Abstract. Code obfuscation and software watermarking are well known techniques designed to prevent the illegal reuse of software. Code obfuscation prevents malicious reverse engineering, while software watermarking protects code from piracy. An interesting class of algorithms for code obfuscation and software watermarking relies on the insertion of opaque predicates. It turns out that attackers based on a dynamic or an hybrid static-dynamic approach are either not precise or time consuming in eliminating opaque predicates. We present an abstract interpretation-based methodology for removing opaque predicates from programs. Abstract interpretation provides the right framework for proving the correctness of our approach, together with a general methodology for designing efficient attackers for a relevant class of opaque predicates. Experimental evaluations show that abstract interpretation based attacks significantly reduce the time needed to eliminate opaque predicates.

Abstract. This paper presents an implementation of the novel watermarking method proposed by Venkatesan, Vazirani, and Sinha in their recent paper A Graph Theoretic Approach to Software Watermarking. An executable program is marked by the addition of code for which the topology of the control-flow graph encodes a watermark. We discuss issues that were identified during construction of an actual implementation that operates on Java bytecode. We measure the size and time overhead of watermarking, and evaluate the algorithm against a variety of attacks. 1

Watermarking embeds a secret message into a cover message. In media watermarking the secret is usually a copyright notice and the cover a digital image. Watermarking an object discourages intellectual property theft, or when such theft has occurred, allows us to prove ownership.

Obfuscation is gaining momentum as a protection mechanism for the intellectual property contained within or encapsulated by software. Usually, one of the following three directions is followed: source code obfuscation is achieved through source code transformations, Java bytecode obfuscation through transformations on the bytecode, and binary obfuscation through binary rewriting. In this paper, we study the effectiveness of source code transformations for binary obfuscation. The transformations applied by several existing source code obfuscators are empirically shown to have no impact on the stripped binary after compilation. Subsequently, we study which source code transformations are robust enough to percolate through the compiler into the binary.

Despite the recent advances in the theory underlying obfuscation, there still is a need to evaluate the quality of practical obfuscating transformations more quickly and easily. This paper presents the first steps toward a comprehensive evaluation suite consisting of a number of deobfuscating transformations and complexity metrics that can be readily applied on existing and future transformations in the domain of binary obfuscation. In particular, a framework based on software complexity metrics measuring four program properties:code, control flow, data and data flow is suggested. A number of well-known obfuscating and deobfuscating transformations are evaluated based upon their impact on a set of complexity metrics. This enables us to quantitatively evaluate the potency of the (de)obfuscating transformations. Categories and Subject Descriptors D.2.0 [Software Engineering]:General—protection mechanisms;

Abstract—A software birthmark is an inherent characteristic of a program that can be used to identify that program. By comparing the birthmarks of two programs, it is possible to infer if one program is a copy of another. In this paper, we propose a static birthmark based on the control flow edges in Java programs. Control flow edges can represent possible behaviors in program execution. Thus, a set of the control flow edges of a program can be used as a birthmark for that program. The similarity between two programs can then be calculated by finding pairs of similar behaviors of the control flow edges in the two birthmarks. The proposed birthmark is evaluated and compared with previous approaches in terms of credibility and resilience. Experimental results show that the proposed birthmark is more reliable than previous methods for detecting programs that are suspected to be copied. Keywords-software birthmark; software security; software copyright; program analysis; I.

Code obfuscation makes it harder for a security analyst to understand the malicious payload of a program. In most cases an analyst needs to study the program at the machine code level, with little or no extra information available, apart from his experience. An unexperienced analyst is confronted with a steep learning curve, as understanding unobfuscated machine code already requires some skills. We have built LOCO, a graphical, interactive environment to help a security analyst improving his skills in understanding obfuscated code.

This paper presents LOCO, a graphical, interactive environment to experiment with code obfuscation and deobfuscation transformations, which can be applied automatically, semi-automatically and by hand. LOCO is an extension of the multi-platform visualization tool LANCET, combined with an obfuscation infrastructure in the underlying link-time program rewriter DIABLO. By use of LOCO, a developer can easily navigate through the control flow graph of a program and do fine-grained obfuscation, test new obfuscation transformations, test the robustness of existing transformations or improve existing transformations.

A software birthmark means inherent characteristics that can be used to identify a program. In this paper, we propose a birthmark technique based on object traces of Java programs. Java is an object-oriented programming language that provides various predefined class libraries that help programmers to produce software easily. In order to utilize Java class libraries, we have to use Java object instructions. The Java object instructions are hard to replace or remove, and so a set of sequences of object instructions is a proper candidate to represent inherent characteristics of a program. We propose a new birthmark using the sequences of object instructions. We evaluate the proposed birthmark with open source programs and compare it with previous static birthmarks. Experiments show that the detection capability of our birthmark is much higher than that of other static birthmarks despite obfuscations by Smokescreen and ZKM.

Abstract not found