Software Protection Through Dynamic Code Mutation

  • Matias Madou
  • Bertrand Anckaert
  • Patrick Moseley
  • Saumya Debray
  • Bjorn De Sutter
  • Koen De Bosschere
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3786)


Reverse engineering of executable programs, by disassembling them and then using program analyses to recover high level semantic information, plays an important role in attacks against software systems, and can facilitate software piracy. This paper introduces a novel technique to complicate reverse engineering. The idea is to change the program code repeatedly as it executes, thereby thwarting correct disassembly. The technique can be made as secure as the least secure component of opaque variables and pseudorandom number generators.


Reverse Engineering Pseudorandom Number Generator Instruction Cache Dynamic Code Executable Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Bala, V., Duesterwald, E., Banerjia, S.: Dynamo: a transparent dynamic optimization system. In: Proc. SIGPLAN 2000 Conference on Programming Language Design and Implementation, pp. 1–12 (2000)Google Scholar
  3. 3.
    Buck, B., Hollingsworth, J.: An API for runtime code patching. The International Journal of High Performance Computing Applications 14(4), 317–329 (2000)CrossRefGoogle Scholar
  4. 4.
    Cifuentes, C., Gough, K.J.: Decompilation of binary programs. Software - Practice & Experience, 811–829 (July 1995)Google Scholar
  5. 5.
    Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Principles of Programming Languages 1998, POPL 1998, pp. 184–196 (1998)Google Scholar
  6. 6.
    Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection. IEEE Transactions on Software Engineering 28, 735–746 (2002)CrossRefGoogle Scholar
  7. 7.
    Collberg, C.S., Thomborson, C.D., Low, D.: Breaking abstractions and unstructuring data structures. In: International Conference on Computer Languages, pp. 28–38 (1998)Google Scholar
  8. 8.
    Cook, S.A.: The complexity of theorem-proving procedures. In: Proc. 3rd ACM Symposium on Theory of Computing, pp. 151–158 (1971)Google Scholar
  9. 9.
    Cormen, T., Leiserson, C., Rivest, R., Stein, C.: Introduction to Algorithms. McGraw-Hill, New York (1991)Google Scholar
  10. 10.
    De Bus, B., De Sutter, B., Van Put, L., Chanet, D., De Bosschere, K.: Link-time optimization of ARM binaries. In: Proc. of the 2004 ACM SIGPLAN/SIGBED Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES), pp. 211–220 (2004)Google Scholar
  11. 11.
    Debray, S.K., Evans, W.: Profile-guided code compression. In: Proc. ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI 2002), pp. 95–105 (June 2002)Google Scholar
  12. 12.
    Engler, D., Hsieh, W., Kaashoek, F.: c: A language for high-level, efficient, and machine-independent dynamic code generation. In: Symposium on Principles of Programming Languages, pp. 131–144 (1996)Google Scholar
  13. 13.
    Hicks, M., Moore, J., Nettles, S.: Dynamic software updating. In: Proc. SIGPLAN Conference on Programming Language Design and Implementation, pp. 13–23 (2001)Google Scholar
  14. 14.
    Hudak, P., Young, J.: Higher-order strictness analysis in the untyped lambda calculus. In: Proc. 13th ACM Symposium on Principles of Programming Languages, pp. 97–109 (January 1986)Google Scholar
  15. 15.
    Jenkins, R.: Isaac. In: Fast Software Encryption, pp. 41–49 (1996)Google Scholar
  16. 16.
    Kanzaki, Y., Monden, A., Nakamura, M., ichi Matsumoto, K.: Exploiting self-modification mechanism for program protection. In: Proc. of the 27th Annual International Computer Software and Applications ConferenceGoogle Scholar
  17. 17.
    Leone, M., Lee, P.: A Declarative Approach to Run-Time Code Generation. In: Workshop on Compiler Support for System Software (WCSSS) (1996)Google Scholar
  18. 18.
    Lie, D., et al.: Architectural support for copy and tamper resistant software. In: Proc. 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), pp. 168–177 (2000)Google Scholar
  19. 19.
    Masticola, S., Ryder, B.: Non-concurrency analysis. In: PPOPP 1993: Proceedings of the fourth ACM SIGPLAN symposium on Principles and practice of parallel programming, pp. 129–138. ACM Press, New York (1993)CrossRefGoogle Scholar
  20. 20.
    Noel, F., Hornof, L., Consel, C., Lawall, J.L.: Automatic, template-based run-time specialization: Implementation and experimental study. In: Proceedings of the 1998 International Conference on Computer Languages, pp. 132–142 (1998)Google Scholar
  21. 21.
    Ogiso, T., Sakabe, Y., Soshi, M., Miyaji, A.: Software obfuscation on a theoretical basis and its implementation. IEICE Transactions on Fundamentals, 176–186 (2003)Google Scholar
  22. 22.
    Schwarz, B., Debray, S., Andrews, G.: Disassembly of executable code revisited. In: WCRE 2002: Proceedings of the Ninth Working Conference on Reverse Engineering (WCRE 2002), pp. 45–54. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  23. 23.
    Stockmeyer, L.J., Meyer, A.R.: Word problems requiring exponential time. In: Proc. 5th ACM Symposium on Theory of Computing, pp. 1–9 (1973)Google Scholar
  24. 24.
    Viega, J.: Practical random number generation in software. In: Proc. 19th Annual Computer Security Applications Conference, pp. 129–141 (2003)Google Scholar
  25. 25.
    Wang, C., Davidson, J., Hill, J., Knight, J.: Protection of software-based survivability mechanisms. In: International Conference of Dependable Systems and Networks, Goteborg, Sweden (July 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Matias Madou
    • 1
  • Bertrand Anckaert
    • 1
  • Patrick Moseley
    • 2
  • Saumya Debray
    • 2
  • Bjorn De Sutter
    • 1
  • Koen De Bosschere
    • 1
  1. 1.Department of Electronics and Information SystemsGhent UniversityGhentBelgium
  2. 2.Department of Computer ScienceUniversity of ArizonaTucsonU.S.A.

Personalised recommendations