SGXCrypter

IP protection for portable executables using Intel's SGX technology

Dimitrios Tychalas, Nektarios Georgios Tsoutsos, Mihalis Maniatakos

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Executable packing schemes are popular for obfuscating the binary code of a target program through compression or encryption, and can be leveraged for protecting proprietary code against analysis and reverse engineering. Although achieving their confidentiality objective, packed executables are prepended with decryption or decompression code that processes the rest of the binary, which is a lucrative target for reverse-engineering attackers. To thwart such attacks, we introduce a novel packing scheme called SGXCrypter, which utilizes Intel's novel Software Guard Extensions to securely unpack and execute Windows binaries. Unlike state-of-the-art crypters, SGXCrypter's code is never flagged as malicious against 35 popular antivirus engines, minimally increasing the loading time of the protected executable by an average of 0.6 seconds per MB.

    Original languageEnglish (US)
    Title of host publication2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages354-359
    Number of pages6
    ISBN (Electronic)9781509015580
    DOIs
    StatePublished - Feb 16 2017
    Event22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017 - Chiba, Japan
    Duration: Jan 16 2017Jan 19 2017

    Other

    Other22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017
    CountryJapan
    CityChiba
    Period1/16/171/19/17

    Fingerprint

    Reverse engineering
    Binary codes
    Cryptography
    Engines

    ASJC Scopus subject areas

    • Electrical and Electronic Engineering
    • Computer Science Applications
    • Computer Graphics and Computer-Aided Design

    Cite this

    Tychalas, D., Tsoutsos, N. G., & Maniatakos, M. (2017). SGXCrypter: IP protection for portable executables using Intel's SGX technology. In 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017 (pp. 354-359). [7858348] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASPDAC.2017.7858348

    SGXCrypter : IP protection for portable executables using Intel's SGX technology. / Tychalas, Dimitrios; Tsoutsos, Nektarios Georgios; Maniatakos, Mihalis.

    2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 354-359 7858348.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Tychalas, D, Tsoutsos, NG & Maniatakos, M 2017, SGXCrypter: IP protection for portable executables using Intel's SGX technology. in 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017., 7858348, Institute of Electrical and Electronics Engineers Inc., pp. 354-359, 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017, Chiba, Japan, 1/16/17. https://doi.org/10.1109/ASPDAC.2017.7858348
    Tychalas D, Tsoutsos NG, Maniatakos M. SGXCrypter: IP protection for portable executables using Intel's SGX technology. In 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 354-359. 7858348 https://doi.org/10.1109/ASPDAC.2017.7858348
    Tychalas, Dimitrios ; Tsoutsos, Nektarios Georgios ; Maniatakos, Mihalis. / SGXCrypter : IP protection for portable executables using Intel's SGX technology. 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 354-359
    @inproceedings{c4255846b2214a5abf9ce985f1ec6c4a,
    title = "SGXCrypter: IP protection for portable executables using Intel's SGX technology",
    abstract = "Executable packing schemes are popular for obfuscating the binary code of a target program through compression or encryption, and can be leveraged for protecting proprietary code against analysis and reverse engineering. Although achieving their confidentiality objective, packed executables are prepended with decryption or decompression code that processes the rest of the binary, which is a lucrative target for reverse-engineering attackers. To thwart such attacks, we introduce a novel packing scheme called SGXCrypter, which utilizes Intel's novel Software Guard Extensions to securely unpack and execute Windows binaries. Unlike state-of-the-art crypters, SGXCrypter's code is never flagged as malicious against 35 popular antivirus engines, minimally increasing the loading time of the protected executable by an average of 0.6 seconds per MB.",
    author = "Dimitrios Tychalas and Tsoutsos, {Nektarios Georgios} and Mihalis Maniatakos",
    year = "2017",
    month = "2",
    day = "16",
    doi = "10.1109/ASPDAC.2017.7858348",
    language = "English (US)",
    pages = "354--359",
    booktitle = "2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017",
    publisher = "Institute of Electrical and Electronics Engineers Inc.",

    }

    TY - GEN

    T1 - SGXCrypter

    T2 - IP protection for portable executables using Intel's SGX technology

    AU - Tychalas, Dimitrios

    AU - Tsoutsos, Nektarios Georgios

    AU - Maniatakos, Mihalis

    PY - 2017/2/16

    Y1 - 2017/2/16

    N2 - Executable packing schemes are popular for obfuscating the binary code of a target program through compression or encryption, and can be leveraged for protecting proprietary code against analysis and reverse engineering. Although achieving their confidentiality objective, packed executables are prepended with decryption or decompression code that processes the rest of the binary, which is a lucrative target for reverse-engineering attackers. To thwart such attacks, we introduce a novel packing scheme called SGXCrypter, which utilizes Intel's novel Software Guard Extensions to securely unpack and execute Windows binaries. Unlike state-of-the-art crypters, SGXCrypter's code is never flagged as malicious against 35 popular antivirus engines, minimally increasing the loading time of the protected executable by an average of 0.6 seconds per MB.

    AB - Executable packing schemes are popular for obfuscating the binary code of a target program through compression or encryption, and can be leveraged for protecting proprietary code against analysis and reverse engineering. Although achieving their confidentiality objective, packed executables are prepended with decryption or decompression code that processes the rest of the binary, which is a lucrative target for reverse-engineering attackers. To thwart such attacks, we introduce a novel packing scheme called SGXCrypter, which utilizes Intel's novel Software Guard Extensions to securely unpack and execute Windows binaries. Unlike state-of-the-art crypters, SGXCrypter's code is never flagged as malicious against 35 popular antivirus engines, minimally increasing the loading time of the protected executable by an average of 0.6 seconds per MB.

    UR - http://www.scopus.com/inward/record.url?scp=85015327650&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=85015327650&partnerID=8YFLogxK

    U2 - 10.1109/ASPDAC.2017.7858348

    DO - 10.1109/ASPDAC.2017.7858348

    M3 - Conference contribution

    SP - 354

    EP - 359

    BT - 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017

    PB - Institute of Electrical and Electronics Engineers Inc.

    ER -