Results 1  10
of
382
On the (im)possibility of obfuscating programs
 Lecture Notes in Computer Science
, 2001
"... Informally, an obfuscator O is an (efficient, probabilistic) “compiler ” that takes as input a program (or circuit) P and produces a new program O(P) that has the same functionality as P yet is “unintelligible ” in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic an ..."
Abstract

Cited by 189 (10 self)
 Add to MetaCart
Informally, an obfuscator O is an (efficient, probabilistic) “compiler ” that takes as input a program (or circuit) P and produces a new program O(P) that has the same functionality as P yet is “unintelligible ” in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic and complexitytheoretic applications, ranging from software protection to homomorphic encryption to complexitytheoretic analogues of Rice’s theorem. Most of these applications are based on an interpretation of the “unintelligibility ” condition in obfuscation as meaning that O(P) is a “virtual black box, ” in the sense that anything one can efficiently compute given O(P), one could also efficiently compute given oracle access to P. In this work, we initiate a theoretical investigation of obfuscation. Our main result is that, even under very weak formalizations of the above intuition, obfuscation is impossible. We prove this by constructing a family of efficient programs P that are unobfuscatable in the sense that (a) given any efficient program P ′ that computes the same function as a program P ∈ P, the “source code ” P can be efficiently reconstructed, yet (b) given oracle access to a (randomly selected) program P ∈ P, no efficient algorithm can reconstruct P (or even distinguish a certain bit in the code from random) except with negligible probability. We extend our impossibility result in a number of ways, including even obfuscators that (a) are not necessarily computable in polynomial time, (b) only approximately preserve the functionality, and (c) only need to work for very restricted models of computation (TC 0). We also rule out several potential applications of obfuscators, by constructing “unobfuscatable” signature schemes, encryption schemes, and pseudorandom function families.
Expander Graphs and their Applications
, 2003
"... Contents 1 The Magical Mystery Tour 7 1.1 Some Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.1.1 Hardness results for linear transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.1.2 Error Correcting Codes . . . . . . . ..."
Abstract

Cited by 188 (5 self)
 Add to MetaCart
Contents 1 The Magical Mystery Tour 7 1.1 Some Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.1.1 Hardness results for linear transformation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.1.2 Error Correcting Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.1.3 Derandomizing Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 1.2 Magical Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 1.2.1 A Super Concentrator with O(n) edges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.2.2 Error Correcting Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.2.3 Derandomizing Random Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 1.3 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A metanotation for protocol analysis
 in: Proc. CSFW’99
, 1999
"... Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the “DolevYao model. ” In this paper, we use a multiset rewriting formalism, based on linear logic, to state the basic assumptions of this model. A characteristic of our formalism is the w ..."
Abstract

Cited by 142 (33 self)
 Add to MetaCart
Most formal approaches to security protocol analysis are based on a set of assumptions commonly referred to as the “DolevYao model. ” In this paper, we use a multiset rewriting formalism, based on linear logic, to state the basic assumptions of this model. A characteristic of our formalism is the way that existential quantification provides a succinct way of choosing new values, such as new keys or nonces. We define a class of theories in this formalism that correspond to finitelength protocols, with a bounded initialization phase but allowing unboundedly many instances of each protocol role (e.g., client, server, initiator, or responder). Undecidability is proved for a restricted class of these protocols, and PSPACEcompleteness is claimed for a class further restricted to have no new data (nonces). Since it is a fragment of linear logic, we can use our notation directly as input to linear logic tools, allowing us to do proof search for attacks with relatively little programming effort, and to formally verify protocol transformations and optimizations. 1
Procedural Modeling of Buildings
"... CGA shape, a novel shape grammar for the procedural modeling of CG architecture, produces building shells with high visual quality and geometric detail. It produces extensive architectural models for computer games and movies, at low cost. Context sensitive shape rules allow the user to specify inte ..."
Abstract

Cited by 130 (11 self)
 Add to MetaCart
CGA shape, a novel shape grammar for the procedural modeling of CG architecture, produces building shells with high visual quality and geometric detail. It produces extensive architectural models for computer games and movies, at low cost. Context sensitive shape rules allow the user to specify interactions between the entities of the hierarchical shape descriptions. Selected examples demonstrate solutions to previously unsolved modeling problems, especially to consistent mass modeling with volumetric shapes of arbitrary orientation. CGA shape is shown to efficiently generate massive urban models with unprecedented level of detail, with the virtual rebuilding of the archaeological site of Pompeii as a case in point.
Pseudonym Systems
, 1999
"... Pseudonym systems allow users to interact with multiple organizations anonymously, using pseudonyms. The pseudonyms cannot be linked, but are formed in such a way that a user can prove to one organization a statement about his relationship with another. Such statement is called a credential. Previou ..."
Abstract

Cited by 118 (11 self)
 Add to MetaCart
Pseudonym systems allow users to interact with multiple organizations anonymously, using pseudonyms. The pseudonyms cannot be linked, but are formed in such a way that a user can prove to one organization a statement about his relationship with another. Such statement is called a credential. Previous work in this area did not protect the system against dishonest users who collectively use their pseudonyms and credentials, i.e. share an identity. Previous practical schemes also relied very heavily on the involvement of a trusted center. In the present paper we give a formal definition of pseudonym systems where users are motivated not to share their identity, and in which the trusted center's involvement is minimal. We give theoretical constructions for such systems based on any oneway function. We also suggest an efficient and easy to implement practical scheme. This is joint work with Ronald L. Rivest and Amit Sahai.
Exploiting coarsegrained task, data, and pipeline parallelism in stream programs
 In 14th International Conference on Architectural Support for Programming Languages and Operating Systems
, 2006
"... As multicore architectures enter the mainstream, there is a pressing demand for highlevel programming models that can effectively map to them. Stream programming offers an attractive way to expose coarsegrained parallelism, as streaming applications (image, video, DSP, etc.) are naturally represen ..."
Abstract

Cited by 90 (5 self)
 Add to MetaCart
As multicore architectures enter the mainstream, there is a pressing demand for highlevel programming models that can effectively map to them. Stream programming offers an attractive way to expose coarsegrained parallelism, as streaming applications (image, video, DSP, etc.) are naturally represented by independent filters that communicate over explicit data channels. In this paper, we demonstrate an endtoend stream compiler that attains robust multicore performance in the face of varying application characteristics. As benchmarks exhibit different amounts of task, data, and pipeline parallelism, we exploit all types of parallelism in a unified manner in order to achieve this generality. Our compiler, which maps from the StreamIt language to the 16core Raw architecture, attains a 11.2x mean speedup over a singlecore baseline, and a 1.84x speedup over our previous work. Categories and Subject Descriptors D.3.2 [Programming Languages]:
Ether: Malware Analysis via Hardware Virtualization Extensions
 In Proceedings of the 15th ACM Conference on Computer and Communications Security
, 2008
"... Malware has become the centerpiece of most security threats on the Internet. Malware analysis is an essential technology that extracts the runtime behavior of malware, and supplies signatures to detection systems and provides evidence for recovery and cleanup. The focal point in the malware analysis ..."
Abstract

Cited by 68 (7 self)
 Add to MetaCart
Malware has become the centerpiece of most security threats on the Internet. Malware analysis is an essential technology that extracts the runtime behavior of malware, and supplies signatures to detection systems and provides evidence for recovery and cleanup. The focal point in the malware analysis battle is how to detect versus how to hide a malware analyzer from malware during runtime. Stateoftheart analyzers reside in or emulate part of the guest operating system and its underlying hardware, making them easy to detect and evade. In this paper, we propose a transparent and external approach to malware analysis, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any sideeffects that are unconditionally detectable by malware. Our analyzer, Ether, is based on a novel application of hardware virtualization extensions such as Intel VT, and resides completely outside of the target OS environment. Thus, there are no inguest software components vulnerable to detection, and there are no shortcomings that arise from incomplete or inaccurate system emulation. Our experiments are based on our study of obfuscation techniques used to create 25,000 recent malware samples. The results show that Ether remains transparent and defeats the obfuscation tools that evade existing approaches.
Optimal inequalities in probability theory: A convex optimization approach
 SIAM Journal of Optimization
"... Abstract. We propose a semidefinite optimization approach to the problem of deriving tight moment inequalities for P (X ∈ S), for a set S defined by polynomial inequalities and a random vector X defined on Ω ⊆Rn that has a given collection of up to kthorder moments. In the univariate case, we provi ..."
Abstract

Cited by 66 (10 self)
 Add to MetaCart
Abstract. We propose a semidefinite optimization approach to the problem of deriving tight moment inequalities for P (X ∈ S), for a set S defined by polynomial inequalities and a random vector X defined on Ω ⊆Rn that has a given collection of up to kthorder moments. In the univariate case, we provide optimal bounds on P (X ∈ S), when the first k moments of X are given, as the solution of a semidefinite optimization problem in k + 1 dimensions. In the multivariate case, if the sets S and Ω are given by polynomial inequalities, we obtain an improving sequence of bounds by solving semidefinite optimization problems of polynomial size in n, for fixed k. We characterize the complexity of the problem of deriving tight moment inequalities. We show that it is NPhard to find tight bounds for k ≥ 4 and Ω = Rn and for k ≥ 2 and Ω = Rn +, when the data in the problem is rational. For k =1andΩ=Rn + we show that we can find tight upper bounds by solving n convex optimization problems when the set S is convex, and we provide a polynomial time algorithm when S and Ω are unions of convex sets, over which linear functions can be optimized efficiently. For the case k =2andΩ=Rn, we present an efficient algorithm for finding tight bounds when S is a union of convex sets, over which convex quadratic functions can be optimized efficiently. Key words. optimization probability bounds, Chebyshev inequalities, semidefinite optimization, convex
HAMPI: A Solver for String Constraints
, 2009
"... Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraintgeneration phase followed by a constraintsolving phase. This separation of concerns often leads to more effective and maintainable tools. The increasing efficiency of offtheshelf ..."
Abstract

Cited by 62 (19 self)
 Add to MetaCart
Many automatic testing, analysis, and verification techniques for programs can be effectively reduced to a constraintgeneration phase followed by a constraintsolving phase. This separation of concerns often leads to more effective and maintainable tools. The increasing efficiency of offtheshelf constraint solvers makes this approach even more compelling. However, there are few effective and sufficiently expressive offtheshelf solvers for string constraints generated by analysis techniques for stringmanipulating programs. We designed and implemented Hampi, a solver for string constraints over fixedsize string variables. Hampi constraints express membership in regular languages and fixedsize contextfree languages. Hampi constraints may contain contextfreelanguage definitions, regularlanguage definitions and operations, and the membership predicate. Given a set of constraints, Hampi outputs a string that satisfies all the constraints, or reports that the constraints are unsatisfiable. Hampi is expressive and efficient, and can be successfully applied to testing and analysis of real programs. Our experiments use Hampi in: static and dynamic analyses for finding SQL injection vulnerabilities in Web applications; automated bug finding in C programs using systematic testing; and compare Hampi with another string solver. Hampi’s source code, documentation, and the experimental data are available at