Visible to the public N-version Obfuscation

TitleN-version Obfuscation
Publication TypeConference Paper
Year of Publication2016
AuthorsXu, Hui, Zhou, Yangfan, Lyu, Michael
Conference NameProceedings of the 2Nd ACM International Workshop on Cyber-Physical System Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4288-9
Keywordscomposability, obfuscation, pubcrawl, resilience, Resiliency, reverse engineering, software security, Tamper resistance, Tamper-Resistance
Abstract

Although existing for decades, software tampering attack is still a main threat to systems, such as Android, and cyber physical systems. Many approaches have been proposed to thwart specific procedures of tampering, e.g., obfuscation and self-checksumming. However, none of them can achieve theoretically tamper-proof without the protection of hardware circuit. Rather than proposing new tricks against tampering attacks, we focus on impeding the replication of software tampering via program diversification, and thus pose a scalability barrier against the attacks. Our idea, namely N-version obfuscation (NVO), is to automatically generate and deliver same featured, but functionally nonequivalent software copies to different machines or users. In this paper, we investigate such an idea on Android platform. We carefully design a candidate NVO solution for networked apps, which leverages a Message Authentication Code (MAC) mechanism to generate the functionally nonequivalent diversities. Our evaluation result shows that the time required for breaking such a software system increases linearly with respect to the number of software versions. In this way, attackers would suffer great scalability issues, considering that an app can have millions of users. With minimal NVO costs, effective tamper-resistant security can therefore be established.

URLhttp://doi.acm.org/10.1145/2899015.2899026
DOI10.1145/2899015.2899026
Citation Keyxu_n-version_2016