Formal verification of control-flow graph flattening

Code obfuscation is emerging as a key asset in security by obscurity. It aims at hiding sensitive information in programs so that they become more difficult to understand and reverse engineer. Since the results on the impossibility of perfect and universal obfuscation, many obfuscation techniques have been proposed in the literature, ranging from simple variable encoding to hiding the control-flow of a program. In this paper, we formally verify in Coq an advanced code obfuscation called control-flow graph flattening, that is used in state-of-the-art program obfuscators. Our control-flow graph flattening is a program transformation operating over C programs, that is integrated into the CompCert formally verified compiler. The semantics preservation proof of our program obfuscator relies on a simulation proof performed on a realistic language, the Clight language of CompCert. The automatic extraction of our program obfuscator into OCaml yields a program with competitive results.

[1]  Terry A. Welch,et al.  A Technique for High-Performance Data Compression , 1984, Computer.

[2]  Pascal Junod,et al.  Obfuscator-LLVM -- Software Protection for the Masses , 2015, 2015 IEEE/ACM 1st International Workshop on Software Protection.

[3]  Xavier Leroy,et al.  Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations , 2008, Journal of Automated Reasoning.

[4]  Xavier Leroy,et al.  Mechanized Semantics for the Clight Subset of the C Language , 2009, Journal of Automated Reasoning.

[5]  Xavier Leroy Mechanized Semantics for Compiler Verification , 2012, APLAS.

[6]  Andrew W. Appel,et al.  Separation Logic for Small-Step cminor , 2007, TPHOLs.

[7]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[8]  Yuan Xiang Gu,et al.  A compiler-based infrastructure for software-protection , 2008, PLAS '08.

[9]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[10]  Stephen Drape,et al.  Specifying Imperative Data Obfuscations , 2007, ISC.

[11]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[12]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[13]  Xavier Leroy,et al.  Formal Verification of a C Compiler Front-End , 2006, FM.

[14]  John C. Knight,et al.  A security architecture for survivability mechanisms , 2001 .

[15]  Roberto Giacobazzi,et al.  Towards a formally verified obfuscating compiler , 2012 .

[16]  Saumya K. Debray,et al.  Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[17]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[18]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.