| Title | Tightly-coupled Self-debugging Software Protection |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Abrath, Bert, Coppens, Bart, Volckaert, Stijn, Wijnant, Joris, De Sutter, Bjorn |
| Conference Name | Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4841-6 |
| Keywords | acoustic coupling, anti-debugging, Binary Rewriting, Human Behavior, pubcrawl, Resiliency, reverse engineering, scalabilty, self-debugging |
| Abstract | Existing anti-debugging protections are relatively weak. In existing self-debugger approaches, a custom debugger is attached to the main application, of which the control flow is obfuscated by redirecting it through the debugger. The coupling between the debugger and the main application is then quite loose, and not that hard to break by an attacker. In the tightly-coupled self-debugging technique proposed in this paper, full code fragments are migrated from the application to the debugger, making it harder for the attacker to reverse-engineer the program and to deconstruct it into the original unprotected program to attach a debugger or to collect traces. We evaluate a prototype implementation on three complex, real-world Android use cases and present the results of tests conducted by professional penetration testers. |
| URL | http://doi.acm.org/10.1145/3015135.3015142 |
| DOI | 10.1145/3015135.3015142 |
| Citation Key | abrath_tightly-coupled_2016 |
Tightly-coupled Self-debugging Software Protection