The purpose of this paper is to introduce a further measurement for software obfuscation, in particular observing that many important obfuscation transformations increase the uncertainty an attacker has about the program behaviour, uncertainty modeled by the entropy of the program traces or the nodes under execution. The transformations considered in this paper are unknown opaque predicates insertions or unknown dispatcher insertions, where the latter are an extension of the if-else statements of unknown opaque predicates to switch-case statements. Consequences of modeling obfuscation as an increase of entropy can be simple guidelines to obtain potent transformations at low cost and the explanation of existing transformations effectiveness. We present a program transformation algorithm based on the latter observations.
On Entropy Measures for Code Obfuscation
GIACOBAZZI, Roberto;TOPPAN, Andrea
2012-01-01
Abstract
The purpose of this paper is to introduce a further measurement for software obfuscation, in particular observing that many important obfuscation transformations increase the uncertainty an attacker has about the program behaviour, uncertainty modeled by the entropy of the program traces or the nodes under execution. The transformations considered in this paper are unknown opaque predicates insertions or unknown dispatcher insertions, where the latter are an extension of the if-else statements of unknown opaque predicates to switch-case statements. Consequences of modeling obfuscation as an increase of entropy can be simple guidelines to obtain potent transformations at low cost and the explanation of existing transformations effectiveness. We present a program transformation algorithm based on the latter observations.
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
