Semantics-based code obfuscation by abstract interpretation

Preda, Mila Dalla; Giacobazzi, Roberto

doi:10.3233/jcs-2009-0345

Cited by 39 publications

(18 citation statements)

References 35 publications

(51 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Software watermarking is useful in identifying a violation once it has happened, while code obfuscation is considered a promising technique to prevent malicious attacks. In recent years, code obfuscation has attracted the attention of many researchers and this has led to the design and implementation of many obfuscation strategies (e.g., [7,18,33,34,40]) together with the study of theoretical models and frameworks for understanding the potentialities and limits of obfuscation (e.g., [2,4,16,21,25,39]).…”

Section: Introductionmentioning

confidence: 99%

“…This example shows us that, in order to formally reason on what is protected, namely what is concealed, and what is preserved, namely what is revealed, by an obfuscating transformation, we need to focus on the effects that obfuscation has on the program semantics. In [14,16] it is shown that the semantic level allows us to understand the protection capabilities and the limits of an obfuscating strategy with respect to a particular program. We start from the approach of Dalla Preda and Giacobazzi in [14,16] (then developed also in [20,21]), where a formal framework for code obfuscation is provided by taking into account the effects that an obfuscating transformation has on trace semantics, and by modeling attackers as approximations of trace semantics.…”

Section: Introductionmentioning

confidence: 99%

“…In [14,16] it is shown that the semantic level allows us to understand the protection capabilities and the limits of an obfuscating strategy with respect to a particular program. We start from the approach of Dalla Preda and Giacobazzi in [14,16] (then developed also in [20,21]), where a formal framework for code obfuscation is provided by taking into account the effects that an obfuscating transformation has on trace semantics, and by modeling attackers as approximations of trace semantics. In order to reason on the semantic aspects of obfuscation, we refer to the formal framework introduced by Cousot and Cousot [12], where the relation between syntactic and semantic transformations is formalized in terms of abstract interpretation by considering programs as abstractions of their semantics.…”

Section: Introductionmentioning

confidence: 99%

“…-Definition and extension of the semantic framework for code obfuscation developed in [14,16] in order to cope with the semantic specification of the properties, respectively, to protect and preserve (Sect. 3); -Definition, study and characterization of two function transformers: Revelation, which minimally (in the point-wise order) modifies a function in order to preserve a certain property of the input (Sect.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Characterizing a property-driven obfuscation strategy

Preda

Mastroeni

2017

JCS

Self Cite

View full text Add to dashboard Cite

In recent years, code obfuscation has attracted both researchers and software developers as a useful technique for protecting secret properties of proprietary programs. The idea of code obfuscation is to modify a program, while preserving its functionality, in order to make it more difficult to analyze. Thus, the aim of code obfuscation is to conceal certain properties to an attacker, while revealing its intended behavior. However, a general methodology for deriving an obfuscating transformation from the properties to conceal and reveal is still missing. In this work, we start to address this problem by studying the existence and the characterization of function transformers that minimally or maximally modify a program in order to reveal or conceal a certain property. Based on this general formal framework, we are able to provide a characterization of the maximal obfuscating strategy for transformations concealing a given property while revealing the desired observational behavior. To conclude, we discuss the applicability of the proposed characterization by showing how some common obfuscation techniques can be interpreted in this framework. Moreover, we show how this approach allows us to deeply understand what are the behavioral properties that these transformations conceal, and therefore protect, and which are the ones that they reveal, and therefore disclose.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Characterizing a property-driven obfuscation strategy

Preda

Mastroeni

2017

JCS

Self Cite

View full text Add to dashboard Cite

show abstract

“…As suggestions to secure implementation, we used !le name and path name obfuscations to prevent hack attacks [27]. In a preliminary version of our code, the hacker could employ !le-name and !le-path to access the sequence strips and then based on a simple routine to try the permutations.…”

Section: Implementation Issues and Securing Ncsl Codementioning

confidence: 99%

Using Theme-based Narrative Construct of Images as Passwords: Implementation and Assessment of Remembered Sequences

et al. 2017

View full text Add to dashboard Cite

Abstract-With many online engineering platforms such as virtual and remote laboratories designed for young or aged users, user authentication and passwords-based methods are being re-evaluated for tracking usage patterns and security. For ICT-enabled online engineering platforms, image-based humancentric approaches are gaining relevance for access frameworks. With the rubber-hose attacks, increased senior users, many existing systems are vulnerable to many attacks. This paper employs human uniqueness of narrative skills on an image-based password system for online platforms with focus on theme in the password generation process. To generate the secret password, a specially designed computer game was used. We used narrative constructs composed of cartoon image sequences to generate user-speci!c secret key. The durability of generated passwords and the authentication process while assessing the reconstruction process by a potential hacker was verified. For validating use of coerced attacks, under imposed psychological duress, users failed retrieving the password sequence suggesting the reliability as an anti-coercive attack cybersecurity tool. A set of experiments were used to analyze user behavior behind the image-based password system. EEG measurements demonstrated increased activity of " rhythms in F3 and FC5 channel bins and augmented levels of # rhythms in F3 and O1 channels, suggesting users added personalization to authentication more than in alpha-numeric password-based logins.

show abstract