## Obfuscation of Abstract Data Types (2004)

Citations: | 4 - 0 self |

### BibTeX

@TECHREPORT{Drape04obfuscationof,

author = {Stephen Drape},

title = {Obfuscation of Abstract Data Types},

institution = {},

year = {2004}

}

### OpenURL

### Abstract

An obfuscation is a behaviour-preserving program transformation whose aim is to make a program “harder to understand”. Obfuscations are applied to make reverse engineering of a program more difficult. Two concerns about an obfuscation are whether it preserves behaviour (i.e. it is correct) and the degree to which it maintains efficiency. Obfuscations are applied mainly to object-oriented programs but constructing proofs of correctness for such obfuscations is a challenging task. It is desirable to have a workable definition of obfuscation which is more rigorous than the metric-based definition of Collberg et al. and overcomes the impossibility result of Barak et al. for their strong cryptographic definition. We present a fresh approach to obfuscation by obfuscating abstract datatypes allowing us to develop structure-dependent obfuscations that would otherwise (traditionally) not be available. We regard obfuscation as data refinement enabling us to produce equations for proving correctness and we model the datatype

### Citations

1502 |
Refactoring: Improving the Design of Existing Code
- Fowler
- 2000
(Show Context)
Citation Context ...neering is to execute the program and then study the program traces. If random obfuscations (see Section 8.1.4) are used then different program traces can be created. Another technique is refactoring =-=[27]-=- which is the process of improving the design of existing code by performing behaviour-preserving transformations. One particular area to explore is the refactoring of functional programs — [35] gives... |

1354 | Introduction to Functional Programming
- Bird
- 1998
(Show Context)
Citation Context ...on for + in the proof of the assertion for +asp). For filterasp, we may expect to define filterasp p 〈l,r〉asp = 〈filter p l, filter p r〉asp But, for example, would give filterasp (odd) 〈[1, 4, 6, 8], =-=[2, 5, 7]-=-〉asp 〈[1], [5, 7]〉asp which violates the Invariant (4.11). However, we can define filterasp as follows: gives filterasp p 〈[ ], [ ]〉asp = 〈[ ], [ ]〉asp filterasp p 〈a : r,l〉asp = if p a then consasp a... |

942 |
A Complexity Measure
- McCabe
- 1976
(Show Context)
Citation Context ...nderstand”. Collberg et al. [10] do not define obfuscation but instead qualify “hard to understand” by using various metrics which measure the complexity of code. For example: • Cyclomatic Complexity =-=[37]-=- — the complexity of a function increases with the number of predicates in the function. • Nesting Complexity [29] — the complexity of a function increases with the nesting level of conditionals in th... |

791 | Introduction to Algorithms, Second Edition - Cormen, Leiserson, et al. - 2001 |

710 |
Universal classes of hash functions
- Carter, Wegman
- 1977
(Show Context)
Citation Context ...−1〉sp Now let us consider how we can split lists using the two example splits in Section 4.1.3. 4.3.2 Alternating Split We now define the alternating split for lists. For example, we would like: then =-=[4, 3, 1, 1, 5, 8, 2]-=- ❀ 〈[4, 1, 5, 2], [3, 1, 8]〉asp Using the definitions of ch and F from Section 4.1.3, if xs ❀ 〈l,r〉asp xs !! n = � l !! (n div 2) if n mod 2 = 0 r !! (n div 2) otherwise where n < |xs|. The representa... |

509 | Programming from Specifications - Morgan |

308 | Functional programming with bananas, lenses, envelopes and barbed wire
- Meijer, Paterson
- 1991
(Show Context)
Citation Context ...lise obfuscations. While it is certainly true that our approach has used simple techniques, is it general enough? For more generality categories could be obfuscated and concepts such as hylomorphisms =-=[38]-=- could be used. Barak et al. [6] provide a formal cryptographic treatment of obfuscation by obfuscating Turing machines. How does our approach and, in particular, our definition compare with their app... |

243 | A taxonomy of obfuscating transformations
- Collberg, Thomborson, et al.
- 1997
(Show Context)
Citation Context ...ements of the array? The obfuscation was achieved by using some of the methods outlined in this thesis. Aims of the thesis The current view of obfuscation (in particular, the paper by Collberg et al. =-=[10]-=-) concentrates on object-oriented programs. In [10], obfuscations for constructs such as loops, arrays and methods are stated informally: without proofs of correctness. Constructing proofs of correctn... |

239 | Predicate Calculus and Program Semantics - Dijkstra, Scholten - 1990 |

225 | On the (im)possibility of obfuscating programs
- Barak, Goldreich, et al.
- 2001
(Show Context)
Citation Context ...l properties inherent in the data-type; and the ability to create random obfuscations. We also provide a new definition of obfuscation that avoids the impossibility problem considered by Barak et al. =-=[6]-=- and is appropriate for our data-type approach. Structure of the thesis The thesis is structured as follows: • In Chapters 1 and 2 we consider the current view of obfuscation. In Chapter 1 we discuss ... |

224 | Cayenne – a Language with Dependent Types
- Augustsson
- 1998
(Show Context)
Citation Context ... to define arbitrary tuples (also we cannot use a list as the functions may have different types). If we want to implement this function then we could use a dependently typed language such as Cayenne =-=[4]-=-. So, for an operation f :: S1 × S2 × . . . × Sn → T an obfuscation f O of f (with respect to the relevant abstraction functions) satisfies: f · cross (afS1,afS2, . . . ,afSn) = afT · f O If we have a... |

180 | Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs
- Collberg, Thomborson, et al.
- 1998
(Show Context)
Citation Context ... OBFUSCATION 14 These three properties are measured informally on a non-numerical scale (e.g. for resilience, the scale is trivial, weak, strong, full, one-way). Another useful measure is the stealth =-=[12]-=- of an obfuscation. An obfuscation is stealthy if it does not “stand out” from the rest of the program, i.e. it resembles the original code as much as possible. Stealth is context-sensitive — what is ... |

165 |
Data Refinement: ModelOriented Proof Methods and their Comparison. Cambridge Tracts in Theoretical Computer Science
- Roever, Engelhardt
- 1998
(Show Context)
Citation Context ...uch as side-effects, exceptions and pointers. For our framework, we model data-type operations using a functional language (see Section 3.1.2 for more details) and view obfuscation as data refinement =-=[16]-=-. Using these mathematical techniques allow us to prove the correctness of all our obfuscations and also for some obfuscations we will be able to derive an obfuscated operation from an unobfuscated on... |

138 | Software watermarking: Models and dynamic embeddings
- Collberg, Thomborson
- 1999
(Show Context)
Citation Context ...mping” a product. Stamps are used for copyright protection — but they still do not prevent people from stealing parts of the program, although there are methods for embedding a watermark in a program =-=[9, 42]-=-. 12sCHAPTER 1. OBFUSCATION 13 • Encryption — an encryption algorithm could be used to encrypt the entire code or parts of the code. However, the decryption process must be in the executable and so a ... |

105 | The Craft of Functional Programming - Thompson, Haskell - 1996 |

101 |
The Haskell 98 language and libraries: the revised report
- Jones
- 2003
(Show Context)
Citation Context ...ons. Since we aim for a more mathematical approach in which we want to prove correctness easily, we should use a language that reflects this approach. We choose to use the functional language Haskell =-=[43]-=- to specify operations and obfuscations (note that we are not aiming to obfuscate Haskell code but to use Haskell as a modelling language). Haskell is a suitable language as its mathematical flavour l... |

95 |
The Z notation: a reference manual (Second Edition
- Spivey
- 1992
(Show Context)
Citation Context ...� � � � � � declaration � � dti � � � � � � operations: � � f1 :: T1 � � f2 :: T2 � � . . . � � fn :: Tn � � � � � � assertions � which borrows features from modules in [39, Chapter 16] and Z schemas =-=[50]-=-. This notation acts as a “module” for the data-type D which means that only the operations defined in this data-type are “visible” to other data-types. We may define other operations that act on D bu... |

83 | Breaking abstractions and unstructuring data structures
- Collberg, Thomborson, et al.
(Show Context)
Citation Context ... the chapter (and for Chapter 2) we will use the notion of obfuscation from Collberg et al. [10]. 1.3 Examples of obfuscations This section summarises some of the major obfuscations published to date =-=[10, 11, 12]-=-. First, we consider some of the commercial obfuscators available and then discuss some data structure and control flow obfuscations that are not commonly implemented by commercial obfuscators.sCHAPTE... |

79 | Automatically proving the correctness of compiler optimizations
- Lerner, Millstein, et al.
- 2003
(Show Context)
Citation Context ...used to prove the correctness of some optimisations. This method is quite complicated but seems suited to automation — a technique for automatically proving the soundness of optimisations is given in =-=[34]-=-. The proofs given in [33] are difficult since they require setting up complicated semantics and a proof is too detailed to be stated here. For instance, the proof of a code motion transformation take... |

56 | Proving correctness of compiler optimizations by temporal logic
- Lacey, Jones, et al.
- 2002
(Show Context)
Citation Context ...er we have not been concerned with the correctness of the transformations, i.e. whether a transformation is behaviour-preserving. Proving the correctness of a transformation is a challenging task. In =-=[33]-=- a framework is provided for proving the correctness of compiler optimisations that are expressedsCHAPTER 2. OBFUSCATIONS FOR INTERMEDIATE LANGUAGE 42 in temporal logic. A simple language consisting o... |

55 | Tool support for refactoring functional programs
- Li, Reinke, et al.
- 2003
(Show Context)
Citation Context ...oring [27] which is the process of improving the design of existing code by performing behaviour-preserving transformations. One particular area to explore is the refactoring of functional programs — =-=[35]-=- gives a discussion of a tool for refactoring Haskell called HaRe. What happens to our obfuscations if they are refactored? Could HaRe be used to specify obfuscations? 8.2.2 Other techniques In Chapte... |

49 |
An Algorithm for Structuring Flow Graphs
- Baker
- 1977
(Show Context)
Citation Context ... So when splitting each list, we need to provide a list of Booleans that tells us how to split the list — such a list can be a decision value for this split. For example, we want to split up the list =-=[1, 2, 3, 4, 5, 6]-=-. Then using the list [F,F,F,T,F,T] [1, 2, 3, 4, 5, 6] ❀ 〈[1, 2, 3, 5], [4, 6]〉 Instead of providing a list of Booleans, we could use a natural number — we can take this number to be the decision valu... |

49 | Type-Oriented Logic Meta Programming
- Volder
- 1998
(Show Context)
Citation Context ...ioned in Section 2.3.5, the strategy language used in the toolkit was based on Stratego [55]. Some other transformation systems that provided inspiration for PLP are briefly described below. • TyRuBa =-=[17]-=- is based on representing programs as logic propositions. The system is not really used for program transformations; instead it is used for the implementation of classes and interfaces. • Gospel [56] ... |

49 | The Under-appreciated Unfold
- Gibbons, Jones
- 1998
(Show Context)
Citation Context ...t α → β foldr f e [ ] = e foldr f e (x : xs) = f x (foldr f e xs)sCHAPTER 3. TECHNIQUES FOR OBFUSCATION 61 Unfolds are less commonly known than folds and for unfoldr we follow the definition given in =-=[28]-=-: unfoldr :: (α → B) → (α → β) → (α → α) → α → List β unfoldr � p f g x � � p x = [ ] � otherwise = (f x) : (unfoldr p f g (g x)) A fold consumes a list to produce a new data-structure whilst an unfol... |

46 |
ECMA-335: Common Language Infrastructure (CLI
- Standard
- 2006
(Show Context)
Citation Context ...ss the need for obfuscation and summarise some of the obfuscations from [10]. Also we evaluate the definitions for obfuscation given in [6, 10]. In Chapter 2 we look at the .NET Intermediate Language =-=[23]-=- and discuss joint work with Oege de Moor and Ganesh Sittampalam that allows us to write some specifications of obfuscations for Intermediate Language. • In Chapter 3 we give an alternative view of ob... |

44 | Taming Control Flow: A Structured Approach to Eliminating GOTO Statements
- Erosa, Hendren
- 1994
(Show Context)
Citation Context ...ithm for transforming a flow graph into a program which contains constructs such as if/then/else and repeat and Ramshaw [44] shows how many goto statements can be eliminated. An algorithm is given in =-=[24]-=- which eliminates goto statements by applying a sequence of transformations to move a goto. This is followed by a gotoeliminating transformation which introduces extra variables and predicates. Extens... |

42 | Experience with software watermarking
- Palsberg, Krishnaswamy, et al.
- 2000
(Show Context)
Citation Context ...mping” a product. Stamps are used for copyright protection — but they still do not prevent people from stealing parts of the program, although there are methods for embedding a watermark in a program =-=[9, 42]-=-. 12sCHAPTER 1. OBFUSCATION 13 • Encryption — an encryption algorithm could be used to encrypt the entire code or parts of the code. However, the decryption process must be in the executable and so a ... |

36 |
Eliminating goto’s while preserving program structure
- Ramshaw
- 1988
(Show Context)
Citation Context ...e need to recover loops as well as expressions from IL. Baker [5] gives an algorithm for transforming a flow graph into a program which contains constructs such as if/then/else and repeat and Ramshaw =-=[44]-=- shows how many goto statements can be eliminated. An algorithm is given in [24] which eliminates goto statements by applying a sequence of transformations to move a goto. This is followed by a gotoel... |

28 | Public protection of software
- Herzberg, Pinter
- 1987
(Show Context)
Citation Context ...ust be in the executable and so a client could intercept the code after decryption has taken place. The only really viable option is for the encryption and decryption processes take place in hardware =-=[30]-=-. 1.2 Obfuscation We now consider a different technique for software protection: code obfuscation. An obfuscation is a behaviour-preserving transformation whose aim is to make a program “harder to und... |

27 | Viewing a Program Transformation System at Work
- Paige
- 1994
(Show Context)
Citation Context ...y. 2.4.2 Transformation Systems PLP uses the idea of Universal Regular Path Queries [14] in which transformations are expressed as logic predicates using regular expressions. The APTS system of Paige =-=[41]-=- was also a major source of inspiration. In APTS, program transformations are expressed as rewrite rules, with side conditions expressed as Boolean functions on the abstract syntax tree, and data obta... |

23 |
A complexity measure based on nesting level
- Harrison, Magel
- 1981
(Show Context)
Citation Context ...us metrics which measure the complexity of code. For example: • Cyclomatic Complexity [37] — the complexity of a function increases with the number of predicates in the function. • Nesting Complexity =-=[29]-=- — the complexity of a function increases with the nesting level of conditionals in the function. • Data-Structure Complexity [40] — the complexity increases with the complexity of the static data str... |

21 | Inside C - Archer, Whitechapel - 2001 |

21 |
Vijay Sundaresan. Optimizing Java bytecode using the soot framework: Is it feasible
- Vallé-Rai, Gagnon, et al.
- 2000
(Show Context)
Citation Context ...ocation and replace each IL instruction with an assignment. As we use only verifiable IL, this translation is possible. EIL is analogous to both the Jimple and Grimp languages from the SOOT framework =-=[53, 54]-=- — the initial translation produces code similar to the threeaddress code of Jimple, and assignment merging leaves us with proper expressions like those of Grimp.sCHAPTER 2. OBFUSCATIONS FOR INTERMEDI... |

20 | Transforming the .NET intermediate language using path logic programming - Drape, Moor, et al. - 2002 |

19 |
Measurement of data structure complexity
- Munson, Khoshgoftaar
- 1993
(Show Context)
Citation Context ...s with the number of predicates in the function. • Nesting Complexity [29] — the complexity of a function increases with the nesting level of conditionals in the function. • Data-Structure Complexity =-=[40]-=- — the complexity increases with the complexity of the static data structures declared in a program. For example, the complexity of an array increases with the number of dimensions and with the comple... |

18 | Incremental execution of transformation specifications
- Sittampalam, Moor, et al.
- 2004
(Show Context)
Citation Context ...applying a sequence of transformations to move a goto. This is followed by a gotoeliminating transformation which introduces extra variables and predicates. Extensions of EIL and PLP are discussed in =-=[47]-=- in which the specification language has a new primitive: paths(B,P) which states that all paths through B satisfy the pattern P and the language can match expressions of the form: while(Cond,Body) Th... |

10 |
Universal regular path queries. Higher Order and Symbolic
- Moor, Lacey, et al.
(Show Context)
Citation Context ...form: while(Cond,Body) These extensions should allow the specification in Section 2.3.8 to be written more succinctly. 2.4.2 Transformation Systems PLP uses the idea of Universal Regular Path Queries =-=[14]-=- in which transformations are expressed as logic predicates using regular expressions. The APTS system of Paige [41] was also a major source of inspiration. In APTS, program transformations are expres... |

6 |
Oege de Moor. Imperative Program Transformation by Rewriting
- Lacey
- 2001
(Show Context)
Citation Context ...te instructions and replacing all occurrences of these instructions by a set ofsCHAPTER 2. OBFUSCATIONS FOR INTERMEDIATE LANGUAGE 28 new instructions. This replacement is an example of a rewrite rule =-=[32]-=-: L ⇒ R if c which says that if the condition c is true then we replace each occurrence of L with R. This form of rewrite rule can be automated and we summarise the transformation toolkit described in... |

5 | Data Types and Data Structures - Martin - 1986 |

3 |
Specifying Compiler Optimisations in Temporal Logic
- Lacey
- 2003
(Show Context)
Citation Context ...ge to express program-improving transformations. This needs a declaration of variables (which might be statements), a precondition consisting of a code pattern and dependencies and an action. • TRANS =-=[31]-=- is a language in which temporal logic is used to specify transformations with rewrite rules. The specification language has constructors such as E (there exist a path) and A (for all paths) for expre... |

2 |
Using Haskell to Model Tree Obfuscations
- Drape
- 2004
(Show Context)
Citation Context ...oofs as we want to prove results in a consistent way and any rules (such as fusion) will have to be proved and declared as lemmas. This means that a standard derivational proof is often shorter — see =-=[21]-=- for a discussion of using folds to show the correctness of an operation. In [19], we derive some operations using the fusion theorem and in Section C, we prove that transpose is an involution by usin... |

2 |
NET decompiler. Available from URL: http://www.remotesoft.com/salamander/index.html
- Salamander
(Show Context)
Citation Context ...arious source languages. IL is a typed stack based language and since it is at quite a high level, it is fairly easy to decompile IL to C# [3]. Two example decompilers are Anakrino [2] and Salamander =-=[45]-=-. IL is similar to Java bytecode but more complicated as it is the compilation target for various languages. Programs written using .NET are distributed as portable executables (PEs) which are compact... |

2 |
NET obfuscator. Available from URL: http://www.remotesoft.com/salamander/obfuscator.html
- Salamander
(Show Context)
Citation Context ...tring encryption which encrypts strings such as error messages which are decrypted at runtime. It also uses a flow obfuscation that tries to change the structure of loops by using gotos. • Salamander =-=[46]-=- Variable renaming is used to try to convert all names to “A” — overloading is then used to distinguish between different methods and fields. Any unneccesary meta-data (such as debug information and p... |

2 |
Logic Programming for Programmers
- Spivey
- 1996
(Show Context)
Citation Context ...neralised obfuscations given in Section 1.3. 2.3.1 Path Logic Programming Path Logic Programming (PLP) is a new language developed for the specification of program transformations. PLP extends Prolog =-=[51]-=- with new primitives to help express the side conditions of transformations. The Prolog program will be interpreted relative to the flow graph of the object program that is being transformed. One new ... |

1 |
Avaliable from URL: http://www.saurik.com/net/exemplar
- decompiler
(Show Context)
Citation Context ...e value of k before the split is performed and we need to keep the value constant. The value of k determines how the list is split — we call such a value the decision value for a split. For instance, =-=[4, 3, 1, 1, 5, 8, 2]-=- ❀ 〈[4, 3, 1], [1, 5, 8, 2]〉 b(3) Using the definitions of ch and F from Section 4.1.3 we can define an access operation, so if xs ❀ 〈l,r〉 b(k)sCHAPTER 4. SPLITTING HEADACHES 78 then xs !! n = � l !! ... |

1 |
The Matrix Obfuscated
- Drape
- 2004
(Show Context)
Citation Context ...n) will have to be proved and declared as lemmas. This means that a standard derivational proof is often shorter — see [21] for a discussion of using folds to show the correctness of an operation. In =-=[19]-=-, we derive some operations using the fusion theorem and in Section C, we prove that transpose is an involution by using fold fusion. 3.6 Example Data-Types In the next four chapters, to show the gene... |

1 | Obfuscating Set Representations - Drape - 2004 |

1 |
Available from URL: http://www.force5.com/JCloak/ProductJCloak.html
- JCloak
(Show Context)
Citation Context ...ypted strings by passing them through the decryption method. Thus string encryption should not be considered as strong protection. Here are some obfuscators which are commercially available: • JCloak =-=[26]-=- This works on all classes in a program by looking at the symbolic references in the class file and generating a new unique and unintelligible name for each symbol name. • Dotfuscator [49] This uses a... |

1 |
Java obfuscator. Available from URL: http://www.leesw.com/smokescreen/index.html
- Smokescreen
(Show Context)
Citation Context ...rt all names to “A” — overloading is then used to distinguish between different methods and fields. Any unneccesary meta-data (such as debug information and parameter names) is removed. • Smokescreen =-=[48]-=- This uses some control-flow obfuscations. One obfuscation shuffles stack operations so that popping a stack value into a local variable is delayed. The aim of this transformation is to make it more d... |

1 |
Available from URL: http://www.preemptive.com
- Dotfuscator
(Show Context)
Citation Context ...e: • JCloak [26] This works on all classes in a program by looking at the symbolic references in the class file and generating a new unique and unintelligible name for each symbol name. • Dotfuscator =-=[49]-=- This uses a system of renaming classes, fields and methods called “Overload-Induction”. This system induces method overloading as much as possible and it tries to rename methods to a small name (e.g.... |