We introduce bugfuscation, a code obfuscation technique relying on bugs or vulnerabilities to hide part of the control flow of a target program. The technique has been evaluated on Java programs on the Java virtual machine and also affects Android’s Dalvik virtual machine and the more modern Android Run time ART. The approach bypasses automated static program verification and validation techniques such as state-of-the-art taint trackers. At least 95.6% of all OpenJDK versions from 1.6 to 21.0.4 and 71.6% of Android versions from version 2.3 to 15 contain the necessary vulnerability to bugfuscate Java or Android code.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Bugfuscation

  • Alexandre Bartel

摘要

We introduce bugfuscation, a code obfuscation technique relying on bugs or vulnerabilities to hide part of the control flow of a target program. The technique has been evaluated on Java programs on the Java virtual machine and also affects Android’s Dalvik virtual machine and the more modern Android Run time ART. The approach bypasses automated static program verification and validation techniques such as state-of-the-art taint trackers. At least 95.6% of all OpenJDK versions from 1.6 to 21.0.4 and 71.6% of Android versions from version 2.3 to 15 contain the necessary vulnerability to bugfuscate Java or Android code.