Self-Protecting Mobile Agents Obfuscation Report Final report

This document describes our investigation into software obfuscation for building SelfProtecting Mobile Agents (SPMA). The original goal of the SPMA project was to develop automated tools to protect mobile agents from attacks by malicious hosts. In development of those tools, we realized obfuscation could not be relied upon to give a reasonable amount of security. Because of this, we redirected the SPMA project to studying obfuscation. Our conclusions include theoretical results about obfuscation and evidence that supports those results. Our most important conclusion is that there is no general obfuscation problem (i.e. a definition and theory of obfuscation that will always apply). We believe that all automated obfuscation is merely emulation; this will certainly be an area of future research. We conclude that if software obfuscation is to be useful, it must be employed for a specific purpose (not “obfuscate any program protecting all information”), and use fundamentally new ideas. Future theoretical work on obfuscation will have to define it clearly, and use a restricted set of programs, so that the result of Barak et al. [BGI+01] does not apply. In the course of developing obfuscation tools, we evaluated the properties of programming languages under several obfuscating transforms, concluding that strict typesafe programming languages were the best for obfuscation. In addition, programs specifically designed to be obfuscated will give better results, as the programmers will avoid implementing unobfuscatable constructs.

[1]  Friedemann Mattern,et al.  Mobile Agents as an Architectural Concept for Internet-Based Distributed Applications - The WASP Project Approach , 1999, Kommunikation in Verteilten Systemen.

[2]  Jack W. Davidson,et al.  Protection of software-based survivability mechanisms , 2001, 2001 International Conference on Dependable Systems and Networks.

[3]  Norman Ramsey,et al.  The New Jersey Machine-Code Toolkit , 1995, USENIX.

[4]  Jose L. Muñoz,et al.  Host Revocation Authority: A Way of Protecting Mobile Agents from Malicious Hosts , 2003, ICWE.

[5]  Joe Kilian,et al.  One-Round Secure Computation and Secure Autonomous Mobile Agents , 2000, ICALP.

[6]  Yuan Xiang Gu,et al.  THE ENCODER SOLUTION TO IMPLEMENTING TAMPER RESISTANT SOFTWARE , 2001 .

[7]  Christian S. Collberg,et al.  Breaking abstractions and unstructuring data structures , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[8]  Sumit Kumar,et al.  Better Slicing of Programs with Jumps and Switches , 2002, FASE.

[9]  Shinji Kusumoto,et al.  Maintenance support tools for Java programs: CCFinder and JAAT , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[10]  Stanley Chow,et al.  Tamper resistant software: extending trust into a hostile environment , 2001, MM&Sec '01.

[11]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[12]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[13]  Norman Ramsey,et al.  Specifying representations of machine instructions , 1997, TOPL.

[14]  Mendel Rosenblum,et al.  Embra: fast and flexible machine simulation , 1996, SIGMETRICS '96.

[15]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[16]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[17]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[18]  Gregory R. Andrews,et al.  Disassembly of executable code revisited , 2002, Ninth Working Conference on Reverse Engineering, 2002. Proceedings..

[19]  Giuseppe Visaggio,et al.  Extracting Reusable Funtions by Flow Graph-Based Program Slicing , 1997, IEEE Trans. Software Eng..

[20]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[21]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[22]  Robert E. Tarjan,et al.  Dynamic Self-Checking Techniques for Improved Tamper Resistance , 2001, Digital Rights Management Workshop.

[23]  Alain Deutsch,et al.  Interprocedural may-alias analysis for pointers: beyond k-limiting , 1994, PLDI '94.

[24]  Rajiv Gupta,et al.  Automatic generation of microarchitecture simulators , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).

[25]  Satoshi Hada,et al.  Zero-Knowledge and Code Obfuscation , 2000, ASIACRYPT.

[26]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[27]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[28]  C. Cifuentes,et al.  Machine-adaptable dynamic binary translation , 2000, Workshop on Dynamic and Adaptive Compilation and Optimization.

[29]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[30]  Christian F. Tschudin,et al.  Towards mobile cryptography , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[31]  Jack W. Davidson,et al.  Software Tamper Resistance: Obstructing Static Analysis of Programs , 2000 .

[32]  Cristina Cifuentes,et al.  Decompilation of binary programs , 1995, Softw. Pract. Exp..

[33]  Jon A. Rochlis,et al.  With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[34]  Barbara G. Ryder,et al.  Pointer-induced aliasing: a problem classification , 1991, POPL '91.

[35]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[36]  Serge Vaudenay,et al.  Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS , 2002, EUROCRYPT.

[37]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[38]  Larry Masinter,et al.  The Interlisp Programming Environment , 1981, Computer.

[39]  David W. Binkley,et al.  Program slicing , 2008, 2008 Frontiers of Software Maintenance.

[40]  Todd A. Proebsting,et al.  Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?) , 1997, COOTS.

[41]  Thomas W. Reps,et al.  Program analysis via graph reachability , 1997, Inf. Softw. Technol..

[42]  Thomas W. Reps,et al.  Program Specialization via Program Slicing , 1996, Dagstuhl Seminar on Partial Evaluation.

[43]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[44]  Frederick B. Cohen,et al.  Operating system protection through program evolution , 1993, Comput. Secur..

[45]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[46]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[47]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[48]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[49]  Fritz Hohl,et al.  A Protocol Preventing Blackbox Tests of Mobile Agents , 1999, Kommunikation in Verteilten Systemen.

[50]  Christian F. Tschudin,et al.  On Software Protection via Function Hiding , 1998, Information Hiding.

[51]  James R. Gosler,et al.  Software Protection: Myth or Reality? , 1985, CRYPTO.

[52]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[53]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[54]  John C. Knight,et al.  A security architecture for survivability mechanisms , 2001 .

[55]  Silvio Micali,et al.  Secure Computation (Abstract) , 1991, CRYPTO.

[56]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[57]  Tim Teitelbaum The Cornell Program Synthesizer: a syntax-directed programming environment , 1979, SIGP.

[58]  Robert Balzer,et al.  EXDAMS: extendable debugging and monitoring system , 1969, AFIPS '69 (Spring).

[59]  Jan Camenisch,et al.  Cryptographic security for mobile code , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[60]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[61]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..