How to construct a general program obfuscator?We present a novelapproach to automatically generating obfuscated code P' from anyprogram P whose source code is given. Start with a (program executing)interpreter interp for the language in which P is written.Then “distort” interp so it is still correct, but its specializationP' w.r.t. P is transformed code that is equivalent to the originalprogram, but harder to understand or analyze. Potency of the obfuscatoris proved with respect to a general model of the attacker,modeled as an approximate (abstract) interpreter. A systematic approachto distortion is to make program P obscure by transformingit to P' on which (abstract) interpretation is incomplete. Interpreterdistortion can be done by making residual in the specializationprocess sufficiently many interpreter operations to defeat anattacker in extracting sensible information from transformed code.Our method is applied to: code flattening, data-type obfuscation,and opaque predicate insertion. The technique is language independentand can be exploited for designing obfuscating compilers.

Obfuscation by Partial Evaluation of Distorted Interpreters

GIACOBAZZI, Roberto;MASTROENI, Isabella
2012

Abstract

How to construct a general program obfuscator?We present a novelapproach to automatically generating obfuscated code P' from anyprogram P whose source code is given. Start with a (program executing)interpreter interp for the language in which P is written.Then “distort” interp so it is still correct, but its specializationP' w.r.t. P is transformed code that is equivalent to the originalprogram, but harder to understand or analyze. Potency of the obfuscatoris proved with respect to a general model of the attacker,modeled as an approximate (abstract) interpreter. A systematic approachto distortion is to make program P obscure by transformingit to P' on which (abstract) interpretation is incomplete. Interpreterdistortion can be done by making residual in the specializationprocess sufficiently many interpreter operations to defeat anattacker in extracting sensible information from transformed code.Our method is applied to: code flattening, data-type obfuscation,and opaque predicate insertion. The technique is language independentand can be exploited for designing obfuscating compilers.
9781450311182
Code obfuscation; Abstract Interpretation; Program transformation
File in questo prodotto:
File Dimensione Formato  
C18-pepm12.pdf

solo utenti autorizzati

Tipologia: Versione dell'editore
Licenza: Accesso ristretto
Dimensione 761.72 kB
Formato Adobe PDF
761.72 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11562/387875
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 27
  • ???jsp.display-item.citation.isi??? ND
social impact