Obfuscator-LLVM -- Software Protection for the Masses

Software security with respect to reverse-engineering is a challenging discipline that has been researched for several years and which is still active. At the same time, this field is inherently practical, and thus of industrial relevance: indeed, protecting a piece of software against tampering, malicious modifications or reverse-engineering is a very difficult task. In this paper, we present and discuss a software obfuscation prototype tool based on the LLVM compilation suite. Our tool is built as different passes, where some of them have been open-sourced and are freely available, that work on the LLVM Intermediate Representation (IR) code. This approach brings several advantages, including the fact that it is language-agnostic and mostly independent of the target architecture. Our current prototype supports basic instruction substitutions, insertion of bogus control-flow constructs mixed with opaque predicates, control-flow flattening, procedures merging as well as a code tamper-proofing algorithm embedding code and data checksums directly in the control-flow flattening mechanism.

[1]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[2]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[3]  Jack W. Davidson,et al.  Protection of software-based survivability mechanisms , 2001, 2001 International Conference on Dependable Systems and Networks.

[4]  Paul C. van Oorschot,et al.  A generic attack on checksumming-based software tamper resistance , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[5]  Sean W. Smith,et al.  Building the IBM 4758 Secure Coprocessor , 2001, Computer.

[6]  Dan Boneh,et al.  Attacking an Obfuscated Cipher by Injecting Faults , 2002, Digital Rights Management Workshop.

[7]  Mariano Ceccato,et al.  Barrier Slicing for Remote Software Trusting , 2007, Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007).

[8]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[9]  Per Larsen,et al.  Security through Diversity: Are We There Yet? , 2014, IEEE Security & Privacy.

[10]  Alexandru Telea,et al.  SQuAVisiT: A Software Quality Assessment and Visualisation Toolset , 2007 .

[11]  Louis Goubin,et al.  Cryptanalysis of white box DES implementations , 2007, IACR Cryptol. ePrint Arch..

[12]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[13]  Gang Tan,et al.  Delayed and Controlled Failures in Tamper-Resistant Software , 2006, Information Hiding.

[14]  Ramarathnam Venkatesan,et al.  Proteus: virtualization for diversified tamper-resistance , 2006, DRM '06.

[15]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[16]  Mikhail J. Atallah,et al.  Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[17]  Bart Preneel,et al.  Cryptanalysis of White-Box DES Implementations with Arbitrary External Encodings , 2007, IACR Cryptol. ePrint Arch..

[18]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[19]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[20]  Robert E. Tarjan,et al.  Dynamic Self-Checking Techniques for Improved Tamper Resistance , 2001, Digital Rights Management Workshop.

[21]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[22]  S CollbergChristian,et al.  Watermarking, tamper-proffing, and obfuscation , 2002 .

[23]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[24]  Paul C. van Oorschot,et al.  Hardware-assisted circumvention of self-hashing software tamper resistance , 2005, IEEE Transactions on Dependable and Secure Computing.

[25]  Koen De Bosschere,et al.  Hybrid static-dynamic attacks against software protection mechanisms , 2005, DRM '05.

[26]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[27]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[28]  Hridesh Rajan,et al.  Tisa : Towards Trustworthy Services in a Service-oriented Architecture , 2008 .

[29]  Jack W. Davidson,et al.  A Secure and Robust Approach to Software Tamper Resistance , 2010, Information Hiding.

[30]  Hoi Chang Protecting Software Codes By Guards , 2001 .

[31]  Jack W. Davidson,et al.  Safe virtual execution using software dynamic translation , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[32]  Olivier Billet,et al.  Cryptanalysis of a White Box AES Implementation , 2004, Selected Areas in Cryptography.

[33]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[34]  Li Yang White Box Cryptography , 2022 .

[35]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[36]  Saumya K. Debray,et al.  Deobfuscation: reverse engineering obfuscated code , 2005, 12th Working Conference on Reverse Engineering (WCRE'05).

[37]  Hridesh Rajan,et al.  Tisa: Toward Trustworthy Services in a Service-Oriented Architecture , 2008, IEEE Transactions on Services Computing.

[38]  Guy N. Rothblum,et al.  On Best-Possible Obfuscation , 2007, Journal of Cryptology.

[39]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[40]  Christopher Krügel,et al.  Dymo: Tracking Dynamic Code Identity , 2011, RAID.

[41]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[42]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[43]  Per Larsen,et al.  SoK: Automated Software Diversity , 2014, 2014 IEEE Symposium on Security and Privacy.

[44]  T. Laszlo,et al.  OBFUSCATING C++ PROGRAMS VIA CONTROL FLOW FLATTENING , 2009 .

[45]  Peng Ning,et al.  Remote attestation to dynamic system properties: Towards providing complete system integrity evidence , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[46]  Jack W. Davidson,et al.  Security through Diversity: Leveraging Virtual Machine Technology , 2009, IEEE Security & Privacy.

[47]  Ramarathnam Venkatesan,et al.  Oblivious Hashing: A Stealthy Software Integrity Verification Primitive , 2002, Information Hiding.