Code Obfuscation Against Abstract Model Checking Attacks

  • Roberto Bruni
  • Roberto Giacobazzi
  • Roberta GoriEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10747)


Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of model deformation inducing an effective code obfuscation against attacks performed by abstract model checking. This means complicating the model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack. We transform the program model in order to make the removal of spurious counterexamples by abstraction refinement maximally inefficient. A measure of the quality of the obfuscation obtained by model deformation is given together with a corresponding best obfuscation strategy for abstract model checking based on partition refinement.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Banescu, S., Collberg, C.S., Ganesh, V., Newsham, Z., Pretschner, A.: Code obfuscation against symbolic execution attacks. In: Schwab, S., Robertson, W.K., Balzarotti, D. (eds.) Proc. 32nd Annual Conference on Computer Security Applications, ACSAC 2016, pp. 189–200. ACM (2016)Google Scholar
  2. 2.
    Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Clarke, E., Grumberg, O., Long, D.: Model checking and abstraction. In: Proc. of the 19th ACM Symp. on Principles of Programming Languages (POPL 1992), pp. 343–354. ACM Press (1992)Google Scholar
  4. 4.
    Clarke, E., Grumberg, O., Long, D.: Model checking and abstraction. ACM Trans. Program. Lang. Syst. 16(5), 1512–1542 (1994)CrossRefGoogle Scholar
  5. 5.
    Clarke, E., Grumberg, O., Peled, D.: Model Checking. The MIT Press (1999)Google Scholar
  6. 6.
    Collberg, C., Davidson, J., Giacobazzi, R., Gu, Y., Herzberg, A., Wang, F.: Toward digital asset protection. IEEE Intelligent Systems 26(6), 8–13 (2011)CrossRefGoogle Scholar
  7. 7.
    Collberg, C., Nagra, J.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley Professional (2009)Google Scholar
  8. 8.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of the 4th ACM Symp. on Principles of Programming Languages (POPL 1977), pp. 238–252. ACM Press (1977)Google Scholar
  9. 9.
    Cousot, P., Cousot, R.: An abstract interpretation-based framework for software watermarking. In: Proc. of the 31st ACM Symp. on Principles of Programming Languages (POPL 2004), pp. 173–185. ACM Press, New York (2004)Google Scholar
  10. 10.
    Dalla, M.: Preda and R. Giacobazzi.: Semantics-based code obfuscation by abstract interpretation. Journal of Computer Security 17(6), 855–908 (2009)CrossRefGoogle Scholar
  11. 11.
    Dams, D., Gerth, R., Grumberg, O.: Abstract interpretation of reactive systems. ACM Trans. Program. Lang. Syst. 19(2), 253–291 (1997)CrossRefGoogle Scholar
  12. 12.
    Emerson, E.A.: Temporal and modal logic. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science, volume B: Formal Models and Semantics. Elsevier/The MIT Press, Amsterdam and Cambridge (1990)Google Scholar
  13. 13.
    Giacobazzi, R.: Hiding information in completeness holes - new perspectives in code obfuscation and watermarking. In Proc. of the 6th IEEE Int. Conferences on Software Engineering and Formal Methods (SEFM 2008), pp. 7–20. IEEE Press (2008)Google Scholar
  14. 14.
    Giacobazzi, R., Jones, N.D., Mastroeni, I.: Obfuscation by partial evaluation of distorted interpreters. In: Proc. of the ACM SIGPLAN Symp. on Partial Evaluation and Semantics-Based Program Manipulation (PEPM 2012), pp. 63–72. ACM Press (2012)Google Scholar
  15. 15.
    Giacobazzi, Roberto, Quintarelli, Elisa: Incompleteness, counterexamples, and refinements in abstract model-checking. In: Cousot, Patrick (ed.) SAS 2001. LNCS, vol. 2126, pp. 356–373. Springer, Heidelberg (2001). CrossRefGoogle Scholar
  16. 16.
    Giacobazzi, R., Ranzato, F., Scozzari, F.: Making abstract interpretation complete. Journal of the ACM 47(2), 361–416 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Microsoft. Static driver verifier website (2017). (last consulted, November 2017)
  18. 18.
    Nagra, J., Thomborson, C.D., Collberg, C.: A functional taxonomy for software watermarking. Aust. Comput. Sci. Commun. 24(1), 177–186 (2002)Google Scholar
  19. 19.
    Ranzato, F., Tapparo, F.: Generalized strong preservation by abstract interpretation. Journal of Logic and Computation 17(1), 157–197 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Schmidt, D.A.: Data flow analysis is model checking of abstract interpretations. In: MacQueen, D.B., Cardelli, L. (eds.) Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 1998, San Diego, CA, USA, January 19–21, pp. 38–48. ACM (1998)Google Scholar
  21. 21.
    Schmidt, David, Steffen, Bernhard: Program Analysis as Model Checking of Abstract Interpretations. In: Levi, Giorgio (ed.) SAS 1998. LNCS, vol. 1503, pp. 351–380. Springer, Heidelberg (1998). CrossRefGoogle Scholar
  22. 22.
    Venkatesan, Ramarathnam, Vazirani, Vijay, Sinha, Saurabh: A Graph Theoretic Approach to Software Watermarking. In: Moskowitz, Ira S. (ed.) IH 2001. LNCS, vol. 2137, pp. 157–168. Springer, Heidelberg (2001). CrossRefGoogle Scholar
  23. 23.
    Wang, C., Hill, J., Knight, J.C., Davidson, J.W.: Protection of software-based survivability mechanisms. In: Proceedings of 2001 International Conference on Dependable Systems and Networks (DSN 2001) (formerly: FTCS), Göteborg, Sweden, July 1-4, pp. 193–202. IEEE Computer Society (2001)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Roberto Bruni
    • 1
  • Roberto Giacobazzi
    • 2
    • 3
  • Roberta Gori
    • 1
    Email author
  1. 1.Dipartimento di InformaticaUniversità di PisaPisaItaly
  2. 2.Dipartimento di InformaticaUniversità di VeronaVeronaItaly
  3. 3.IMDEA SW InstituteSpainItaly

Personalised recommendations