DC Field | Value | Language |
---|---|---|
dc.contributor.author | Jang, Daehee | ko |
dc.contributor.author | Jeong, Yunjong | ko |
dc.contributor.author | LEE, SEONG MAN | ko |
dc.contributor.author | Park, Minjoon | ko |
dc.contributor.author | Kwak, Kuenhwan | ko |
dc.contributor.author | Kim, Donguk | ko |
dc.contributor.author | Kang, Brent Byunghoon | ko |
dc.date.accessioned | 2019-05-29T02:25:13Z | - |
dc.date.available | 2019-05-29T02:25:13Z | - |
dc.date.created | 2019-05-28 | - |
dc.date.created | 2019-05-28 | - |
dc.date.created | 2019-05-28 | - |
dc.date.issued | 2019-06 | - |
dc.identifier.citation | COMPUTERS & SECURITY, v.83, pp.182 - 200 | - |
dc.identifier.issn | 0167-4048 | - |
dc.identifier.uri | http://hdl.handle.net/10203/262254 | - |
dc.description.abstract | From the security perspective, emulation is often utilized to analyze unknown malware owing to its capability of tracing fine-grained runtime behavior (i.e., execution path exploration). To this end, attackers equip their malware with powerful anti-emulation techniques that fingerprint the emulated system environment, thereby avoiding dynamic analysis. However, this is not the only use case of anti-emulation. Recently, legitimate software vendors are also putting significant efforts to prevent their products running on top of the emulated execution environment. There are mainly two reasons for this which are: (i) securing the intellectual property from emulation-assisted reverse-engineering, and (ii) disallowing the customers using the application without purchasing the actual hardware. From the previous literature, various anti-emulation techniques were explored. Unfortunately, existing techniques are mostly discussed and developed with malware's perspective. In this paper, we flip this conventional paradigm and discuss anti-emulation techniques in terms of protecting Commercial-Off-the-Shelf (COTS) software. Due to the higher requirements for usability, existing anti-emulation techniques are inapt for large-scale application vendors. To overcome such problem, we introduce three new techniques in vendors perspective for deploying their product. We evaluate the efficacy of our techniques in five aspects: (i) fast detection speed, (ii) high accuracy, (iii) low power consumption, (iv) a broad range of compatibility, and (v) high cost of bypassing. Based on our experiments, we demonstrate that misaligning the vectorization (e.g., Intel SIMD, ARM NEON) can be utilized as a promising anti-emulation technique among the proposed ones. To confirm the effectiveness, we applied our technology against 176 real Android devices and various emulators as a test bed. (C) 2019 Elsevier Ltd. All rights reserved. | - |
dc.language | English | - |
dc.publisher | ELSEVIER ADVANCED TECHNOLOGY | - |
dc.title | Rethinking anti-emulation techniques for large-scale software deployment | - |
dc.type | Article | - |
dc.identifier.wosid | 000465367100014 | - |
dc.identifier.scopusid | 2-s2.0-85062303262 | - |
dc.type.rims | ART | - |
dc.citation.volume | 83 | - |
dc.citation.beginningpage | 182 | - |
dc.citation.endingpage | 200 | - |
dc.citation.publicationname | COMPUTERS & SECURITY | - |
dc.identifier.doi | 10.1016/j.cose.2019.02.005 | - |
dc.contributor.localauthor | Kang, Brent Byunghoon | - |
dc.contributor.nonIdAuthor | Kwak, Kuenhwan | - |
dc.contributor.nonIdAuthor | Kim, Donguk | - |
dc.description.isOpenAccess | N | - |
dc.type.journalArticle | Article | - |
dc.subject.keywordAuthor | Anti emulation | - |
dc.subject.keywordAuthor | Software analysis | - |
dc.subject.keywordAuthor | Large scale deployment | - |
dc.subject.keywordAuthor | Misaligned vectorization | - |
dc.subject.keywordAuthor | Commercial-off-the-shelf | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.