CRII: SaTC: Simplification of Mixed Boolean-Arithmetic Obfuscated Expression

CRII：SaTC：混合布尔算术混淆表达式的简化

• 批准号: 1948489
• 负责人: Dongpeng Xu
• 金额: $ 17.5万
• 依托单位: University of New Hampshire
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-05-01 至 2023-04-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1948489&HistoricalAwards=false
• 关键词: CRII; SaTC; Simplification; Mixed; Boolean

Software obfuscation is a transformation procedure to make a program difficult to understand, but still preserves all of the program's original behavior. Mixed-Boolean-Arithmetic (MBA) obfuscation is a powerful and efficient obfuscation method. It transforms simple calculations to very complex expressions with mixed Boolean and arithmetic operators. Since many malware developers have adopted obfuscation techniques to hide malware from detection, analyzing obfuscated programs plays a crucial role in modern software security. This project seeks to effectively reverse MBA obfuscation result, which means to recover the original program logic from an obfuscated program produced by MBA transformation.The objective of this project is to unveil the theoretical and practical attributes of MBA obfuscation. This research reveals the undiscovered fundamental weakness of MBA obfuscation and consequently challenges the existing design of MBA obfuscation. The research tasks include: 1) developing an arithmetic-based simplification method to reverse normal MBA obfuscation; 2) simplifying multi-granularity MBA obfuscation; and 3) reducing generic non-linear MBA expression. This project will advance human knowledge about MBA de-obfuscation and produce practical MBA reverse analysis tools.The project will enable broader adoption of formal methods in security analysis applications and inspire more interdisciplinary research across programming languages and software security. The developed methods and data set will be publicly available. Besides, this project will facilitate the development of novel educational tools to enhance several current courses at The University of New Hampshire (UNH). The minority students and under-served populations will be engaged in both research and extracurricular activities (such as Capture-the-Flag competition) to participate in cutting-edge cyber-security research.Source code, documentation, experimental results, and scholarly publications, will be managed using the distributed version control system Git. New curriculum materials will be organized by the course management system at UNH. A local repository copy will be stored in the backup servers at UNH SoftSec Group. Data will be retained for at least three years beyond the award period. The scholarly publications, presentations, and open-source code will be available on the homepage (https://www.cs.unh.edu/~dxu).This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

软件混淆是一种转换过程，使程序难以理解，但仍然保留了程序的所有原始行为。混合布尔算术（MBA）混淆是一种强大而有效的混淆方法。它将简单的计算转换为具有混合布尔和算术运算符的非常复杂的表达式。由于许多恶意软件开发人员采用混淆技术来隐藏恶意软件，因此分析混淆程序在现代软件安全中起着至关重要的作用。本课题旨在有效地对MBA混淆结果进行逆向处理，即从MBA混淆转换产生的混淆程序中恢复出原始程序逻辑，揭示MBA混淆的理论和实践属性。这项研究揭示了MBA混淆未被发现的根本弱点，从而挑战了现有的MBA混淆设计。研究任务包括：1）开发一种基于算术的简化方法来反转正常MBA混淆; 2）简化多粒度MBA混淆;以及3）减少通用非线性MBA表达式。该项目将促进人类对MBA去混淆的认识，并产生实用的MBA反向分析工具。该项目将使安全分析应用程序更广泛地采用形式化方法，并激发更多跨编程语言和软件安全的跨学科研究。所制定的方法和数据集将向公众提供。此外，该项目将促进开发新的教育工具，以加强新罕布什尔州大学（UNH）目前的几门课程。少数民族学生和弱势群体将参与研究和课外活动（如夺旗比赛），参与尖端的网络安全研究。源代码，文档，实验结果和学术出版物将使用分布式版本控制系统Git进行管理。新的课程材料将由联合国总部的课程管理系统组织。本地存储库副本将存储在UNH SoftSec Group的备份服务器中。数据将在奖励期后至少保留三年。学术出版物，演讲和开源代码将在主页上提供（https：//www.cs.unh.edu/pandidxu）。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

GraphMR: Graph Neural Network for Mathematical Reasoning

• DOI: 10.18653/v1/2021.emnlp-main.273
• 发表时间: 2021
• 作者: Weijie Feng;Binbin Liu;Dongpeng Xu;Qilong Zheng;Yun Xu

Software Obfuscation with Non-Linear Mixed Boolean-Arithmetic Expressions

• DOI: 10.1007/978-3-030-86890-1_16
• 发表时间: 2021
• 作者: Binbin Liu;Weijie Feng;Qilong Zheng;Jing Li;Dongpeng Xu

MBA-Blast: Unveiling and Simplifying Mixed Boolean-Arithmetic Obfuscation

• 发表时间: 2021
• 作者: Binbin Liu;Junfu Shen;Jiang Ming;Qilong Zheng;Jing Li;Dongpeng Xu

Boosting SMT solver performance on mixed-bitwise-arithmetic expressions

• DOI: 10.1145/3453483.3454068
• 发表时间: 2021-06
• 期刊: Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation
• 作者: Dongpeng Xu;Binbin Liu;Weijie Feng;Jiang Ming;Qilong Zheng;Jing Li;Qiaoyan Yu

An In-Place Simplification on Mixed Boolean-Arithmetic Expressions

• DOI: 10.1155/2022/7307139
• 发表时间: 2022-09
• 期刊: Security and Communication Networks
• 作者: Binbin Liu;Qilong Zheng;Jing Li;Dongpeng Xu