Slicing obfuscations

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Slicing obfuscations: design, correctness, and evaluation

Full text

Pdf (463 KB)

Source

ACM Workshop On Digital Rights Management archive
Proceedings of the 2007 ACM workshop on Digital Rights Management table of contents

Alexandria, Virginia, USA

SESSION: Software protection methods table of contents

Pages: 70 - 81

Year of Publication: 2007

ISBN:978-1-59593-884-8

Authors

Anirban Majumdar	University of Auckland, Auckland, New Zealand
Stephen J. Drape	University of Auckland, Auckland, New Zealand
Clark D. Thomborson	University of Auckland, Auckland, New Zealand

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 8, Downloads (12 Months): 101, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1314276.1314290 What is a DOI?

ABSTRACT

The goal of obfuscation is to transform a program, without affecting its functionality, such that some secret information within the program can be hidden for as long as possible from an adversary armed with reverse engineering tools. Slicing is a form of reverse engineering which aims to abstract away a subset of program code based on a particular program point and is considered to be a potent program comprehension technique. Thus, slicing could be used as a way of attacking obfuscated programs. It is challenging to manufacture obfuscating transforms that are provably resilient to slicing attacks.We show in this paper how we can utilise the information gained from slicing a program to aid us in designing obfuscations that are more resistant to slicing. We extend a previously proposed technique and provide proofs of correctness for our transforms. Finally, we illustrate our approach with a number of obfuscating transforms and provide empirical results using software engineering metrics.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Business Software Alliance. Second annual BSA and IDC software piracy study, May 2005. Available from www.bsa.org/globalstudy/upload/2005-Global-Study-English.pdf.
	2	Paul Anderson and Tim Teitelbaum. Software inspection using CodeSurfer. In Proceedings of the Workshop on Inspection in Software Engineering (WISE 2001), Paris, France, July 2001. IEEE Computer Society.
	3	Boaz Barak , Oded Goldreich , Russell Impagliazzo , Steven Rudich , Amit Sahai , Salil P. Vadhan , Ke Yang, On the (Im)possibility of Obfuscating Programs, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.1-18, August 19-23, 2001
	4	David Binkley , Mark Harman, An empirical study of predicate dependence levels and trends, Proceedings of the 25th International Conference on Software Engineering, May 03-10, 2003, Portland, Oregon
	5	David Binkley , Mark Harman, A Large-Scale Empirical Study of Forward and Backward Static Slice Size and Context Sensitivity, Proceedings of the International Conference on Software Maintenance, p.44, September 22-26, 2003
	6	Phillipe Biondi and Fabrice Desclaux. Silver needle in the Skype. Presentation at BlackHat Europe, March 2006. Available from www.blackhat.com/html/bh-media-archives/bh-archives-2006.html.
	7	Christian Collberg, Clark D. Thomborson, and Douglas Low. A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science, University of Auckland, July 1997.
	8	Christian Collberg , Clark Thomborson , Douglas Low, Manufacturing cheap, resilient, and stealthy opaque constructs, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.184-196, January 19-21, 1998, San Diego, California, United States [doi>10.1145/268946.268962]
	9	Ron Cytron , Jeanne Ferrante , Barry K. Rosen , Mark N. Wegman , F. Kenneth Zadeck, Efficiently computing static single assignment form and the control dependence graph, ACM Transactions on Programming Languages and Systems (TOPLAS), v.13 n.4, p.451-490, Oct. 1991 [doi>10.1145/115372.115320]
	10	Willem-Paul de Roever and Kai Engelhardt. Data Refinement: Model-Oriented Proof Methods and their Comparison. Cambridge Tracts in Theoretical Computer Science. Cambridge University Press, 1998.
	11	Stephen Drape. Obfuscation of Abstract Data-Types. DPhil thesis, Oxford University Computing Laboratory, 2004.
	12	Stephen Drape , Oege de Moor , Ganesh Sittampalam, Transforming the .NET intermediate language using path logic programming, Proceedings of the 4th ACM SIGPLAN international conference on Principles and practice of declarative programming, p.133-144, October 06-08, 2002, Pittsburgh, PA, USA [doi>10.1145/571157.571171]
	13	Stephen Drape and Anirban Majumdar. Design and Evaluation of Slicing Obfuscations. Technical Report 311, University of Auckland, New Zealand, June 2007.
	14	Stephen Drape, Anirban Majumdar, and Clark Thomborson. Slicing aided design of obfuscating transforms. In IEEE/ACIS ICIS 2007: In proceedings of the International Computing and Information Systems Conference (ICIS 2007), Melbourne, Australia, 2007. IEEE Computer Society.
	15	Keith Brian Gallagher , James R. Lyle, Using Program Slicing in Software Maintenance, IEEE Transactions on Software Engineering, v.17 n.8, p.751-761, August 1991 [doi>10.1109/32.83912]
	16	Susan Horwitz , Thomas Reps , David Binkley, Interprocedural slicing using dependence graphs, ACM Transactions on Programming Languages and Systems (TOPLAS), v.12 n.1, p.26-60, Jan. 1990 [doi>10.1145/77606.77608]
	17	Ganeshan Jayaraman, Venkatesh Prasad Ranganath, and John Hatcliff. Kaveri: Delivering the Indus Java program slicer to Eclipse. In FASE, pages 269--272. Lecture Notes In Computer Science, Springer Verlag, 2005.
	18	Anirban Majumdar, Antoine Monsifrot, and Clark D. Thomborson. On evaluating obfuscatory strength of alias-based transforms using static analysis. In ADCOM 2006: Proceedings of the 14th International Conference on Advanced Computing and Communication (ADCOM 2006), Mangalore, India, 2006. IEEE Computer Society.
	19	Anirban Majumdar, Clark D. Thomborson, and Stephen Drape. A survey of control-flow obfuscations. In Information Systems Security, Second International Conference, ICISS 2006, Kolkata, India, pages 353--356, December 2006.
	20	Timothy M. Meyers , David Binkley, Slice-Based Cohesion Metrics and Software Intervention, Proceedings of the 11th Working Conference on Reverse Engineering, p.256-265, November 08-12, 2004
	21	Linda M. Ott and Jeffrey J. Thuss. Slice based metrics for estimating cohesion. In Proceedings of the IEEE-CS International Software Metrics Symposium, pages 78--81, 1993.
	22	Juergen Rilling , Tuomas Klemola, Identifying Comprehension Bottlenecks Using Program Slicing and Cognitive Complexity Metrics, Proceedings of the 11th IEEE International Workshop on Program Comprehension, p.115, May 10-11, 2003
	23	Nuno Santos, Pedro Pereira, and Luís Moura e Silva. A Generic DRM Framework for J2ME Applications. In Olli Pitkänen, editor, First International Mobile IPR Workshop: Rights Management of Information (MobileIPR), pages 53--66. Helsinki Institute for Information Tecnhology, August 2003.
	24	Frank Tip, A Survey of Program Slicing Techniques., CWI (Centre for Mathematics and Computer Science), Amsterdam, The Netherlands, 1994
	25	Sharath K. Udupa , Saumya K. Debray , Matias Madou, Deobfuscation: Reverse Engineering Obfuscated Code, Proceedings of the 12th Working Conference on Reverse Engineering, p.45-54, November 07-11, 2005 [doi>10.1109/WCRE.2005.13]