A great deal of software is distributed in the form of executable code. The ability to reverse engineer such executables can create opportunities for theft of intellectual property via software piracy, as well as security breaches by allowing attackers to discover vulnerabilities in an application [9]. Techniques such as watermarking and fingerprinting have been developed to discourage piracy [4, 12], however, if no protective measures are taken, an attacker may be able to remove and/or destroy watermarks and fingerprints with relative ease once they have been identified. For this reason, methods such as source code obfuscation [4, 11, 3, 15], code encryption [1, 13] and self verifying code[1, 7] have been developed to help achieve some measure of tamper-resistance. It is, of course, necessary for an attacker to gain a reliable disassembly of some portion of executable code before any intelligent tampering can take place. In fact, even a reliable disassembly in the absence of some sort of control flow graph is not sufficient for serious tampering[15]. Coupled with other methods [9] we propose one method of obfuscating address computations in which the targets of control transfers are made difficult to determine statically. We describe this method in Section 2. Assuming an attacker is able to gain a reliable disassembly of a binary, it is quite possible for a malicious host to compromise any and all watermarks and/or fingerprints such that they no longer serve their intended purpose [5]. Code verification schemes that employ techniques such as check-sums have been introduced to “tamper-proof” code [2]. Such schemes must, by definition, examine the code in an executable’s text section. Done in a straightforward manner, the check-sum code will contain load instructions that reference addresses that are clearly in the text section, allowing attackers to easily identify the check-sum code and potentially disable them ([1, 2] propose ways to raise the difficulty involved in doing so). To counter such attacks we propose one method by which address computations involving text section references can be made less obvious. We discuss this in Section 3.
[1]
Vincent G. Winters.
Minimal perfect hashing in polynomial time
,
1990,
BIT Comput. Sci. Sect..
[2]
Mikhail J. Atallah,et al.
Protecting Software Code by Guards
,
2001,
Digital Rights Management Workshop.
[3]
Birgit Pfitzmann,et al.
Asymmetric Fingerprinting (Extended Abstract)
,
1996,
EUROCRYPT.
[4]
Jack W. Davidson,et al.
Software Tamper Resistance: Obstructing Static Analysis of Programs
,
2000
.
[5]
Saumya K. Debray,et al.
Obfuscation of executable code to improve resistance to static disassembly
,
2003,
CCS '03.
[6]
David Aucsmith,et al.
Tamper Resistant Software: An Implementation
,
1996,
Information Hiding.
[7]
Christian S. Collberg,et al.
Watermarking, Tamper-proong, and Obfuscation { Tools for Software Protection Watermarking, Tamper-prooong, and Obfuscation { Tools for Software Protection Module Reuse Sell Copy Buy One
,
2000
.
[8]
Clark Thomborson,et al.
Manufacturing cheap, resilient, and stealthy opaque constructs
,
1998,
POPL '98.
[9]
Robert E. Tarjan,et al.
Dynamic Self-Checking Techniques for Improved Tamper Resistance
,
2001,
Digital Rights Management Workshop.
[10]
Christian F. Tschudin,et al.
On Software Protection via Function Hiding
,
1998,
Information Hiding.
[11]
Atsuko Miyaji,et al.
Software Obfuscation on a Theoretical Basis and Its Implementation
,
2003,
IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences.