SGXCrypter: IP protection for portable executables using Intel's SGX technology

Dimitrios Tychalas, Nektarios Georgios Tsoutsos, Mihalis Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Executable packing schemes are popular for obfuscating the binary code of a target program through compression or encryption, and can be leveraged for protecting proprietary code against analysis and reverse engineering. Although achieving their confidentiality objective, packed executables are prepended with decryption or decompression code that processes the rest of the binary, which is a lucrative target for reverse-engineering attackers. To thwart such attacks, we introduce a novel packing scheme called SGXCrypter, which utilizes Intel's novel Software Guard Extensions to securely unpack and execute Windows binaries. Unlike state-of-the-art crypters, SGXCrypter's code is never flagged as malicious against 35 popular antivirus engines, minimally increasing the loading time of the protected executable by an average of 0.6 seconds per MB.

Original languageEnglish (US)
Title of host publication2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages354-359
Number of pages6
ISBN (Electronic)9781509015580
DOIs
StatePublished - Feb 16 2017
Event22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017 - Chiba, Japan
Duration: Jan 16 2017Jan 19 2017

Other

Other22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017
CountryJapan
CityChiba
Period1/16/171/19/17

Fingerprint

Reverse engineering
Binary codes
Cryptography
Engines

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design

Cite this

Tychalas, D., Tsoutsos, N. G., & Maniatakos, M. (2017). SGXCrypter: IP protection for portable executables using Intel's SGX technology. In 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017 (pp. 354-359). [7858348] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ASPDAC.2017.7858348

SGXCrypter : IP protection for portable executables using Intel's SGX technology. / Tychalas, Dimitrios; Tsoutsos, Nektarios Georgios; Maniatakos, Mihalis.

2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 354-359 7858348.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Tychalas, D, Tsoutsos, NG & Maniatakos, M 2017, SGXCrypter: IP protection for portable executables using Intel's SGX technology. in 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017., 7858348, Institute of Electrical and Electronics Engineers Inc., pp. 354-359, 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017, Chiba, Japan, 1/16/17. https://doi.org/10.1109/ASPDAC.2017.7858348
Tychalas D, Tsoutsos NG, Maniatakos M. SGXCrypter: IP protection for portable executables using Intel's SGX technology. In 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 354-359. 7858348 https://doi.org/10.1109/ASPDAC.2017.7858348
Tychalas, Dimitrios ; Tsoutsos, Nektarios Georgios ; Maniatakos, Mihalis. / SGXCrypter : IP protection for portable executables using Intel's SGX technology. 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 354-359
@inproceedings{c4255846b2214a5abf9ce985f1ec6c4a,
title = "SGXCrypter: IP protection for portable executables using Intel's SGX technology",
abstract = "Executable packing schemes are popular for obfuscating the binary code of a target program through compression or encryption, and can be leveraged for protecting proprietary code against analysis and reverse engineering. Although achieving their confidentiality objective, packed executables are prepended with decryption or decompression code that processes the rest of the binary, which is a lucrative target for reverse-engineering attackers. To thwart such attacks, we introduce a novel packing scheme called SGXCrypter, which utilizes Intel's novel Software Guard Extensions to securely unpack and execute Windows binaries. Unlike state-of-the-art crypters, SGXCrypter's code is never flagged as malicious against 35 popular antivirus engines, minimally increasing the loading time of the protected executable by an average of 0.6 seconds per MB.",
author = "Dimitrios Tychalas and Tsoutsos, {Nektarios Georgios} and Mihalis Maniatakos",
year = "2017",
month = "2",
day = "16",
doi = "10.1109/ASPDAC.2017.7858348",
language = "English (US)",
pages = "354--359",
booktitle = "2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - GEN

T1 - SGXCrypter

T2 - IP protection for portable executables using Intel's SGX technology

AU - Tychalas, Dimitrios

AU - Tsoutsos, Nektarios Georgios

AU - Maniatakos, Mihalis

PY - 2017/2/16

Y1 - 2017/2/16

N2 - Executable packing schemes are popular for obfuscating the binary code of a target program through compression or encryption, and can be leveraged for protecting proprietary code against analysis and reverse engineering. Although achieving their confidentiality objective, packed executables are prepended with decryption or decompression code that processes the rest of the binary, which is a lucrative target for reverse-engineering attackers. To thwart such attacks, we introduce a novel packing scheme called SGXCrypter, which utilizes Intel's novel Software Guard Extensions to securely unpack and execute Windows binaries. Unlike state-of-the-art crypters, SGXCrypter's code is never flagged as malicious against 35 popular antivirus engines, minimally increasing the loading time of the protected executable by an average of 0.6 seconds per MB.

AB - Executable packing schemes are popular for obfuscating the binary code of a target program through compression or encryption, and can be leveraged for protecting proprietary code against analysis and reverse engineering. Although achieving their confidentiality objective, packed executables are prepended with decryption or decompression code that processes the rest of the binary, which is a lucrative target for reverse-engineering attackers. To thwart such attacks, we introduce a novel packing scheme called SGXCrypter, which utilizes Intel's novel Software Guard Extensions to securely unpack and execute Windows binaries. Unlike state-of-the-art crypters, SGXCrypter's code is never flagged as malicious against 35 popular antivirus engines, minimally increasing the loading time of the protected executable by an average of 0.6 seconds per MB.

UR - http://www.scopus.com/inward/record.url?scp=85015327650&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85015327650&partnerID=8YFLogxK

U2 - 10.1109/ASPDAC.2017.7858348

DO - 10.1109/ASPDAC.2017.7858348

M3 - Conference contribution

AN - SCOPUS:85015327650

SP - 354

EP - 359

BT - 2017 22nd Asia and South Pacific Design Automation Conference, ASP-DAC 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -