Obfuscation is the art of making code hard to reverse engineer and understand. In this paper, we propose aformal model for specifying and understanding the strength of obfuscating transformations with respect toa given attack model. The idea is to consider the attacker as an abstract interpreter willing to extractinformation about the program’s semantics. In this scenario, we show that obfuscating code is making theanalysis imprecise, namely making the corresponding abstract domain incomplete. It is known thatcompleteness is a property of the abstract domain and the program to analyse. We introduce a frameworkfor transforming abstract domains, i.e., analyses, towards incompleteness. The family of incompleteabstractions for a given program provides a characterisation of the potency of obfuscation employed in thatprogram, i.e., its strength against the attack specified by those abstractions. We show this characterisationfor known obfuscating transformations used to inhibit program slicing and automated disassembly.

Maximal incompleteness as obfuscation potency

GIACOBAZZI, Roberto;MASTROENI, Isabella;DALLA PREDA, Mila
2017-01-01

Abstract

Obfuscation is the art of making code hard to reverse engineer and understand. In this paper, we propose aformal model for specifying and understanding the strength of obfuscating transformations with respect toa given attack model. The idea is to consider the attacker as an abstract interpreter willing to extractinformation about the program’s semantics. In this scenario, we show that obfuscating code is making theanalysis imprecise, namely making the corresponding abstract domain incomplete. It is known thatcompleteness is a property of the abstract domain and the program to analyse. We introduce a frameworkfor transforming abstract domains, i.e., analyses, towards incompleteness. The family of incompleteabstractions for a given program provides a characterisation of the potency of obfuscation employed in thatprogram, i.e., its strength against the attack specified by those abstractions. We show this characterisationfor known obfuscating transformations used to inhibit program slicing and automated disassembly.
2017
Abstract interpretation, Static program analysis, Program semantics,Program transformation,Lattice theory,Closure operators,Code obfuscation
File in questo prodotto:
File Dimensione Formato  
facj revised.pdf

accesso aperto

Tipologia: Documento in Pre-print
Licenza: Dominio pubblico
Dimensione 1.42 MB
Formato Adobe PDF
1.42 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/938471
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? 5
social impact