Obfuscation is the art of making code hard to reverse engineer and understand. In this paper, we propose aformal model for specifying and understanding the strength of obfuscating transformations with respect toa given attack model. The idea is to consider the attacker as an abstract interpreter willing to extractinformation about the program’s semantics. In this scenario, we show that obfuscating code is making theanalysis imprecise, namely making the corresponding abstract domain incomplete. It is known thatcompleteness is a property of the abstract domain and the program to analyse. We introduce a frameworkfor transforming abstract domains, i.e., analyses, towards incompleteness. The family of incompleteabstractions for a given program provides a characterisation of the potency of obfuscation employed in thatprogram, i.e., its strength against the attack specified by those abstractions. We show this characterisationfor known obfuscating transformations used to inhibit program slicing and automated disassembly.
Maximal incompleteness as obfuscation potency
GIACOBAZZI, Roberto;MASTROENI, Isabella;DALLA PREDA, Mila
2017-01-01
Abstract
Obfuscation is the art of making code hard to reverse engineer and understand. In this paper, we propose aformal model for specifying and understanding the strength of obfuscating transformations with respect toa given attack model. The idea is to consider the attacker as an abstract interpreter willing to extractinformation about the program’s semantics. In this scenario, we show that obfuscating code is making theanalysis imprecise, namely making the corresponding abstract domain incomplete. It is known thatcompleteness is a property of the abstract domain and the program to analyse. We introduce a frameworkfor transforming abstract domains, i.e., analyses, towards incompleteness. The family of incompleteabstractions for a given program provides a characterisation of the potency of obfuscation employed in thatprogram, i.e., its strength against the attack specified by those abstractions. We show this characterisationfor known obfuscating transformations used to inhibit program slicing and automated disassembly.File | Dimensione | Formato | |
---|---|---|---|
facj revised.pdf
accesso aperto
Tipologia:
Documento in Pre-print
Licenza:
Dominio pubblico
Dimensione
1.42 MB
Formato
Adobe PDF
|
1.42 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.