You are viewing a javascript disabled version of the site. Please enable Javascript for this site to function properly.
Go to headerGo to navigationGo to searchGo to contentsGo to footer
In content section. Select this link to jump to navigation

Semantics-based code obfuscation by abstract interpretation

Article type: Research Article

Authors: Dalla Preda, Mila | Giacobazzi, Roberto

Affiliations: Dipartimento di Informatica, Università di Verona, Strada le Grazie 15, 37134 Verona, Italy. E-mails: mila.dallapreda@univr.it, roberto.giacobazzi@univr.it

Abstract: In recent years code obfuscation has attracted research interest as a promising technique for protecting secret properties of programs. The basic idea of code obfuscation is to transform programs in order to hide their sensitive information while preserving their functionality. One of the major drawbacks of code obfuscation is the lack of a rigorous theoretical framework that makes it difficult to formally analyze and certify the effectiveness of obfuscating techniques. We face this problem by providing a formal framework for code obfuscation based on abstract interpretation and program semantics. In particular, we show that what is hidden and what is preserved by an obfuscating transformation can be expressed as abstract interpretations of program semantics. Being able to specify what is masked and what is preserved by an obfuscation allows us to understand its potency, namely the amount of obscurity that the transformation adds to programs. In the proposed framework, obfuscation and attackers are modeled as approximations of program semantics and the lattice of abstract interpretations provides a formal tool for comparing obfuscations with respect to their potency. In particular, we prove that our framework provides an adequate setting to measure not only the potency of an obfuscation but also its resilience, i.e., the difficulty of undoing the obfuscation. We consider code obfuscation by opaque predicate insertion and we show how the degree of abstraction needed to disclose different opaque predicates allows us to compare their potency and resilience.

Keywords: Code obfuscation, abstract interpretation, program semantics, static program analysis

DOI: 10.3233/JCS-2009-0345

Journal: Journal of Computer Security, vol. 17, no. 6, pp. 855-908, 2009

Published: 25 November 2009
Price: EUR 27.50
Show more