Maximal incompleteness as obfuscation potency

Obfuscation is the art of making code hard to reverse engineer and understand. In this paper, we propose a formal model for specifying and understanding the strength of obfuscating transformations with respect to a given attack model. The idea is to consider the attacker as an abstract interpreter willing to extract information about the program’s semantics. In this scenario, we show that obfuscating code is making the analysis imprecise, namely making the corresponding abstract domain incomplete. It is known that completeness is a property of the abstract domain and the program to analyse. We introduce a framework for transforming abstract domains, i.e., analyses, towards incompleteness. The family of incomplete abstractions for a given program provides a characterisation of the potency of obfuscation employed in that program, i.e., its strength against the attack specified by those abstractions. We show this characterisation for known obfuscating transformations used to inhibit program slicing and automated disassembly.

[1]  Roberto Giacobazzi,et al.  Obfuscation by partial evaluation of distorted interpreters , 2012, PEPM '12.

[2]  Roberto Giacobazzi,et al.  A weakening residuation in adjoining closures , 2015 .

[3]  Thomas W. Reps,et al.  Program Specialization via Program Slicing , 1996, Dagstuhl Seminar on Partial Evaluation.

[4]  Roberto Giacobazzi,et al.  Refining and Compressing Abstract Domains , 1997, ICALP.

[5]  Roberto Giacobazzi,et al.  Incompleteness, Counterexamples, and Refinements in Abstract Model-Checking , 2001, SAS.

[6]  Saumya K. Debray,et al.  Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[7]  Roberto Giacobazzi,et al.  Semantic-Based Code Obfuscation by Abstract Interpretation , 2005, ICALP.

[8]  Damiano Zanardini,et al.  Data dependencies and program slicing: from syntax to abstract semantics , 2008, PEPM '08.

[9]  Agostino Cortesi,et al.  Complementation in abstract interpretation , 1997, TOPL.

[10]  Roberto Giacobazzi,et al.  Hiding Information in Completeness Holes: New Perspectives in Code Obfuscation and Watermarking , 2008, 2008 Sixth IEEE International Conference on Software Engineering and Formal Methods.

[11]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[12]  Roberto Giacobazzi,et al.  Making Abstract Interpretation Incomplete: Modeling the Potency of Obfuscation , 2012, SAS.

[13]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1988, SIGP.

[14]  Mark Weiser,et al.  Program Slicing , 1981, IEEE Transactions on Software Engineering.

[15]  Wuu Yang,et al.  The Semantics of Program Slicing and Program Integration , 1989, TAPSOFT, Vol.2.

[16]  Keith Brian Gallagher,et al.  Using Program Slicing in Software Maintenance , 1991, IEEE Trans. Software Eng..

[17]  Patrick Cousot,et al.  The calculational design of a generic abstract interpreter , 1999 .

[18]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[19]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[20]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[21]  Stephen Drape,et al.  Specifying Imperative Data Obfuscations , 2007, ISC.

[22]  Gilberto Filé,et al.  Complementation of Abstract Domains made Easy , 1996, JICSLP.

[23]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[24]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[25]  Roberto Giacobazzi,et al.  Analyzing Program Analyses , 2015, POPL.

[26]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[27]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.

[28]  Patrick Cousot,et al.  Abstract Interpretation Frameworks , 1992, J. Log. Comput..

[29]  Francesco Logozzo,et al.  Refining Abstract Interpretation-Based Static Analyses with Hints , 2009, APLAS.

[30]  Stephen Drape,et al.  Slicing obfuscations: design, correctness, and evaluation , 2007, DRM '07.

[31]  Roberto Giacobazzi,et al.  Uniform Closures: Order-Theoretically Reconstructing Logic Program Semantics and Abstract Domain Refinements , 1998, Inf. Comput..

[32]  Rico Neumann,et al.  Obfuscation: A user’s guide for privacy and protest , 2017, New Media Soc..

[33]  Peter Sestoft,et al.  Partial evaluation and automatic program generation , 1993, Prentice Hall international series in computer science.

[34]  Roberto Giacobazzi,et al.  Semantics-based code obfuscation by abstract interpretation , 2009, J. Comput. Secur..

[35]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.