SPAD: Software Protection Through Anti-Debugging Using Hardware-Assisted Virtualization
ZHENGWEI QI, BINGYU LI, QIAN LIN, MIAO YU, MINGYUAN XIA AND HAIBING GUAN Shanghai Key Laboratory of Scalable Computing and Systems Shanghai Jiao Tong University Shanghai, 200240 P.R. China
Debugging usually facilitates the dynamic analysis of runtime application for software development. Yet it can also be a threat to system security when adopted by malicious attackers, and hence anti-debugging becomes valuable. The major challenges of software-only anti-debugging are the compromised strategy and lack of self-protection. This paper proposes software protection through anti-debugging (SPAD), a technique that imperceptibly monitors the behavior of debuggers. Leveraging hardware virtualization, SPAD detects debugging behavior by intercepting debug events on a higher privilege level than the conventional kernel space. Our experiment shows that SPAD can effectively prohibit the debugging behavior from 8 popular debuggers while the overhead incurred is 1.14%.