Anirban Majumdar

Slicing obfuscations: design, correctness, and evaluation

The goal of obfuscation is to transform a program, without affecting its functionality, such that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a form of reverse engineering which aims to abstract away a subset of program code based on a particular program point and is considered to be a potent program comprehension technique. Thus, slicing could be used as a way of attacking obfuscated programs. It is challenging to manufacture obfuscating transforms that are provably resilient to slicing attacks.We show in this paper how we can utilise the information gained from slicing a program to aid us in designing obfuscations that are more resistant to slicing. We extend a previously proposed technique and provide proofs of correctness for our transforms. Finally, we illustrate our approach with a number of obfuscating transforms and provide empirical results using software engineering metrics.

Slicing Aided Design of Obfuscating Transforms

An obfuscation aims to transform a program, without affecting its functionality, so that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a reverse engineering technique which aims to produce a subset of a program which is dependent on a particular program point and is used to aid in program comprehension. Thus slicing could be used as a way of attacking obfuscated programs. Can we design obfuscations which are more resilient to slicing attacks? In this paper we present a novel approach to creating obfuscating transforms which are designed to survive slicing attacks. We show how we can utilise the information gained from slicing a program to aid us in manufacturing obfuscations that are more resistant to slicing. We give a definition for what it means for a transformation to be a slicing obfuscation and we illustrate our approach with a number of obfuscating transforms.

Specifying imperative data obfuscations

An obfuscation aims to transform a program, without affecting the functionality, so that some secret information within the program can be hidden for as long as possible from an adversary. Proving that an obfuscating transform is correct (i.e. it preserves functionality) is considered to be a challenging task. In this paper we show how data refinement can be used to specify imperative data obfuscations. An advantage of this approach is that we can establish a framework in which we can prove the correctness of our obfuscations. We demonstrate our framework by considering some examples from obfuscation literature. We show how to specify these obfuscations, prove that they are correct and produce generalisations.

On Evaluating Obfuscatory Strength of Alias-based Transforms using Static Analysis

Aliasing occurs when two variables refer to the same memory location. This technique has been exploited for constructing resilient obfuscation transforms in languages that extensively use indirect referencing. The theoretical basis for these transforms is derived from the hard complexity results of precisely determining which set of variables refer to the same memory location at a given program point during execution. However, no method is known for randomly generating hard problem instances. Unless we are able to evaluate the obfuscatory strength of these transforms using static analysis tools, we cannot correlate the resilience expected in theory with what actually holds in practice. In this contribution, we will outline the main difficulties in experimentally evaluating obfuscatory strength and give an overview of techniques that are suited for analysing well-established alias-based obfuscation transforms.

Metrics-based Evaluation of Slicing Obfuscations

An obfuscation aims to transform a program, without affecting its functionality, so that some secret data within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a reverse engineering technique which produces a subset of a program that is dependent on a particular program point and is used to aid in program comprehension. Thus slicing could be used as a way of attacking obfuscated programs. In this contribution, we highlight a few obfuscating transforms that were proposed in an earlier publication for making attacks difficult to mount using slicers and then illustrate an experimental design to evaluate the strength of these transforms with respect to well defined slicing metrics.

On the use of opaque predicates in mobile agent code obfuscation

Mobile agent technology is an evolving paradigm that combines the inherent characteristics of intelligent agents, namely, adaptability, reactivity and autonomy with mobility. These characteristics of mobile agents provide an excellent means of meeting the distributed and heterogeneous requirements of many military applications that involve low bandwidth and intermittently connected networks. In typical military applications, mobile agents can be used to perform information push, information pull, and sentinel monitoring [1].

Remote software protection by orthogonal client replacement

In a typical client-server scenario, a trusted server provides valuable services to a client, which runs remotely on an untrusted platform. Of the many security vulnerabilities that may arise (such as authentication and authorization), guaranteeing the integrity of the client code is one of the most difficult to address. This security vulnerability is an instance of the malicious host problem, where an adversary in control of the clients host environment tries to tamper with the client code. We propose a novel client replacement strategy to counter the malicious host problem. The client code is periodically replaced by new orthogonal clients, such that their combination with the server is functionally-equivalent to the original client-server application. The reverse engineering efforts of the adversary are deterred by the complexity of analysis of frequently changing, orthogonal program code. We use the underlying concepts of program obfuscation as a basis for formally defining and providing orthogonality. We also give preliminary empirical validation of the proposed approach.

Securing mobile agents control flow using opaque predicates

Mobile agent technology is an evolving paradigm that combines the inherent characteristics of intelligent agents, namely, adaptability, reactivity and autonomy with mobility. These characteristics of mobile agents provide an excellent means of meeting the distributed and heterogeneous requirements for many electronic commerce applications involving low bandwidth and intermittently connected networks. However, the lack of security in the form of code confidentiality renders this paradigm unsuitable for commercial software. In this paper, we address the problem of mobile agent security by proposing a novel method of mobile agent obfuscation using the concept of opaque predicates to prevent adversaries from observing the control flow of agent code. We discuss about the efficiency of our proposed methodology by demonstrating that to an adversary, the problem of determining the outcome of such opaque predicates is often intractable.

Interpreting Opacity in the Context of Information-hiding and Obfuscation in Distributed Systems

The concept of opacity has been investigated in two different contexts as means of expressing security properties in distributed systems. Opacity in the context of information-hiding assumes the existence of a black-box and is concerned with enforcing properties such as anonymity and secrecy on collaborating processes in an untrusted distributed computing environment. In the context of software obfuscation, opacity is a measure of the difficulty of reverse engineering of object code under the assumption that the adversary has access to grey-box information. In this contribution, we bring together these two contexts in which opacity has been defined and discuss how a specialized technique, called opaque predicates, can deter malicious reverse engineering