Skip to main content
SpringerLink
Log in

Code obfuscation against abstraction refinement attacks

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of model deformation inducing an effective code obfuscation against attacks performed by abstract model checking. This means complicating the model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack.We transform the program model in order to make the removal of spurious counterexamples by abstraction refinement maximally inefficient. Because our approach is intended to defeat the fundamental abstraction refinement strategy, we are independent from the specific attack carried out by abstract model checking. A measure of the quality of the obfuscation obtained by model deformation is given together with a corresponding best obfuscation strategy for abstract model checking based on partition refinement.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Banescu S, Collberg CS, Ganesh V, Newsham Z, Pretschner A., (2016) Code obfuscation against symbolic execution attacks. In: Schwab S, Robertson WK, Balzarotti D (eds) Proc. 32nd annual conference on computer security applications, ACSAC 2016. ACM, pp. 189–200

  2. Barak B., Goldreich O., Impagliazzo R., Rudich S., Sahai A., Vadhan S., Yang K.: On the (im)possibility of obfuscating programs. J ACM 59(2), 6 (2012)

    Article  MathSciNet  Google Scholar 

  3. Bruni R, Giacobazzi R, Gori R (2018) Code obfuscation against abstract model checking attacks. In: Dillig I, Palsberg J., (eds) Verification, model checking, and abstract interpretation—19th international conference, VMCAI 2018, LosAngeles, CA, USA, January 7-9, 2018. Proceedings, volume 10747 of lecture notes in computer science. Springer, pp. 94–115

  4. Clarke E., Grumberg O., Jha S., Lu Y., Veith H.: Counter example-guided abstraction refinement for symbolic model checking. J ACM 50(5), 752–794 (2003)

    Article  MathSciNet  Google Scholar 

  5. Clarke E, Grumberg O, Long D (1992) Model checking and abstraction. In: Proc. of the 19th ACM symp. on principles of programming languages (POPL ’92). ACM Press, pp. 343–354

  6. Clarke E., Grumberg O., Long D.: checking and abstraction. ACM Trans Program Lang Syst 16(5), 1512–1542 (1994)

    Article  Google Scholar 

  7. Clarke E., Grumberg O., Long D.: Model checking and abstraction. ACM Trans Program Lang Syst 16(5), 1512–1542 (1994)

    Article  Google Scholar 

  8. Collberg C., Davidson J., Giacobazzi R., Gu Y., Herzberg A., Wang F.: Toward digital asset protection. IEEE Intell Syst 26(6), 8–13 (2011)

    Article  Google Scholar 

  9. Collberg C., Nagra J.: Surreptitious software: obfuscation, watermarking, and tamperproofing for software protection. Addison-Wesley Professional, Boston (2009)

    Google Scholar 

  10. Cousot P, Cousot R (1977) Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of the 4th ACM symp. on principles of programming languages (POPL ’77). ACM Press, pp. 238–252

  11. Cousot P, Cousot R (2004) An abstract interpretation-based framework for software watermarking. In: Proc. of the 31st ACM symp. on principles of programming languages (POPL ’04). ACM Press, New York, pp. 173–185

  12. Dalla Preda M., Giacobazzi R.: Semantics-based code obfuscation by abstract interpretation. J Comput Secur 17(6), 855–908 (2009)

    Article  Google Scholar 

  13. David R (2017) Formal approaches for automatic deobfuscation and reverse-engineering of protected codes. (Approches formelles de désobfuscation automatique et de rétro-ingénierie de codes protégés). PhD thesis, University of Lorraine, Nancy, France

  14. Emerson EA., (1990) Temporal and modal logic. In: van Leeuwen J, (ed) Handbook of theoretical computer science, volume B: formal models and semantics. Elsevier, Amsterdam and The MIT Press, Cambridge, Mass

    MATH  Google Scholar 

  15. Feist J., Mounier L., Potet M.: Statically detecting use after free on binary code. J Comput Virol Hack Tech 10(3), 211–217 (2014)

    Article  Google Scholar 

  16. Giacobazzi R (2008) Hiding information in completeness holes—new perspectives in code obfuscation and watermarking. In: Proc. of the 6th IEEE int conferences on software engineering and formal methods (SEFM’08). IEEE Press, pp. 7–20

  17. Giacobazzi R., Jones ND., Mastroeni I., (2012) Obfuscation by partial evaluation of distorted interpreters. In: Proc. of the ACM SIGPLAN symp. on partial evaluation and semantics-based program manipulation (PEPM’12), pp. 63–72. ACM Press

  18. Giacobazzi R,Quintarelli E (2001) Incompleteness, counterexamples and refinements in abstract model-checking. In: Proc. of the 8th int. static analysis symp. (SAS’01), volume 2126 of lecture notes in computer science. Springer, pp 356–373

  19. Giacobazzi R., Ranzato F., Scozzari F.: Making abstract interpretation complete. J ACM 47(2), 361–416 (2000)

    Article  MathSciNet  Google Scholar 

  20. Kinder J (2012) Towards static analysis of virtualization-obfuscated binaries. In: 19th working conference on reverse engineering, WCRE 2012, Kingston, ON, Canada, October 15–18, 2012, pp. 61–70. IEEE Computer Society

  21. Kinder J, Katzenbeisser S, Schallhart C, Veith H, (2005) Detecting malicious code by model checking. In: Julisch K, Krügel C (eds) Detection of intrusions and malware, and vulnerability assessment, second international conference, DIMVA2005, Vienna, Austria, July 7–8, 2005, proceedings, volume 3548 of lecture notes in computer science. Springer, pp. 174–187

  22. Löwe S (2017) Effective approaches to abstraction refinement for automatic software verification. PhD thesis, University of Passau, Germany

  23. Microsoft. Static driver verifier website (last consulted november 2017), 2017. https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/static-driver-verifier.

  24. Nagra J., Thomborson CD., Collberg C.: A functional taxonomy for software watermarking. Aust Comput Sci Commun 24(1), 177–186 (2002)

    Google Scholar 

  25. Ranzato F., Tapparo F.: Generalized strong preservation by abstract interpretation. J Logic Comput 17(1), 157–197 (2007)

    Article  MathSciNet  Google Scholar 

  26. Rice H.: Classes of recursively enumerable sets and their decision problems. Trans Am Math Soc 74, 358–366 (1953)

    Article  MathSciNet  Google Scholar 

  27. Ritchey RW, Ammann P (2000) Using model checking to analyze network vulnerabilities. In: 2000 IEEE symposium on security and privacy, Berkeley, California, USA, May 14–17, 2000. IEEE Computer Society, pp. 156–165

  28. Schmidt DA (1998) Data flow analysis is model checking of abstract interpretations. In: MacQueen DB, Cardelli L (eds) POPL ’98, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on principles of programming languages, San Diego, CA, USA, January 19–21, 1998. ACM, pp. 38–48

  29. Schmidt DA, Steffen B (1998) Program analysis as model checking of abstract interpretations. In: Levi G (ed) Static analysis, 5th international symposium, SAS ’98, Pisa, Italy, September 14–16, 1998, proceedings, volume 1503 of lecture notes in computer science. Springer, pp 351–380

  30. TCIPG.ORG. Vulnerability assessment tool using model checking, fact sheet (last consulted march 2018), 2018. https:// tcipg.org/sites/default/files/factsheets/FactSheet_Vulnerability-Assessment.pdf.

  31. Venkatesan R,Vazirani V, Sinha S (2001) A graph theoretic approach to software watermarking. In: Proc. 4th int.workshop on information hiding (IHW ’01), volume 2137 of lecture notes in computer science. Springer, pp. 157–168

  32. Wang C, Hill J, Knight JC, Davidson JW (2001) Protection of software-based survivability mechanisms. In: 2001 international conference on dependable systems and networks (DSN 2001) (formerly: FTCS), 1-4 July 2001, Göteborg, Sweden, Proceedings. IEEE Computer Society, pp. 193–202

  33. Yadegari B (2016) Automatic deobfuscation and reverse engineering of obfuscated code. PhD thesis, University of Arizona, Tucson, USA

  34. Yadegari B, Johannesmeyer B, Whitely B, Debray S (2015) A generic approach to automatic deobfuscation of executable code. In: 2015 IEEE symposium on security and privacy, SP 2015, San Jose, CA, USA,May 17–21, 2015. IEEE Computer Society, pp 674–691

Download references

Acknowledgement

We are very grateful to Alberto Lluch-Lafuente for the fruitful discussions we had on the subject of this paper. Research partially supported by University of Pisa PRA-2016-64 Project Through the fog.

Author information

Authors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Pisa, Italy

    Roberto Bruni & Roberta Gori

  2. Dipartimento di Informatica, Università di Verona, Verona, Italy

    Roberto Giacobazzi

  3. IMDEA SW Institute, Madrid, Spain

    Roberto Giacobazzi

Authors
  1. Roberto Bruni
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roberto Giacobazzi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Roberta Gori
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Roberta Gori.

Additional information

Communicated by Michael Butler

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Bruni, R., Giacobazzi, R. & Gori, R. Code obfuscation against abstraction refinement attacks. Form Asp Comp 30, 685–711 (2018). https://doi.org/10.1007/s00165-018-0462-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-018-0462-6

Keywords

Search

Navigation