VODKA: Virtualization obfuscation using dynamic key approach

Jae Yung Lee; Jae Hyuk Suk; Dong Hoon Lee

doi:10.1007/978-3-030-17982-3_11

VODKA: Virtualization obfuscation using dynamic key approach

Jae Yung Lee, Jae Hyuk Suk, Dong Hoon Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected. In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.

Original language	English
Title of host publication	Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers
Editors	Brent ByungHoon Kang, JinSoo Jang
Publisher	Springer Verlag
Pages	131-145
Number of pages	15
ISBN (Print)	9783030179816
DOIs	https://doi.org/10.1007/978-3-030-17982-3_11
Publication status	Published - 2019
Event	19th World International Conference on Information Security and Application, WISA 2018 - Jeju Island, Korea, Republic of Duration: 2018 Aug 23 → 2018 Aug 25

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11402 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	19th World International Conference on Information Security and Application, WISA 2018
Country/Territory	Korea, Republic of
City	Jeju Island
Period	18/8/23 → 18/8/25

Keywords

Anti-analysis
Dynamic key
Software protection
Virtualization obfuscation

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-030-17982-3_11

Cite this

Lee, J. Y., Suk, J. H., & Lee, D. H. (2019). VODKA: Virtualization obfuscation using dynamic key approach. In B. B. Kang, & J. Jang (Eds.), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers (pp. 131-145). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-17982-3_11

VODKA: Virtualization obfuscation using dynamic key approach. / Lee, Jae Yung; Suk, Jae Hyuk; Lee, Dong Hoon.
Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. ed. / Brent ByungHoon Kang; JinSoo Jang. Springer Verlag, 2019. p. 131-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11402 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Lee, JY, Suk, JH & Lee, DH 2019, VODKA: Virtualization obfuscation using dynamic key approach. in BB Kang & J Jang (eds), Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11402 LNCS, Springer Verlag, pp. 131-145, 19th World International Conference on Information Security and Application, WISA 2018, Jeju Island, Korea, Republic of, 18/8/23. https://doi.org/10.1007/978-3-030-17982-3_11

Lee JY, Suk JH, Lee DH. VODKA: Virtualization obfuscation using dynamic key approach. In Kang BB, Jang J, editors, Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. Springer Verlag. 2019. p. 131-145. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-17982-3_11

Lee, Jae Yung ; Suk, Jae Hyuk ; Lee, Dong Hoon. / VODKA : Virtualization obfuscation using dynamic key approach. Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers. editor / Brent ByungHoon Kang ; JinSoo Jang. Springer Verlag, 2019. pp. 131-145 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{561d452e34134304b8ae4b58f326c2b5,

title = "VODKA: Virtualization obfuscation using dynamic key approach",

abstract = "The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected. In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.",

keywords = "Anti-analysis, Dynamic key, Software protection, Virtualization obfuscation",

author = "Lee, {Jae Yung} and Suk, {Jae Hyuk} and Lee, {Dong Hoon}",

note = "Funding Information: Acknowledgement. This work was supported as part of Military Crypto Research Center (UD170109ED) funded by Defense Acquisition Program Administration (DAPA) and Agency for Defense Development (ADD). Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.; 19th World International Conference on Information Security and Application, WISA 2018 ; Conference date: 23-08-2018 Through 25-08-2018",

year = "2019",

doi = "10.1007/978-3-030-17982-3_11",

language = "English",

isbn = "9783030179816",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "131--145",

editor = "Kang, {Brent ByungHoon} and JinSoo Jang",

booktitle = "Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers",

}

TY - GEN

T1 - VODKA

T2 - 19th World International Conference on Information Security and Application, WISA 2018

AU - Lee, Jae Yung

AU - Suk, Jae Hyuk

AU - Lee, Dong Hoon

N1 - Funding Information: Acknowledgement. This work was supported as part of Military Crypto Research Center (UD170109ED) funded by Defense Acquisition Program Administration (DAPA) and Agency for Defense Development (ADD). Publisher Copyright: © Springer Nature Switzerland AG 2019.

PY - 2019

Y1 - 2019

N2 - The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected. In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.

AB - The virtualization obfuscation technique is known to possess excellent security among software protection techniques. However, research has shown that virtualization obfuscation techniques can be analyzed by automated analysis tools because the deobfuscate virtualization obfuscation methodology is fixed. In this situation, additional protection techniques of the virtualization structure have been studied to supplement the protection strength of virtualization obfuscation. However, most of the proposed protection schemes require a special assumption or significantly increase the overhead of the program to be protected. In this paper, we propose a delayed analysis method for a lightweight virtualization structure that does not require a strong assumption. Hence, we propose a new virtual code protection scheme combining an anti-analysis technique and dynamic key, and explain its mechanism. This causes correspondence ambiguity between the virtual code and the handler code, thus causing analysis delay. In addition, we show the result of debugging or dynamic instrumentation experiment when the additional anti-analysis technique is applied.

KW - Anti-analysis

KW - Dynamic key

KW - Software protection

KW - Virtualization obfuscation

UR - http://www.scopus.com/inward/record.url?scp=85065021270&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-17982-3_11

DO - 10.1007/978-3-030-17982-3_11

M3 - Conference contribution

AN - SCOPUS:85065021270

SN - 9783030179816

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 131

EP - 145

BT - Information Security Applications - 19th International Conference, WISA 2018, Revised Selected Papers

A2 - Kang, Brent ByungHoon

A2 - Jang, JinSoo

PB - Springer Verlag

Y2 - 23 August 2018 through 25 August 2018

ER -

VODKA: Virtualization obfuscation using dynamic key approach

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this