Semantics-based code obfuscation by abstract interpretation
@article{Preda2009SemanticsbasedCO, title={Semantics-based code obfuscation by abstract interpretation}, author={Mila Dalla Preda and Roberto Giacobazzi}, journal={J. Comput. Secur.}, year={2009}, volume={17}, pages={855-908} }
In recent years code obfuscation has attracted research interest as a promising technique for protecting secret properties of programs. The basic idea of code obfuscation is to transform programs in order to hide their sensitive information while preserving their functionality. One of the major drawbacks of code obfuscation is the lack of a rigorous theoretical framework that makes it difficult to formally analyze and certify the effectiveness of obfuscating techniques. We face this problem by…
57 Citations
Maximal incompleteness as obfuscation potency
- Computer Science, MathematicsFormal Aspects of Computing
- 2016
This paper proposes a formal model for specifying and understanding the strength of obfuscating transformations with respect to a given attack model and introduces a framework for transforming abstract domains, i.e., analyses, towards incompleteness.
Making Abstract Interpretation Incomplete: Modeling the Potency of Obfuscation
- Computer ScienceSAS
- 2012
It is shown that, for both the forms of completeness, backward and forward, the authors can uniquely simplify domains towards incompleteness, while in general it is not possible to uniquely refine domains.
Characterizing a property-driven obfuscation strategy
- Computer Science, MathematicsJ. Comput. Secur.
- 2018
This work studies the existence and the characterization of function transformers that minimally or maximally modify a program in order to reveal or conceal a certain property, and provides a characterization of the maximal obfuscating strategy for transformations concealing a given property while revealing the desired observational behavior.
Obfuscation by partial evaluation of distorted interpreters
- Computer SciencePEPM '12
- 2012
This work presents a novel approach to automatically generating obfuscated code P2 from any program P whose source code is given, and is applied to: code flattening, data-type obfuscation, and opaque predicate insertion.
Quantitative measures for code obfuscation security
- Computer Science, Mathematics
- 2016
The notion of unintelligibility, an intuitive way to define code obfuscation, is introduced, and it is argued that it is not sufficient to capture the security of codefuscation, and a more powerful security definition is presented that is able to effectively capture code obfuscations security.
Code Obfuscation Against Abstract Model Checking Attacks
- Computer ScienceVMCAI
- 2018
A measure of the quality of the obfuscation obtained by model deformation is given together with a corresponding best obfuscation strategy for abstract model checking based on partition refinement.
Code obfuscation against abstraction refinement attacks
- Computer ScienceFormal Aspects of Computing
- 2018
The concept of model deformation inducing an effective code obfuscation against attacks performed by abstract model checking is introduced, to make the removal of spurious counterexamples by abstraction refinement maximally inefficient.
Evaluating model checking for cyber threats code obfuscation identification
- Computer ScienceJ. Parallel Distributed Comput.
- 2018
The current state of art in program obfuscations: definitions of obfuscation security
- Computer Science, MathematicsProgramming and Computer Software
- 2015
A survey of various definitions of obfuscation security and basic results that establish possibility or impossibility of secure program obfuscation under certain cryptographic assumptions are given.
References
SHOWING 1-10 OF 65 REFERENCES
Control code obfuscation by abstract interpretation
- Computer ScienceThird IEEE International Conference on Software Engineering and Formal Methods (SEFM'05)
- 2005
It is proved that abstract interpretation provides the adequate setting to measure the potency of an obfuscation algorithm by comparing the degree of abstraction of the most abstract domains which are able to disclose opaque predicates.
Semantic-Based Code Obfuscation by Abstract Interpretation
- Computer ScienceICALP
- 2005
A general theory based on abstract interpretation is derived, where the potency of code obfuscation can be measured by comparing hidden properties in the lattice of abstract interpretations.
A Taxonomy of Obfuscating Transformations
- Computer Science
- 1997
It is argued that automatic code obfuscation is currently the most viable method for preventing reverse engineering and the design of a code obfuscator is described, a tool which converts a program into an equivalent one that is more diicult to understand and reverse engineer.
On the (im)possibility of obfuscating programs : (Extended abstract)
- Computer Science, MathematicsCRYPTO 2001
- 2001
Informally, an obfuscator O is an (efficient, probabilistic) compiler that takes as input a program (or circuit) P and produces a new program O(P) that has the same functionality as P yet is…
Manufacturing cheap, resilient, and stealthy opaque constructs
- Computer SciencePOPL '98
- 1998
The design of a Java code obfuscator is described, a tool which - through the application of code transformations - converts a Java program into an equivalent one that is more difficult to reverse engineer.
Opaque Predicates Detection by Abstract Interpretation
- Computer ScienceAMAST
- 2006
Code obfuscation and software watermarking are well known techniques designed to prevent the illegal reuse of software. Code obfuscation prevents malicious reverse engineering, while software…
Deobfuscation: reverse engineering obfuscated code
- Computer Science12th Working Conference on Reverse Engineering (WCRE'05)
- 2005
This paper examines techniques for automatic deobfuscation of obfuscated programs, as a step towards reverse engineering such programs, and indicates that much of the effects of code obfuscation can be defeated using simple combinations of straightforward static and dynamic analyses.
Manufacturing opaque predicates in distributed systems for code obfuscation
- Computer ScienceACSC
- 2006
A novel method of combining the open problems of distributed global state detection with a well-known hard combinatorial problem to manufacture opaque predicates is proposed, capable of withstanding most known forms of automated static analysis attacks and a restricted class of dynamic analysis attack that could be mounted by adversaries.
Deobfuscation: Improving reverse engineering of obfuscated code
- Computer Science
- 2005
In the context of software engineering, it is shown how dynamic analyses can be used to enhance reverse engineering, even for code that has been designed to be difficult to reverse engineer.
Breaking abstractions and unstructuring data structures
- Computer Science, MathematicsProceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225)
- 1998
This paper shows how to obfuscate classes, arrays, procedural abstractions and built-in data types like strings, integers and booleans in a control flow obfuscator for Java.