Table of contents

  • This session has been presented February 25, 2022.

Description

  • Speaker

    Grégoire Menguy (CEA LIST)

Code obfuscation aims at protecting Intellectual Property and other secrets embedded into software from being retrieved. Recent works leverage advances in artificial intelligence (AI) with the hope of getting blackbox deobfuscators completely immune to standard (whitebox) protection mechanisms. While promising, this new field of AI-based, and more specifically search-based blackbox deobfuscation, is still in its infancy. We deepen the state of search-based blackbox deobfuscation in three key directions: understand the current state-of-the-art, improve over it and design dedicated protection mechanisms. In particular, we define a novel generic framework for search-based blackbox deobfuscation encompassing prior work and highlighting key components; we are the first to point out that the search space underlying code deobfuscation is too unstable for simulation-based methods (e.g., Monte Carlo Tree Search used in prior work) and advocate the use of robust methods such as S-metaheuristics; we propose the new optimized search-based blackbox deobfuscator Xyntia which significantly outperforms prior work in terms of success rate (especially with small time budget) while being completely immune to the most recent anti-analysis code obfuscation methods; and finally we propose two novel protections against search-based blackbox deobfuscation, allowing to counter Xyntia powerful attacks. This work has been published at ACM CCS 2021.

Practical infos

  • Presentation documents

Next sessions

  • Les jeux vidéo de l’écran au réel : enjeux juridiques et (géo)politiques au prisme de la cybersécurité

    • February 11, 2026 (14:00 - 15:30)

    • Pôle Numérique Rennes Beaulieu (PNRB)

    Speaker : Léandre Lebon, Sandrine Turgis - Univ Rennes, IODE

    Protection des droits d’auteur, lutte contre les techniques de triche, interactions avec la guerre et les conflits hybrides, enjeux de démocratie ... Sous l’angle de la cybersécurité les enjeux juridiques et (géo)politiques des jeux video sont nombreux. Cette présentation du groupe de travail sur les jeux video (GTJV) permettra d’alimenter la réflexion sur l’articulation entre jeux video et[…]

    • Law

  • The Quest for my Perfect MATE. Investigate MATE: Man-at-the-End attacker (followed by a hands-on application). 

    • February 11, 2026 (16:00 - 17:30)

    • Pôle Numérique Rennes Beaulieu (PNRB)

    Speaker : Mohamed Sabt, Etienne Nedjaï - Univ Rennes, IRISA

    Shannon sought security against an attacker with unlimited computational powers: if an information source conveys some information, then Shannon’s attacker will surely extract that information. Diffie and Hellman refined Shannon’s attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer[…]
Show previous sessions
Page top