Abstract
Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of model deformation inducing an effective code obfuscation against attacks performed by abstract model checking. This means complicating the model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack.We transform the program model in order to make the removal of spurious counterexamples by abstraction refinement maximally inefficient. Because our approach is intended to defeat the fundamental abstraction refinement strategy, we are independent from the specific attack carried out by abstract model checking. A measure of the quality of the obfuscation obtained by model deformation is given together with a corresponding best obfuscation strategy for abstract model checking based on partition refinement.
Similar content being viewed by others
References
Banescu S, Collberg CS, Ganesh V, Newsham Z, Pretschner A., (2016) Code obfuscation against symbolic execution attacks. In: Schwab S, Robertson WK, Balzarotti D (eds) Proc. 32nd annual conference on computer security applications, ACSAC 2016. ACM, pp. 189–200
Barak B., Goldreich O., Impagliazzo R., Rudich S., Sahai A., Vadhan S., Yang K.: On the (im)possibility of obfuscating programs. J ACM 59(2), 6 (2012)
Bruni R, Giacobazzi R, Gori R (2018) Code obfuscation against abstract model checking attacks. In: Dillig I, Palsberg J., (eds) Verification, model checking, and abstract interpretation—19th international conference, VMCAI 2018, LosAngeles, CA, USA, January 7-9, 2018. Proceedings, volume 10747 of lecture notes in computer science. Springer, pp. 94–115
Clarke E., Grumberg O., Jha S., Lu Y., Veith H.: Counter example-guided abstraction refinement for symbolic model checking. J ACM 50(5), 752–794 (2003)
Clarke E, Grumberg O, Long D (1992) Model checking and abstraction. In: Proc. of the 19th ACM symp. on principles of programming languages (POPL ’92). ACM Press, pp. 343–354
Clarke E., Grumberg O., Long D.: checking and abstraction. ACM Trans Program Lang Syst 16(5), 1512–1542 (1994)
Clarke E., Grumberg O., Long D.: Model checking and abstraction. ACM Trans Program Lang Syst 16(5), 1512–1542 (1994)
Collberg C., Davidson J., Giacobazzi R., Gu Y., Herzberg A., Wang F.: Toward digital asset protection. IEEE Intell Syst 26(6), 8–13 (2011)
Collberg C., Nagra J.: Surreptitious software: obfuscation, watermarking, and tamperproofing for software protection. Addison-Wesley Professional, Boston (2009)
Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of the 4th ACM symp. on principles of programming languages (POPL ’77). ACM Press, pp. 238–252
Cousot P, Cousot R (2004) An abstract interpretation-based framework for software watermarking. In: Proc. of the 31st ACM symp. on principles of programming languages (POPL ’04). ACM Press, New York, pp. 173–185
Dalla Preda M., Giacobazzi R.: Semantics-based code obfuscation by abstract interpretation. J Comput Secur 17(6), 855–908 (2009)
David R (2017) Formal approaches for automatic deobfuscation and reverse-engineering of protected codes. (Approches formelles de désobfuscation automatique et de rétro-ingénierie de codes protégés). PhD thesis, University of Lorraine, Nancy, France
Emerson EA., (1990) Temporal and modal logic. In: van Leeuwen J, (ed) Handbook of theoretical computer science, volume B: formal models and semantics. Elsevier, Amsterdam and The MIT Press, Cambridge, Mass
Feist J., Mounier L., Potet M.: Statically detecting use after free on binary code. J Comput Virol Hack Tech 10(3), 211–217 (2014)
Giacobazzi R (2008) Hiding information in completeness holes—new perspectives in code obfuscation and watermarking. In: Proc. of the 6th IEEE int conferences on software engineering and formal methods (SEFM’08). IEEE Press, pp. 7–20
Giacobazzi R., Jones ND., Mastroeni I., (2012) Obfuscation by partial evaluation of distorted interpreters. In: Proc. of the ACM SIGPLAN symp. on partial evaluation and semantics-based program manipulation (PEPM’12), pp. 63–72. ACM Press
Giacobazzi R,Quintarelli E (2001) Incompleteness, counterexamples and refinements in abstract model-checking. In: Proc. of the 8th int. static analysis symp. (SAS’01), volume 2126 of lecture notes in computer science. Springer, pp 356–373
Giacobazzi R., Ranzato F., Scozzari F.: Making abstract interpretation complete. J ACM 47(2), 361–416 (2000)
Kinder J (2012) Towards static analysis of virtualization-obfuscated binaries. In: 19th working conference on reverse engineering, WCRE 2012, Kingston, ON, Canada, October 15–18, 2012, pp. 61–70. IEEE Computer Society
Kinder J, Katzenbeisser S, Schallhart C, Veith H, (2005) Detecting malicious code by model checking. In: Julisch K, Krügel C (eds) Detection of intrusions and malware, and vulnerability assessment, second international conference, DIMVA2005, Vienna, Austria, July 7–8, 2005, proceedings, volume 3548 of lecture notes in computer science. Springer, pp. 174–187
Löwe S (2017) Effective approaches to abstraction refinement for automatic software verification. PhD thesis, University of Passau, Germany
Microsoft. Static driver verifier website (last consulted november 2017), 2017. https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/static-driver-verifier.
Nagra J., Thomborson CD., Collberg C.: A functional taxonomy for software watermarking. Aust Comput Sci Commun 24(1), 177–186 (2002)
Ranzato F., Tapparo F.: Generalized strong preservation by abstract interpretation. J Logic Comput 17(1), 157–197 (2007)
Rice H.: Classes of recursively enumerable sets and their decision problems. Trans Am Math Soc 74, 358–366 (1953)
Ritchey RW, Ammann P (2000) Using model checking to analyze network vulnerabilities. In: 2000 IEEE symposium on security and privacy, Berkeley, California, USA, May 14–17, 2000. IEEE Computer Society, pp. 156–165
Schmidt DA (1998) Data flow analysis is model checking of abstract interpretations. In: MacQueen DB, Cardelli L (eds) POPL ’98, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on principles of programming languages, San Diego, CA, USA, January 19–21, 1998. ACM, pp. 38–48
Schmidt DA, Steffen B (1998) Program analysis as model checking of abstract interpretations. In: Levi G (ed) Static analysis, 5th international symposium, SAS ’98, Pisa, Italy, September 14–16, 1998, proceedings, volume 1503 of lecture notes in computer science. Springer, pp 351–380
TCIPG.ORG. Vulnerability assessment tool using model checking, fact sheet (last consulted march 2018), 2018. https:// tcipg.org/sites/default/files/factsheets/FactSheet_Vulnerability-Assessment.pdf.
Venkatesan R,Vazirani V, Sinha S (2001) A graph theoretic approach to software watermarking. In: Proc. 4th int.workshop on information hiding (IHW ’01), volume 2137 of lecture notes in computer science. Springer, pp. 157–168
Wang C, Hill J, Knight JC, Davidson JW (2001) Protection of software-based survivability mechanisms. In: 2001 international conference on dependable systems and networks (DSN 2001) (formerly: FTCS), 1-4 July 2001, Göteborg, Sweden, Proceedings. IEEE Computer Society, pp. 193–202
Yadegari B (2016) Automatic deobfuscation and reverse engineering of obfuscated code. PhD thesis, University of Arizona, Tucson, USA
Yadegari B, Johannesmeyer B, Whitely B, Debray S (2015) A generic approach to automatic deobfuscation of executable code. In: 2015 IEEE symposium on security and privacy, SP 2015, San Jose, CA, USA,May 17–21, 2015. IEEE Computer Society, pp 674–691
Acknowledgement
We are very grateful to Alberto Lluch-Lafuente for the fruitful discussions we had on the subject of this paper. Research partially supported by University of Pisa PRA-2016-64 Project Through the fog.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Michael Butler
Rights and permissions
About this article
Cite this article
Bruni, R., Giacobazzi, R. & Gori, R. Code obfuscation against abstraction refinement attacks. Form Asp Comp 30, 685–711 (2018). https://doi.org/10.1007/s00165-018-0462-6
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-018-0462-6