Clark D. Thomborson

Watermarking, tamper-proofing, and obfuscation - tools for software protection

We identify three types of attack on the intellectual property contained in software and three corresponding technical defenses. A defense against reverse engineering is obfuscation, a process that renders software unintelligible but still functional. A defense against software piracy is watermarking, a process that makes it possible to determine the origin of software. A defense against tampering is tamper-proofing, so that unauthorized modifications to software (for example, to remove a watermark) will result in nonfunctional code. We briefly survey the available technology for each type of defense.

Manufacturing cheap, resilient, and stealthy opaque constructs

It has become common to distribute software in forms that are isomorphic to the original source code. An important example is Java bytecode. Since such codes are easy to decompile, they increase the risk of malicious reverse engineering attacks.In this paper we describe the design of a Java code obfuscator, a tool which - through the application of code transformations - converts a Java program into an equivalent one that is more difficult to reverse engineer.We describe a number of transformations which obfuscate control-flow. Transformations are evaluated with respect to potency (To what degree is a human reader confused?), resilience (How well are automatic deobfuscation attacks resisted?), cost (How much time/space overhead is added?), and stealth (How well does obfuscated code blend in with the original code?).The resilience of many control-altering transformations rely on the resilience of opaque predicates. These are boolean valued expressions whose values are known to the obfuscator but difficult to determine for an automatic deobfuscator. We show how to construct resilient, cheap, and stealthy opaque predicates based on the intractability of certain static analysis problems such as alias analysis.

Software watermarking: models and dynamic embeddings

Watermarking embeds a secret message into a cover message. In media watermarking the secret is usually a copyright notice and the cover a digital image. Watermarking an object discourages intellectual property theft, or when such theft has occurred, allows us to prove ownership.The Software Watermarking problem can be described as follows. Embed a structure W into a program P such that: W can be reliably located and extracted from P even after P has been subjected to code transformations such as translation, optimization and obfuscation; W is stealthy; W has a high data rate; embedding W into P does not adversely affect the performance of P; and W has a mathematical property that allows us to argue that its presence in P is the result of deliberate actions.In the first part of the paper we construct an informal taxonomy of software watermarking techniques. In the second part we formalize these results. Finally, we propose a new software watermarking technique in which a dynamic graphic watermark is stored in the execution state of a program.

Breaking abstractions and unstructuring data structures

To ensure platform independence, mobile programs are distributed in forms that are isomorphic to the original source code. Such codes are easy to decompile, and hence they increase the risk of malicious reverse engineering attacks. Code obfuscation is one of several techniques which has been proposed to alleviate this situation. An obfuscator is a tool which-through the application of code transformations-converts a program into an equivalent one that is more difficult to reverse engineer. In a previous paper (Collberg et al., 1998) we have described the design of a control flow obfuscator for Java. In this paper we extend the design with transformations that obfuscate data structures and abstractions. In particular we show how to obfuscate classes, arrays, procedural abstractions and built-in data types like strings, integers and booleans.

Dynamic graph-based software fingerprinting

Fingerprinting embeds a secret message into a cover message. In media fingerprinting, the secret is usually a copyright notice and the cover a digital image. Fingerprinting an object discourages intellectual property theft, or when such theft has occurred, allows us to prove ownership. The Software Fingerprinting problem can be described as follows. Embed a structure W into a program P such that: W can be reliably located and extracted from P even after P has been subjected to code transformations such as translation, optimization and obfuscation; W is stealthy; W has a high data rate; embedding W into P does not adversely affect the performance of P; and W has a mathematical property that allows us to argue that its presence in P is the result of deliberate actions. In this article, we describe a software fingerprinting technique in which a dynamic graph fingerprint is stored in the execution state of a program. Because of the hardness of pointer alias analysis such fingerprints are difficult to attack automatically.

A functional taxonomy for software watermarking

Despite the recent surge of interest in digital watermarking technology from the research community, we lack a comprehensive and precise terminology for software watermarking. In this paper, we attempt to fill that gap by giving distinctive names for the various protective functions served by software watermarks: Validation Mark, Licensing Mark, Authorship Mark and Fingerprinting Mark. We identify the desirable properties and specific vulnerabilities of each type of watermark, and we illustrate the utility of our terminology in a discussion of recent results in software watermarking.

Slicing obfuscations: design, correctness, and evaluation

The goal of obfuscation is to transform a program, without affecting its functionality, such that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a form of reverse engineering which aims to abstract away a subset of program code based on a particular program point and is considered to be a potent program comprehension technique. Thus, slicing could be used as a way of attacking obfuscated programs. It is challenging to manufacture obfuscating transforms that are provably resilient to slicing attacks.We show in this paper how we can utilise the information gained from slicing a program to aid us in designing obfuscations that are more resistant to slicing. We extend a previously proposed technique and provide proofs of correctness for our transforms. Finally, we illustrate our approach with a number of obfuscating transforms and provide empirical results using software engineering metrics.

Recognition in software watermarking

The piracy of software has long been a concern for owners and developers of software. In order to prevent software from piracy and unauthorized modification, many techniques to protect software have been developed. Software watermarking is such a technique for protecting software by embedding secret information into the software to identify its copyright owner. As a relatively new scientific area, the key concepts in software watermarking are informal; some are even confusing. There is a need to formalize these fundamental terms to facilitate the research in this field. In this paper, we formally define some concepts for software watermark recognition and use them to develop some software watermarking recognition algorithms for the QP software watermarking algorithm. We also design a prototype model of software watermark embedding and recognition system based on the concepts and algorithms established in this paper.

Extraction in software watermarking

The widespread use of the Internet makes software piracy and unauthorized modification easier and more frequent. Among the many techniques developed for protecting software copyrights is software watermarking which embeds secret messages into software to identify its owners and developers. While digital watermarking for media such as video, audio, and text is a popular research field, software watermarking is still a relatively new scientific area. The key concepts in software watermarking are informal; some are even confusing. Formalizing these fundamental terms would facilitate the research in this field. In this paper, we formally define the following concepts involved in embedding watermarks into and extracting watermarks from a program in software watermarking: embedding, set of candidate watermarks, representative set, representative degree, extracting, extractability, blindly extractability, and representative extracting.Through the concepts of the representative sets and the representative degree of an embedding algorithm and a program, we characterize the intrinsic property of an extractable embedding algorithm for software watermarking. Furthermore, the concept of the representative extracting algorithm is used to show the best thing we can get for a general software watermarking embedding algorithm.

Folklore confirmed: reducible flow graphs are exponentially larger

Many program analysis techniques used by compilers are applicable only to programs whose control flow graphs are reducible. Node-splitting is a technique that can be used to convert any control flow graph to a reducible one. However, as has been observed for various node-splitting algorithms, there can be an exponential blowup in the size of the graph.We prove that exponential blowup is unavoidable. In particular, we show that any reducible graph that is equivalent to the complete graph on n nodes (or to related bounded-degree control flow graphs) must have at least 2n-1 nodes. While this result is not a surprise, it may be relevant to the quest for finding methods of obfuscation for software protection.