Capturing the Essence of Practical Obfuscation

  • J. Todd McDonald
Part of the Communications in Computer and Information Science book series (CCIS, volume 285)

Abstract

In the realm of protecting programs from illegitimate use, obfuscation offers a modicum of defense against malicious reverse engineering and tampering. As a field of study, obfuscation would benefit from a unifying framework that has solid theoretical foundation yet provides value in empirical study and implementation. The essence of obfuscation (in practice) is best described as a measurable loss of abstraction. We argue that mathematical frameworks such as abstract interpretation and Boolean algebras may provide an ideal marriage of theory and practice, providing focused direction for future research.

Keywords

Turing Machine Reverse Engineering Abstract Interpretation Software Piracy Cryptology ePrint Archive 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. Electronic Colloquium on Computational Complexity 8 (2001)Google Scholar
  2. 2.
    Goldwasser, S., Kalai, Y.T.: On the impossibility of obfuscation with auxiliary input. In: Proc. of the 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2005), Washington, DC, USA, pp. 553–562. IEEE Computer Society (2005)Google Scholar
  3. 3.
    Goldwasser, S., Rothblum, G.N.: On Best-Possible Obfuscation. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 194–213. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Yasinsac, A., McDonald, J.T.: Tamper resistant software through intent protection. Intl. Journal Network Security 7, 370–382 (2008)Google Scholar
  5. 5.
    Lynn, B.Y.S., Prabhakaran, M., Sahai, A.: Positive Results and Techniques for Obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 20–39. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Wee, H.: On obfuscating point functions. In: Proc.of the 37th Annual ACM Symposium on Theory of Computing (STOC 2005), pp. 523–532. ACM, New York (2005)CrossRefGoogle Scholar
  7. 7.
    Hohenberger, S., Rothblum, G.N., Shelat, A., Vaikuntanathan, V.: Securely Obfuscating Re-encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 233–252. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Chandran, N., Chase, M., Vaikuntanathan, V.: Collusion resistant obfuscation and functional re-encryption. IACR Cryptology ePrint Archive 2011, 337 (2011)Google Scholar
  9. 9.
    Hofheinz, D., Malone-Lee, J., Stam, M.: Obfuscation for cryptographic purposes. Journal of Cryptology 23, 121–168 (2010), doi:10.1007/s00145-009-9046-1MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Hada, S., Sakurai, K.: A Note on the (Im)possibility of Using Obfuscators to Transform Private-Key Encryption into Public-Key Encryption. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 1–12. Springer, Heidelberg (2007), doi:10.1007/978-3-540-75651-4CrossRefGoogle Scholar
  11. 11.
    Narayanan, S., Raghunathan, A., Venkatesan, R.: Obfuscating straight line arithmetic programs. In: Proceedings of the Nineth ACM Workshop on Digital Rights Management. DRM 2009, pp. 47–58. ACM, New York (2009)CrossRefGoogle Scholar
  12. 12.
    Goldwasser, S., Kalai, Y.T., Rothblum, G.N.: One-Time Programs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 39–56. Springer, Heidelberg (2008)Google Scholar
  13. 13.
    Beaucamps, P., Filiol, E.: On the possibility of practically obfuscating programs towards a unified perspective of code protection. Journal in Computer Virology 3, 3–21 (2007)CrossRefGoogle Scholar
  14. 14.
    Walenstein, A., Mathur, R., Chouchane, M.R., Lakhotia, A.: Normalizing metamorphic malware using term rewriting. In: SCAM 2006: Proceedings of the Sixth IEEE, pp. 75–84. IEEE Computer Society, Washington, DC (2006)Google Scholar
  15. 15.
    Dalla Preda, M., Giacobazzi, R., Debray, S., Coogan, K., Townsend, G.M.: Modelling Metamorphism by Abstract Interpretation. In: Cousot, R., Martel, M. (eds.) SAS 2010. LNCS, vol. 6337, pp. 218–235. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Dalla Preda, M., Giacobazzi, R.: Semantic-Based Code Obfuscation by Abstract Interpretation. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 1325–1336. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Majumdar, A., Thomborson, C.: Manufacturing opaque predicates in distributed systems for code obfuscation. In: ACSC 2006: Proceedings of the 29th Australasian Computer Science Conference, pp. 187–196. Australian Computer Society, Inc., Darlinghurst (2006)Google Scholar
  18. 18.
    Collberg, C., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection. IEEE Transactions on Software Engineering 28, 735–746 (2002)CrossRefGoogle Scholar
  19. 19.
    Madou, M., Anckaert, B., Moseley, P., Debray, S., De Sutter, B., De Bosschere, K.: Software Protection Through Dynamic Code Mutation. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 194–206. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Chikofsky, E., Cross I, J.H.: Reverse engineering and design recovery: a taxonomy. IEEE Software 7, 13–17 (1990)Google Scholar
  21. 21.
    Lakhotia, A., Kumar, E.U., Venable, M.: A method for detecting obfuscated calls in malicious binaries. IEEE Transactions on Software Engineering 31, 955–968 (2005)CrossRefGoogle Scholar
  22. 22.
    Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 32–46. IEEE Computer Society, Washington, DC (2005)Google Scholar
  23. 23.
    Kim, Y.C., McDonald, J.T.: Considering software proteciton for embedded systems. Crosstalk: The Journal of Defense Software Engineering 22, 4–8 (2009)Google Scholar
  24. 24.
    Chandran, N., Goyal, V., Sahai, A.: New Constructions for UC Secure Computation Using Tamper-Proof Hardware. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 545–562. Springer, Heidelberg (2008), doi:10.1007/978-3-540-78967-3CrossRefGoogle Scholar
  25. 25.
    Ding, N., Gu, D.: A General and Efficient Obfuscation for Programs with Tamper-Proof Hardware. In: Bao, F., Weng, J. (eds.) ISPEC 2011. LNCS, vol. 6672, pp. 401–416. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  26. 26.
    Bitansky, N., Canetti, R., Goldwasser, S., Halevi, S., Kalai, Y.T., Rothblum, G.N.: Program obfuscation with leaky hardware. Cryptology ePrint Archive, Report 2011/660 (2011), http://eprint.iacr.org/
  27. 27.
    Castillo, E., Meyer-Baese, U., García, A., Parrilla, L., Lloris, A.: Ipp@hdl: Efficient intellectual property protection scheme for ip cores. IEEE Trans. Very Large Scale Integr. Syst. 15, 578–591 (2007)CrossRefGoogle Scholar
  28. 28.
    Charbon, E., Torunoglu, I.: Watermarking Techniques for Electronic Circuit Design. In: Petitcolas, F.A.P., Kim, H.-J. (eds.) IWDW 2002. LNCS, vol. 2613, pp. 147–169. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  29. 29.
    Chakraborty, R.S., Bhunia, S.: Hardware protection and authentication through netlist level obfuscation. In: Proc. of the IEEE/ACM Int”l Conference on Computer-Aided Design, ICCAD 2008, pp. 674–677. IEEE Press, Piscataway (2008)Google Scholar
  30. 30.
    McDonald, J.T., Trias, E.D., Kim, Y.C., Grimaila, M.R.: Using logic-based reduction for adversarial component recovery. In: Proc. of the 25th ACM Symposium on Applied Computing, SAC (2010)Google Scholar
  31. 31.
    Sander, T., Tschudin, C.: On Software Protection via Function Hiding. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 111–123. Springer, Heidelberg (1998), doi:10.1007/3-540-49380-8CrossRefGoogle Scholar
  32. 32.
    McDonald, J.T., Kim, Y.C., Yasinsac, A.: Software issues in digital forensics. ACM Operating Systems Review 42 (2008)Google Scholar
  33. 33.
    Anckaert, B., Sutter, B.D., Bosschere, K.D.: Software piracy prevention through diversity. In: DRM 2004: Proceedings of the 4th ACM Workshop on Digital Rights Management, pp. 63–71. ACM, New York (2004)CrossRefGoogle Scholar
  34. 34.
    Cousot, P.: Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theor. Comput. Sci. 277, 47–103 (2002)MathSciNetCrossRefMATHGoogle Scholar
  35. 35.
    Dalla Preda, M., Giacobazzi, R., Visentini, E.: Hiding Software Watermarks in Loop Structures. In: Alpuente, M., Vidal, G. (eds.) SAS 2008. LNCS, vol. 5079, pp. 174–188. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  36. 36.
    Dalla Preda, M., Madou, M., De Bosschere, K., Giacobazzi, R.: Opaque Predicates Detection by Abstract Interpretation. In: Johnson, M., Vene, V. (eds.) AMAST 2006. LNCS, vol. 4019, pp. 81–95. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  37. 37.
    Dalla Preda, M., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. SIGPLAN Not. 42, 377–388 (2007)CrossRefGoogle Scholar
  38. 38.
    McDonald, J.T., Kim, Y.C., Grimaila, M.R.: Protecting reprogrammable hardware with polymorphic circuit variation. In: Proc. of the 2nd Cyberspace Research Workshop 2009 (2009)Google Scholar
  39. 39.
    Cohen, F.B.: Operating system protection through program evolution. Comput. Secur. 12, 565–584 (1993)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • J. Todd McDonald
    • 1
  1. 1.School of Computer and Information SciencesUniversity of South AlabamaMobileUSA

Personalised recommendations