Unveiling and Veiling Information in Programs

In this extended abstract we survey the most recent developments in code obfuscation and protection from a programming languages perspective. Starting from known impossibility results on universal and general purpose code obfuscation, we show that provably secure obfuscation can be achieved by constraining the attack model. This corresponds to associate attacks with suitable forms of interpretation. In this context it is always possible to systematically making code obscure, making this interpretation failing in extracting (attacking) code. The code transformation can itself be specified as the specialization of a distorted interpreter.

[1]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.

[2]  Neil D. Jones,et al.  Transformation by interpreter specialisation , 2004, Sci. Comput. Program..

[3]  Roberto Giacobazzi,et al.  Obfuscation by partial evaluation of distorted interpreters , 2012, PEPM '12.

[4]  Li Yang White Box Cryptography , 2022 .

[5]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[6]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[7]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[8]  Roberto Giacobazzi,et al.  Towards a formally verified obfuscating compiler , 2012 .

[9]  Christian S. Collberg,et al.  Toward Digital Asset Protection , 2011, IEEE Intelligent Systems.

[10]  Roberto Giacobazzi,et al.  Refining and Compressing Abstract Domains , 1997, ICALP.

[11]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[12]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[13]  Markus G. Kuhn,et al.  Information hiding-a survey , 1999, Proc. IEEE.

[14]  Roberto Giacobazzi,et al.  Hiding Information in Completeness Holes: New Perspectives in Code Obfuscation and Watermarking , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[15]  Roberto Giacobazzi,et al.  Semantics-based code obfuscation by abstract interpretation , 2009, J. Comput. Secur..

[16]  Roberto Giacobazzi,et al.  Making Abstract Interpretation Incomplete: Modeling the Potency of Obfuscation , 2012, SAS.

[17]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[18]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.