COOPS: A Code Obfuscation Method Based on Obscuring Program Semantics

Abstract

As reverse engineering technology develops rapidly, the financial loss caused by software security issues is urgent. Therefore, how to effectively protect software is a critical problem to solve. The software protection method based on code obfuscation is an effective way, and constructing an effective obfuscation algorithm can increase the cost of reverse software. It is conspicuous that current development of code obfuscation focuses on increasing the complexity of the code structure without paying much attention to the protection of program semantic information, which may help experienced attackers improve their analysis efficiency. This paper proposes COOPS for protecting software based on program semantic information, in which functions are regarded as basic semantic units. The switch relationship between the intrafunction control flow and the interfunction calling is established. The interfunction calling can be hidden in the intrafunction control flow, and in reverse, the intrafunction control flow can also be converted to interfunction calling. In this way, considering intraprogram function semantic unit level discrete, this method reconstructs the intraprogram semantic relationship. To determine the relative effectiveness, we have evaluated COOPS on OpenSSL and SpecInt-2000 test sets. For both of them, the function calling graphs before and after obfuscation differ more than 90%, which means COOPS significantly changes the control flow of the program. The evaluation shows that compared with O-LLVM, COOPS manifests strong resistance to Asm2vec and other program similarity analysis techniques and significantly improves the level of software protection rather than necessitating time-consuming and heavyweight problems.