Rethinking anti-emulation techniques for large-scale software deployment

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 96
  • Download : 0
From the security perspective, emulation is often utilized to analyze unknown malware owing to its capability of tracing fine-grained runtime behavior (i.e., execution path exploration). To this end, attackers equip their malware with powerful anti-emulation techniques that fingerprint the emulated system environment, thereby avoiding dynamic analysis. However, this is not the only use case of anti-emulation. Recently, legitimate software vendors are also putting significant efforts to prevent their products running on top of the emulated execution environment. There are mainly two reasons for this which are: (i) securing the intellectual property from emulation-assisted reverse-engineering, and (ii) disallowing the customers using the application without purchasing the actual hardware. From the previous literature, various anti-emulation techniques were explored. Unfortunately, existing techniques are mostly discussed and developed with malware's perspective. In this paper, we flip this conventional paradigm and discuss anti-emulation techniques in terms of protecting Commercial-Off-the-Shelf (COTS) software. Due to the higher requirements for usability, existing anti-emulation techniques are inapt for large-scale application vendors. To overcome such problem, we introduce three new techniques in vendors perspective for deploying their product. We evaluate the efficacy of our techniques in five aspects: (i) fast detection speed, (ii) high accuracy, (iii) low power consumption, (iv) a broad range of compatibility, and (v) high cost of bypassing. Based on our experiments, we demonstrate that misaligning the vectorization (e.g., Intel SIMD, ARM NEON) can be utilized as a promising anti-emulation technique among the proposed ones. To confirm the effectiveness, we applied our technology against 176 real Android devices and various emulators as a test bed. (C) 2019 Elsevier Ltd. All rights reserved.
Publisher
ELSEVIER ADVANCED TECHNOLOGY
Issue Date
2019-06
Language
English
Article Type
Article
Citation

COMPUTERS & SECURITY, v.83, pp.182 - 200

ISSN
0167-4048
DOI
10.1016/j.cose.2019.02.005
URI
http://hdl.handle.net/10203/262254
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0