Stephen Drape

Slicing obfuscations: design, correctness, and evaluation

The goal of obfuscation is to transform a program, without affecting its functionality, such that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a form of reverse engineering which aims to abstract away a subset of program code based on a particular program point and is considered to be a potent program comprehension technique. Thus, slicing could be used as a way of attacking obfuscated programs. It is challenging to manufacture obfuscating transforms that are provably resilient to slicing attacks.We show in this paper how we can utilise the information gained from slicing a program to aid us in designing obfuscations that are more resistant to slicing. We extend a previously proposed technique and provide proofs of correctness for our transforms. Finally, we illustrate our approach with a number of obfuscating transforms and provide empirical results using software engineering metrics.

Transforming the .NET intermediate language using path logic programming

Path logic programming is a modest extension of Prolog for the specification of program transformations. We give an informal introduction to this extension, and we show how it can be used in coding standard compiler optimisations, and also a number of obfuscating transformations. The object language is the Microsoft .NET intermediate language (IL).

Slicing Aided Design of Obfuscating Transforms

An obfuscation aims to transform a program, without affecting its functionality, so that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a reverse engineering technique which aims to produce a subset of a program which is dependent on a particular program point and is used to aid in program comprehension. Thus slicing could be used as a way of attacking obfuscated programs. Can we design obfuscations which are more resilient to slicing attacks? In this paper we present a novel approach to creating obfuscating transforms which are designed to survive slicing attacks. We show how we can utilise the information gained from slicing a program to aid us in manufacturing obfuscations that are more resistant to slicing. We give a definition for what it means for a transformation to be a slicing obfuscation and we illustrate our approach with a number of obfuscating transforms.

Generalising the array split obfuscation

Abstract An obfuscation is a behaviour-preserving program transformation whose aim is to make a program “harder to understand”. Obfuscations are mainly applied to make reverse engineering of object-oriented programs more difficult. In this paper, we propose a fresh approach by obfuscating abstract data-types allowing us to develop structure-dependent obfuscations that would otherwise (traditionally) not be available. We regard obfuscation as data refinement enabling us to produce equations for proving correctness. We model the data-type operations as functional programs making our proofs easy to construct. We show how we can generalise an imperative obfuscation – an array split – so that we can apply it to abstract data-types and we give specific examples for lists and matrices. We develop a theorem which allows us, under certain conditions, to produce obfuscated operations directly. Our approach also allows us to produce random obfuscations and we give an example for our list data-type.

Specifying imperative data obfuscations

An obfuscation aims to transform a program, without affecting the functionality, so that some secret information within the program can be hidden for as long as possible from an adversary. Proving that an obfuscating transform is correct (i.e. it preserves functionality) is considered to be a challenging task. In this paper we show how data refinement can be used to specify imperative data obfuscations. An advantage of this approach is that we can establish a framework in which we can prove the correctness of our obfuscations. We demonstrate our framework by considering some examples from obfuscation literature. We show how to specify these obfuscations, prove that they are correct and produce generalisations.

Metrics-based Evaluation of Slicing Obfuscations

An obfuscation aims to transform a program, without affecting its functionality, so that some secret data within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a reverse engineering technique which produces a subset of a program that is dependent on a particular program point and is used to aid in program comprehension. Thus slicing could be used as a way of attacking obfuscated programs. In this contribution, we highlight a few obfuscating transforms that were proposed in an earlier publication for making attacks difficult to mount using slicers and then illustrate an experimental design to evaluate the strength of these transforms with respect to well defined slicing metrics.

Creating Transformations for Matrix Obfuscation

There are many programming situations where it would be convenient to conceal the meaning of code, or the meaning of certain variables. This can be achieved through program transformations which are grouped under the term obfuscation . Obfuscation is one of a number of techniques that can be employed to protect sensitive areas of code. This paper presents obfuscation methods for the purpose of concealing the meaning of matrices by changing the pattern of the elements. We give two separate methods: one which, through splitting a matrix, changes its size and shape, and one which, through a change of basis in a ring of polynomials, changes the values of the matrix and any patterns formed by these. Furthermore, the paper illustrates how matrices can be used in order to obfuscate a scalar value. This is an improvement on previous methods for matrix obfuscation because we will provide a range of techniques which can be used in concert. This paper considers obfuscations as data refinements. Thus we consider obfuscations at a more abstract level without worrying about implementation issues. For our obfuscations, we can construct proofs of correctness easily. We show how the refinement approach enables us to generalise and combine existing obfuscations. We then evaluate our methods by considering how our obfuscations perform under certain relevant program analysis-based attacks.