Towards a formally verified obfuscating compiler

This paper extends the idea of specializing modified interpreters for systematically generating obfuscated code. By using the Coq proof assistant we specify some elementary obfuscations and prove that the resulting distorted interpreter is correct, namely it preserves the intended semantics of programs. The paper shows how the semantic preservation proofs generated and verified in Coq can provide a measure of the quality of the obfuscation. In particular we can observe that there is a precise corresponding between the potency of the obfuscation and the complexity of the proof of semantics preservation. Our obfuscation can be easily integrated into the CompCert C compiler, providing the basis for a formally verified obfuscating compiler which can be applied to any C program.

[1]  Roberto Giacobazzi,et al.  Hiding Information in Completeness Holes: New Perspectives in Code Obfuscation and Watermarking , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[2]  Christian S. Collberg,et al.  Toward Digital Asset Protection , 2011, IEEE Intelligent Systems.

[3]  Christine Paulin-Mohring,et al.  The Coq Proof Assistant A Tutorial , 2005 .

[4]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[5]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[6]  Stephen Drape,et al.  Specifying Imperative Data Obfuscations , 2007, ISC.

[7]  Xavier Leroy,et al.  Mechanized Semantics for the Clight Subset of the C Language , 2009, Journal of Automated Reasoning.

[8]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[9]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[10]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[11]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[12]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[13]  Glynn Winskel,et al.  The formal semantics of programming languages - an introduction , 1993, Foundation of computing series.

[14]  Roberto Giacobazzi,et al.  Obfuscation by partial evaluation of distorted interpreters , 2012, PEPM '12.