Software obfuscation techniques can prevent binary diffing techniques from locating vulnerable code by obfuscating the third-party code, to achieve the purpose of protecting embedded device software. With the rapid development of binary diffing techniques, they can achieve more and more accurate function matching and identification by extracting the features within the function. This makes existing software obfuscation techniques, which mainly focus on the intra-procedural code obfuscation, no longer effective. In this paper, we propose a new inter-procedural code obfuscation mechanism Khaos, which moves the code across functions to obfuscate the function by using compilation optimizations. Two obfuscation primitives are proposed to separate and aggregate the function, which are called fission and fusion respectively. A prototype of Khaos is implemented based on the LLVM compiler and evaluated on a large number of real-world programs including SPEC CPU 2006 & 2017, CoreUtils, JavaScript engines, etc. Experimental results show that Khaos outperforms existing code obfuscations and can significantly reduce the accuracy rates of five state-of-the-art binary diffing techniques (less than 19%) with lower runtime overhead (less than 7%).

翻译：软件混淆技术能够通过混淆第三方代码，阻止二进制差异分析技术定位存在漏洞的代码，从而保护嵌入式设备软件。随着二进制差异分析技术的快速发展，它们可以通过提取函数内部特征实现越来越精确的函数匹配与识别。这使得现有主要关注过程内代码混淆的软件混淆技术不再有效。本文提出一种新的过程间代码混淆机制Khaos，它利用编译优化技术跨函数移动代码以混淆函数结构。我们提出了两种混淆原语——分割与融合，分别实现函数的分离与聚合。基于LLVM编译器实现了Khaos原型，并在包含SPEC CPU 2006 & 2017、CoreUtils、JavaScript引擎等大量真实程序上进行了评估。实验结果表明，Khaos优于现有代码混淆方法，能够显著降低五种最先进二进制差异分析技术的准确率（低于19%），同时运行时开销更低（低于7%）。