JISE


  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]


Journal of Information Science and Engineering, Vol. 28 No. 5, pp. 813-827


SPAD: Software Protection Through Anti-Debugging Using Hardware-Assisted Virtualization


ZHENGWEI QI, BINGYU LI, QIAN LIN, MIAO YU, MINGYUAN XIA AND HAIBING GUAN
Shanghai Key Laboratory of Scalable Computing and Systems 
Shanghai Jiao Tong University 
Shanghai, 200240 P.R. China


    Debugging usually facilitates the dynamic analysis of runtime application for software development. Yet it can also be a threat to system security when adopted by malicious attackers, and hence anti-debugging becomes valuable. The major challenges of software-only anti-debugging are the compromised strategy and lack of self-protection. This paper proposes software protection through anti-debugging (SPAD), a technique that imperceptibly monitors the behavior of debuggers. Leveraging hardware virtualization, SPAD detects debugging behavior by intercepting debug events on a higher privilege level than the conventional kernel space. Our experiment shows that SPAD can effectively prohibit the debugging behavior from 8 popular debuggers while the overhead incurred is 1.14%.


Keywords: software protection, anti-debugging, hardware-assisted virtualization, self-protection, system security

  Retrieve PDF document (JISE_201205_01.pdf)