Check out the new USENIX Web site.
USENIX, The Advanced Computing Systems Association

16th USENIX Security Symposium – Abstract

Pp. 275–290 of the Proceedings

Binary Obfuscation Using Signals

Igor V. Popov, Saumya K. Debray, and Gregory R. Andrews, The University of Arizona


Reverse engineering of software is the process of recovering higher-level structure and meaning from a lowerlevel program representation. It can be used for legitimate purposes — e.g., to recover source code that has been lost — but it is often used for nefarious purposes, e.g., to search for security vulnerabilities in binaries or to steal intellectual property. This paper addresses the problem of making it hard to reverse engineering binary programs bymaking it difficult to disassemblemachine code statically. Binaries are obfuscated by changing many control transfers into signals (traps) and inserting dummy control transfers and “junk” instructions after the signals. The resulting code is still a correct program, but even the best current disassemblers are unable to disassemble 40%–60% of the instructions in the program. Furthermore, the disassemblers have a mistaken understanding of over half of the control flow edges. However, the obfuscated program necessarily executes more slowly than the original. Experimental results quantify the degree of obfuscation, stealth of the code, and effects on execution time and code size.
  • View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
    Click here if you have forgotten your password Until August 2008, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2007 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
To become a USENIX member, please see our Membership Information.

Last changed: 20 Sept. 2007 ac