\end{abstract}