¡@

Debugging usually facilitates the dynamic analysis of runtime application for software development. Yet it can also be a threat to system security when adopted by malicious attackers, and hence anti-debugging becomes valuable. The major challenges of software-only anti-debugging are the compromised strategy and lack of self-protection. This paper proposes software protection through anti-debugging (SPAD), a technique that imperceptibly monitors the behavior of debuggers. Leveraging hardware virtualization, SPAD detects debugging behavior by intercepting debug events on a higher privilege level than the conventional kernel space. Our experiment shows that SPAD can effectively prohibit the debugging behavior from 8 popular debuggers while the overhead incurred is 1.14%.

Keywords: software protection, anti-debugging, hardware-assisted virtualization, self-protection, system security

Retrieve PDF document (201209_01.pdf)

Received May 31, 2011; accepted March 31, 2012.
Communicated by Jiman Hong, Junyoung Heo and Tei-Wei Kuo.
^* This work was supported by the National Natural Science Foundation of China (Grant No. 60873209, 60970-107, 60970108, 61073151), the Key Program for Basic Research of Shanghai (Grant No. 10511500100, 10DZ15-00200, 11530700500), IBM SUR Funding and IBM Research-China JP Funding.