CodeTrolley: Hardware-Assisted Control Flow Obfuscation
Novak Boskov, Mihailo Isakov, Michel A. Kinsy
TL;DR
CodeTrolley introduces a hardware-assisted control flow obfuscation method for RISC-V that enhances binary security by deobfuscating code at runtime using a hardware-stored secret, offering a lightweight alternative to traditional techniques.
Contribution
It presents a novel RISC-V-based hardware-assisted deobfuscation technique combined with an LLVM extension for obfuscating binaries, focusing on securing a secret key rather than complex code transformations.
Findings
Effective runtime deobfuscation using hardware secrets
Compatibility with LLVM-based binary obfuscation
Lightweight alternative to binary decryption
Abstract
Many cybersecurity attacks rely on analyzing a binary executable to find exploitable sections of code. Code obfuscation is used to prevent attackers from reverse engineering these executables. In this work, we focus on control flow obfuscation - a technique that prevents attackers from statically determining which code segments are original, and which segments are added in to confuse attackers. We propose a RISC-V-based hardware-assisted deobfuscation technique that deobfuscates code at runtime based on a secret safely stored in hardware, along with an LLVM compiler extension for obfuscating binaries. Unlike conventional tools, our work does not rely on compiling hard-to-reverse-engineer code, but on securing a secret key. As such, it can be seen as a lightweight alternative to on-the-fly binary decryption.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Security and Verification in Computing · Cryptographic Implementations and Security