COVER: Enhancing virtualization obfuscation through dynamic scheduling using flash controller-based secure module

Abstract

Virtualization obfuscation is a very effective method used to protect programs from malicious analysis by obscuring their code. Due to the fixed scheduling structures, typical virtualization obfuscation schemes can be compromised by automated analysis tools. To enhance the protection strength of virtualization obfuscation, additional protection techniques of the virtualization structure have been proposed. However, previously proposed solutions incur significant performance overhead or require a strong assumption in software-protection techniques. We present COVER, a novel virtualization obfuscation technique in conjunction with the flash controller. COVER enhances the obfuscation and protects the secret parameters of the virtualization structure with a flash controller-based secure module. We implement a prototype of COVER and describe a prototype implementation of a flash controller-based secure module on a Solid State Drive (SSD). We demonstrate COVER’s efficacy against various code analysis methods, and evaluate COVER’s performance using a set of real-world applications. The evaluation results demonstrate that COVER effectively protects the secret parameters of the virtualization structure and increases the effort involved in deobfuscation. Compared with two commercial obfuscators, COVER provides additional protection strength without incurring significantly more overhead in terms of runtime and code size.