Control flow obfuscation with information flow tracking

Haibo Chen, Liwei Yuan, Xi Wu, Binyu Zang, Bo Huang, Pen Chung Yew

Research output: Contribution to journalConference articlepeer-review

38 Scopus citations


Recent micro-architectural research has proposed various schemes to enhance processors with additional tags to track various properties of a program. Such a technique, which is usually referred to as information flow tracking, has been widely applied to secure software execution (e.g., taint tracking), protect software privacy and improve performance (e.g., control speculation). In this paper, we propose a novel use of information flow tracking to obfuscate the whole control flow of a program with only modest performance degradation, to defeat malicious code injection, discourage software piracy and impede malware analysis. Specifically, we exploit two common features in information flow tracking: the architectural support for automatic propagation of tags and violation handling of tag misuses. Unlike other schemes that use tags as oracles to catch attacks (e.g., taint tracking) or speculation failures, we use the tags as flow-sensitive predicates to hide normal control flow transfers: the tags are used as predicates for control flow transfers to the violation handler, where the real control flow transfer happens. We have implemented a working prototype based on Itanium processors, by leveraging the hardware support for control speculation. Experimental results show that BOSH can obfuscate the whole control flow with only a mean of 26.7% (ranging from 4% to 59%) overhead on SPECINT2006. The increase in code size and compilation time is also modest.

Original languageEnglish (US)
Pages (from-to)391-400
Number of pages10
JournalProceedings of the Annual International Symposium on Microarchitecture, MICRO
StatePublished - 2009
Event42nd Annual IEEE/ACM International Symposium on Microarchitecture, Micro-42 - New York, NY, United States
Duration: Dec 12 2009Dec 16 2009


  • Control flow obfuscation
  • Control speculation
  • Information flow tracking
  • Opaque predicate


Dive into the research topics of 'Control flow obfuscation with information flow tracking'. Together they form a unique fingerprint.

Cite this