Hacking Program Analysis: A Systematic Approach to Code Protection (Invited Talk): Invited Presentation at the Seventh International Workshop on Verification and Program Transformation
暂无分享,去创建一个
The talk concerns the design of code protecting transformations for anti reverse engineering applications. This is a gentle introduction for non-specialists to some of the results and studies I made in the last years on the limits and possibilities of making analyses imprecise by systematic code transformation. These technologies are widely used in code protection (e.g., IP protection or key protection), malware design, anti tampering, code watermarking and birth-marking of code. The battle scenario involves attackers intended to extract information by reverse engineering the code, and protecting code transformations modeled as distorted compilers devoted to inhibit these attacks. Attacks are inhibited by maximizing imprecision in all attempts made by the attacker to exploit control and data-flow of the obscured code. After a brief survey on the state of the art in the field, we introduce a model for code obfuscation which is general enough to include generic automated static and dynamic attacks. Protecting transformations are then systematically and formally derived as distorted compilers, obtained by specializing a suitably distorted interpreter for the given programming language with respect to the source code to protect. The limits of these methods are shown in the context of computational theory. Interestingly this distortion corresponds precisely to defeat the potency of the expected attacker, which is itself an interpreter and whose potency consists in its ability to extract a complete and precise view of program’s execution.