Software Security by Obscurity

A Programming Language Perspective
  • Roberto Giacobazzi
Part of the Communications in Computer and Information Science book series (CCIS, volume 285)

Abstract

In this paper we present recent achievements and open problems in software security by obscurity. We consider the problem of software protection as part of the Digital Asset Protection problem, and develop a formal security model that allows to better understand and compare known attacks and protection algorithms. The ultimate goal is to provide a comprehensive theory that allows a deeper understanding and systematical derivation of secured code against specific attacks.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Collberg, C., Davidson, J., Giacobazzi, R., Xiang Gu, Y., Herzberg, A., Wang, F.-Y.: Toward digital asset protection. IEEE Intelligent Systems 26(6), 8–13 (2011)CrossRefGoogle Scholar
  3. 3.
    Collberg, C., Nagra, J.: Surreptitious Software. Addison Wesley (2010)Google Scholar
  4. 4.
    Collberg, C., Thomborson, C.D.: Software watermarking: models and dynamic embeddings. In: 26th ACM SIGPLAN-SIGACT POPL 1999, pp. 311–324. ACM (1999)Google Scholar
  5. 5.
    Collberg, C., Thomborson, C.D., Low, D.: Manufactoring cheap, resilient, and stealthy opaque constructs. In: 25st ACM SIGPLAN-SIGACT POPL 1998, pp. 184–196. ACM (1998)Google Scholar
  6. 6.
    Collberg, C., Thomborson, C.D., Townsend, G.M.: Dynamic graph-based software fingerprinting. ACM Trans. Program. Lang. Syst. 29(6), 35 (2007)CrossRefGoogle Scholar
  7. 7.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: 4th ACM SIGPLAN-SIGACT POPL 1977, pp. 238–252. ACM (1977)Google Scholar
  8. 8.
    Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: 6th ACM SIGPLAN-SIGACT POPL 1979, pp. 269–282. ACM (1979)Google Scholar
  9. 9.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTREÉ Analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Dalla Preda, M., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: 34th ACM SIGPLAN-SIGACT POPL 2007, pp. 377–388. ACM (2007)Google Scholar
  11. 11.
    Dalla Preda, M., Giacobazzi, R.: Semantic-based code obfuscation by abstract interpretation. Journal of Computer Security 17(6), 855–908 (2009)Google Scholar
  12. 12.
    Digital Asset Protection Association (2012), http://www.d-a-p-a.org
  13. 13.
    Giacobazzi, R.: Hiding information in completeness holes - new perspectives in code obfuscation and watermarking. In: Proc. of The 6th IEEE SEFM 2008, pp. 7–20. IEEE (2008)Google Scholar
  14. 14.
    Giacobazzi, R., Jones, N.D., Mastroeni, I.: Obfuscation by partial evaluation of distorted interpreters. In: ACM PEPM 2012. ACM (to appear, 2012)Google Scholar
  15. 15.
    Giacobazzi, R., Ranzato, F., Scozzari, F.: Making abstract interpretation complete. Journal of the ACM 47(2), 361–416 (2000)MathSciNetMATHCrossRefGoogle Scholar
  16. 16.
    Hoare, C.A.R.: Private communication (September 2007)Google Scholar
  17. 17.
    Kerckhoffs, A.: La cryptographie militaire. J. des Sciences Militaires IX(5-38), 161–191 (1883)Google Scholar
  18. 18.
    Lakhotia, A., Mohammed, M.: Imposing order on program statements to assist Anti-Virus scanners. In: WCRE, pp. 161–170 (2004)Google Scholar
  19. 19.
    Pavlovic, D.: Gaming security by obscurity. CoRR, abs/1109.5542 (2011)Google Scholar
  20. 20.
    Petitcolas, F.A.P., Anderson, R.J., Kuhn, M.G.: Information hiding – A survey. Proc. of the IEEE 87(7), 1062–1078 (1999)CrossRefGoogle Scholar
  21. 21.
    Tamada, H., Nakamura, M., Monden, A., Matsumoto, K.: Detecting the theft of programs using birthmarks. Information Science Technical Report NAIST-IS-TR2003014, Graduate School of Information Science, Nara Institute of Science and Technology (November 2003) ISSN 0919-9527Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Roberto Giacobazzi
    • 1
  1. 1.Dipartimento di InformaticaUniversity of VeronaItaly

Personalised recommendations