Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10]

@

Journal of Information Science and Engineering, Vol. 28 No. 5, pp. 813-827 (September 2012)

SPAD: Software Protection Through Anti-Debugging Using Hardware-Assisted Virtualization*

ZHENGWEI QI, BINGYU LI, QIAN LIN, MIAO YU, MINGYUAN XIA AND HAIBING GUAN
Shanghai Key Laboratory of Scalable Computing and Systems
Shanghai Jiao Tong University
Shanghai, 200240 P.R. China

Debugging usually facilitates the dynamic analysis of runtime application for software development. Yet it can also be a threat to system security when adopted by malicious attackers, and hence anti-debugging becomes valuable. The major challenges of software-only anti-debugging are the compromised strategy and lack of self-protection. This paper proposes software protection through anti-debugging (SPAD), a technique that imperceptibly monitors the behavior of debuggers. Leveraging hardware virtualization, SPAD detects debugging behavior by intercepting debug events on a higher privilege level than the conventional kernel space. Our experiment shows that SPAD can effectively prohibit the debugging behavior from 8 popular debuggers while the overhead incurred is 1.14%.

Keywords: software protection, anti-debugging, hardware-assisted virtualization, self-protection, system security

Full Text () Retrieve PDF document (201209_01.pdf)

Received May 31, 2011; accepted March 31, 2012.
Communicated by Jiman Hong, Junyoung Heo and Tei-Wei Kuo.
* This work was supported by the National Natural Science Foundation of China (Grant No. 60873209, 60970-107, 60970108, 61073151), the Key Program for Basic Research of Shanghai (Grant No. 10511500100, 10DZ15-00200, 11530700500), IBM SUR Funding and IBM Research-China JP Funding.