[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

On the Concept of Software Obfuscation in Computer Security

  • Conference paper
Information Security (ISC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4779))

Included in the following conference series:

Abstract

Program obfuscation is a semantic-preserving transformation aimed at bringing a program into such a form, which impedes the understanding of its algorithm and data structures or prevents extracting of some valuable information from the text of a program. Since obfuscation could find wide use in computer security, information hiding and cryptography, security requirements to program obfuscators became a major focus of interests for pioneers of theory of software obfuscation. In this paper we also address the issue of defining security of program obfuscation. We argue that requirements to obfuscation may be different and dependent on potential applications. Therefore, it makes sense to deal with a broad spectrum of security definitions for program obfuscation. In this paper we analyze five models for studying various aspects of obfuscation: “black box” model of total obfuscation, “grey box” model of total obfuscation, obfuscation for software protection, constant hiding, and predicate obfuscation. For each of these models we consider the applications where the model may be valid, positive and negative results on the existence of secure obfuscation in the framework of the model, and relationships with other models of program obfuscation.

This work is supported by RFBR grant 06-01-00584.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) Information Hiding. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)

    Google Scholar 

  2. Arboit, G.: A method for watermarking java programs via opaque predicates. 5-th International Conference on Electronic Commerce Research (2002)

    Google Scholar 

  3. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Bhatkar, S., DuVarney, D.C., Sekar, R.: Efficient techniques for comprehensive protection from memory error exploits. USENIX Security (2005)

    Google Scholar 

  5. Canetti, R.: Towards realizing random oracles: hash functions that hide all partial information. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 455–469. Springer, Heidelberg (1997)

    Google Scholar 

  6. Canetti, R., Micciancio, D.D., Reingold, O.: Perfectly one-way probabilistic hash functions. In: 30-th ACM Symposium on Theory of Computing, pp. 131–140 (1998)

    Google Scholar 

  7. Chess, D., White, S.: An undetectable computer virus. In: 2000 Virus Bulletin Conference (2000)

    Google Scholar 

  8. Chow, S., Gu, Y., Johnson, H., Zakharov, V.: An approach to obfuscation of control-flow of sequential programs. In: Wilhelm, R. (ed.) Informatics. LNCS, vol. 2000, pp. 144–155. Springer, Heidelberg (2001)

    Google Scholar 

  9. Cohen, F.: Operating system protection through program evolution. Computers and Security 12(6), 565–584 (1993)

    Article  Google Scholar 

  10. Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations. Tech. Report, N 148, Univ. of Auckland (1997)

    Google Scholar 

  11. Collberg, C., Thomborson, C., Low, D., Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient and stealthy opaque constructs. In: Symposium on Principles of Programming Languages, pp. 184–196 (1998)

    Google Scholar 

  12. Collberg, C., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection. IEEE Transactions on Software Engineering 28(6) (2002)

    Google Scholar 

  13. Dalla Preda, M., Giacobazzi, R.: Semantic-based code obfuscation by abstract interpretation. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 1325–1336. Springer, Heidelberg (2005)

    Google Scholar 

  14. D’Anna, L., Matt, B., Reisse, A., Van Vleck, T., Schwab, S., LeBlanc, P.: Self- Protecting Mobile Agents Obfuscation Report, Report #03-015, Network Associates Laboratories (June 2003)

    Google Scholar 

  15. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions om Information Theory IT-22(6), 644–654 (1976)

    Article  MathSciNet  Google Scholar 

  16. Dodis, Y., Smith, A.: Correcting errors without leaking partial informtion. In: 37th ACM Symposium on Theory of Computing, pp. 654–663 (2005)

    Google Scholar 

  17. Goldreich, O., Levin, L: A hard-core predicate to any one-way function. In: 21th ACM Symposium on Theory of Computing, pp. 210–217 (1989)

    Google Scholar 

  18. Goldwasser, S., Tauman Kalai, Y.: On the impossibility of obfuscation with auxiliary input. In: 46th IEEE Symposium on Foundations of Computer Science, pp. 553–562 (2005)

    Google Scholar 

  19. Goldwasser, S., Rothblum, G.N.: On best possible obfuction. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 194–213. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  20. Hada, S.: Zero-knowledge and code obfuscation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 443–457. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  21. Hohl, F.: Time limited blackbox security: protecting mobile agents from malicious hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 92–113. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  22. Hofheinz, D., Malone-Lee, J., Stam, M.: Obfuscation for cryptographic purpose. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 214–232. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  23. Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassambly. In: 10th ACM Conference on Computer and Communication Security, pp. 290–299 (2003)

    Google Scholar 

  24. Lynn, B., Prabhakaran, M., Sahai, A.: Positive results and techniques for obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 20–39. Springer, Heidelberg (2004)

    Google Scholar 

  25. Ogiso, T., Sakabe, Y., Soshi, M., Miyaji, A.: Software obfuscation on a theoretical basis and its implementation. IEEE Trans. Fundamentals E86-A(1) (2003)

    Google Scholar 

  26. Ostrovsky, R., Skeith, W.E.: Private searching on streaming data. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 223–240. Springer, Heidelberg (2005)

    Google Scholar 

  27. Szor, P., Ferrie, P.: Hunting for metamorphic. In: 2001 Virus Bulletin Conference, pp. 123–144 (2001)

    Google Scholar 

  28. Valiant, L.: A theory of learnable. Communications of the ACM 27(11), 1134–1142 (1984)

    Article  MATH  Google Scholar 

  29. Varnovsky, N.P., Zakharov, V.A.: On the possibility of provably secure obfuscating programs. In: Broy, M., Zamulin, A.V. (eds.) PSI 2003. LNCS, vol. 2890, pp. 91–102. Springer, Heidelberg (2004)

    Google Scholar 

  30. Varnovsky, N.P.: A note on the concept of obfuscation. In: Proceedings of Institute for System Programming, Moscow, vol. 6, pp. 127–137 (2004)

    Google Scholar 

  31. Wang, C., Davidson, J., Hill, J., Knight, J.: Protection of software-based survivability mechanisms. In: International Conference of Dependable Systems and Networks (2001)

    Google Scholar 

  32. Wee, H.: On obfuscating point functions. In: 37th Symposium on Theory of Computing, pp. 523–532 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Juan A. Garay Arjen K. Lenstra Masahiro Mambo René Peralta

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kuzurin, N., Shokurov, A., Varnovsky, N., Zakharov, V. (2007). On the Concept of Software Obfuscation in Computer Security. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds) Information Security. ISC 2007. Lecture Notes in Computer Science, vol 4779. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75496-1_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75496-1_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75495-4

  • Online ISBN: 978-3-540-75496-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics