The Superdiversifier: Peephole Individualization for Software Protection

We present a new approach to individualize programs at the machine- and byte-code levels. Our superdiversification methodology is based on the compiler technique of superoptimization, which performs a brute-force search over all possible short instruction sequences to find minimum-size implementations of desired functions. Superdiversification also searches for equivalent code sequences, but we guide the search by restricting the allowed instructions and operands to control the types of generated code. Our goal is not necessarily the shortest or most optimal code sequence, but an individualized sequence identified by a secret key or other means, as determined by user-specified criteria. Also, our search is not limited to commodity instruction sets, but can work over arbitrary byte-codes designed for software randomization and protection. Applications include patch obfuscation to complicate reverse engineering and exploit creation, as well as binary diversification to frustrate malicious code tampering. We believe that this approach can serve as a useful element of a comprehensive software-protection system.

[1]  Amit Sahai,et al.  Positive Results and Techniques for Obfuscation , 2004, EUROCRYPT.

[2]  Koen De Bosschere,et al.  Software piracy prevention through diversity , 2004, DRM '04.

[3]  David Brumley,et al.  Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[4]  Ramarathnam Venkatesan,et al.  Towards integral binary execution: implementing oblivious hashing using overlapped instruction encodings , 2007, MM&Sec.

[5]  Christian S. Collberg,et al.  Breaking abstractions and unstructuring data structures , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[6]  Gang Tan,et al.  Delayed and Controlled Failures in Tamper-Resistant Software , 2006, Information Hiding.

[7]  G. S. Tseitin On the Complexity of Derivation in Propositional Calculus , 1983 .

[8]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[9]  Yael Tauman Kalai,et al.  On the impossibility of obfuscation with auxiliary input , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[10]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[11]  Ramarathnam Venkatesan,et al.  A Graph Game Model for Software Tamper Protection , 2007, Information Hiding.

[12]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[13]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[14]  Jack W. Davidson,et al.  Software Tamper Resistance: Obstructing Static Analysis of Programs , 2000 .

[15]  Ramarathnam Venkatesan,et al.  Proteus: virtualization for diversified tamper-resistance , 2006, DRM '06.

[16]  Alexander Aiken,et al.  Automatic generation of peephole superoptimizers , 2006, ASPLOS XII.

[17]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[18]  Keith H. Randall,et al.  Denali: a goal-directed superoptimizer , 2002, PLDI '02.

[19]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[20]  Angelos D. Keromytis,et al.  Hydan: Hiding Information in Program Binaries , 2004, ICICS.

[21]  Ramarathnam Venkatesan,et al.  Oblivious Hashing: A Stealthy Software Integrity Verification Primitive , 2002, Information Hiding.

[22]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.