## Semantic-based code obfuscation by abstract interpretation (2005)

### Cached

### Download Links

- [profs.sci.univr.it]
- [profs.sci.univr.it]
- DBLP

### Other Repositories/Bibliography

Venue: | In Proceedings of the 32nd International Colloquium on Automata, Languages and Programming (ICALP’05 |

Citations: | 8 - 3 self |

### BibTeX

@INPROCEEDINGS{Preda05semantic-basedcode,

author = {Mila Dalla Preda and Roberto Giacobazzi},

title = {Semantic-based code obfuscation by abstract interpretation},

booktitle = {In Proceedings of the 32nd International Colloquium on Automata, Languages and Programming (ICALP’05},

year = {2005},

pages = {1325--1336},

publisher = {Springer}

}

### OpenURL

### Abstract

Abstract. In this paper we introduce a semantic-based approach for code obfuscation. The aim of code obfuscation is to prevent malicious users to disclose properties of the original source program. This goal can be precisely modeled by abstract interpretation, where the hiding of properties corresponds to abstract the semantics. We derive a general theory based on abstract interpretation, where the potency of code obfuscation can be measured by comparing hidden properties in the lattice of abstract interpretations. Semantic-based code obfuscation is applied to show that well known program transformation methods, such as constant propagation, can be seen as code obfuscation.

### Citations

1897 |
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...tatic or dynamic analysis) to grasp sensible properties on program’s structure and semantics. It is well known that static analysis can be completely and fully specified as an abstract interpretation =-=[10]-=-, i.e., as an approximation of the concrete semantics of programs. Similarly, dynamic analysis can be seen as a possibly non decidable approximation of the concrete semantics. In this sense, code obfu... |

636 | Systematic design of program analysis frameworks
- Cousot, Cousot
- 1979
(Show Context)
Citation Context ...x ≤ y}, and for x ∈ C, ↓ x is a shorthand for ↓ {x}, while the upward closure ↑ is dually defined. Abstract domains can be formulated either in terms of Galois connections or upper closures operators =-=[11]-=-. An upper closure operator on a ordered set C, µ : C → C, is a monotone, idempotent, and extensive (∀x ∈ C.x ≤ µ(x)) function. With uco(C) we denote the set of all upper closure operators of C. Each ... |

223 | A taxonomy of obfuscating transformations
- Collberg, Thomborson, et al.
- 1997
(Show Context)
Citation Context ...formatting and scramble identifiers; control transformations, which affect the control flow of the program; and data transformations, which operate obfuscating the data structures used in the program =-=[5]-=-. The major negative result on code obfuscation is given in Barak et al. [1]. They prove that there is no obfuscation method that works for any program and it is able to transform them in such a way t... |

194 | On the (im)possibility of obfuscating programs
- Barak, Goldreich, et al.
- 2001
(Show Context)
Citation Context ...he control flow of the program; and data transformations, which operate obfuscating the data structures used in the program [5]. The major negative result on code obfuscation is given in Barak et al. =-=[1]-=-. They prove that there is no obfuscation method that works for any program and it is able to transform them in such a way that the only properties which can be disclosed are those which can be derive... |

168 | Manufacturing cheap, resilient, and stealthy opaque constructs - Collberg, Thomborson, et al. - 1998 |

100 | Constructive design of a hierarchy of semantics of a transition system by abstract interpretation
- Cousot
- 1997
(Show Context)
Citation Context ...put (denotational) semantics of programs. This is again an unreasonable restriction: Semantics at different levels of abstraction can be related by abstract interpretation in a hierarchy of semantics =-=[9]-=-. Therefore, any program transformation τ which preserves a given semantics in the hierarchy may act as a code obfuscation for those properties that are not preserved by the transformation. The idea i... |

93 |
Making abstract interpretations complete
- Giacobazzi, Ranzato, et al.
(Show Context)
Citation Context ...l Table 1. Abstract syntax approximation of f in α when f♯ : α(C) → α(C) and α◦f◦α ≤ f♯ α def . f = α◦f◦α is the best correct approximation of f in α [11]. The abstraction α is complete when α◦f = fα =-=[10,16]-=-. The point-wise ordering on uco(C) corresponds to the standard ordering used to compare abstract domains with regard to their precision: Let ρi ∈ uco(C) and Ai = ρi(C), then A1 is more precise then A... |

90 |
Méthodes itératives de construction et d’approximation de points fixes d’opérateurs monotones sur un treillis, analyse sémantique des programmes. Université Scientifique et Médicale de Grenoble
- Cousot
- 1978
(Show Context)
Citation Context ...; e:=0; → L2 while B do L2 : B → L3 L2 : ¬B → L5 b:=2*a; d:=d+1; e:=e-a; L3 : b:=2*a; d:=d+1; e:=e-a; → L4 a:=b-a; c:=e+d; L4 : a:=b-a; c:=e+d; → L2 endw L5 : stop →� l Table 4. A simple program from =-=[8]-=- 4.2 Code obfuscation by constant propagation In order to specify the properties obfuscated by constant propagation τC , we derive δτ C. Let us define the property θ as follows: θ(S [P ]) def = {θ(σ)|... |

78 | Breaking abstractions and unstructuring data structures
- Collberg, Thomborson, et al.
(Show Context)
Citation Context ... We introduce a constructive systematic method for deriving the most concrete preserved abstraction of a generic code transformation. Then we generalize Collberg et al. definition of code obfuscation =-=[4, 5]-=- by considering as obfuscators those transformations that mask some abstractions in the lattice of abstract interpretations. This means that, in principle, any program transformation may potentially a... |

57 | Systematic design of program transformation frameworks by abstract interpretation
- Cousot, Cousot
- 2002
(Show Context)
Citation Context ... semantics. In order to apply abstract interpretation as a model for attackers, we need to replace syntactic code obfuscators with corresponding semantic transformations. Recently, Cousot & Cousot in =-=[12]-=- have introduced a semantic-based formalization of program transformation based on abstract interpretation. In this construction the relation between syntactic and semantic transformations is specifie... |

39 | Complementation in abstract interpretation
- Cortesi, Filé, et al.
- 1997
(Show Context)
Citation Context ...he well-known reduced product of all the Ai’s, namely the most abstract among the domains in uco(C) which is more concrete then every Ai. Complementation corresponds to the inverse of reduced product =-=[7]-=-, namely an operator that, given two domains C ⊑ D, gives as result the most abstract domain C ⊖D, whose reduces product with D is exactly C (i.e., (C ⊖D)⊓D = C). Therefore we have that C ⊖D def = ⊔{E... |

35 | An abstract interpretation-based framework for software watermarking - Cousot, Cousot |

18 | Complementation of abstract domains made easy
- Filé, Ranzato
- 1996
(Show Context)
Citation Context ...s C ⊑ D, gives as result the most abstract domain C ⊖D, whose reduces product with D is exactly C (i.e., (C ⊖D)⊓D = C). Therefore we have that C ⊖D def = ⊔{E ∈ uco(C)|D ⊓E = C}. It has been proved in =-=[15]-=- that M(Mirr(C) \ Mirr(D)) = C ⊖ D. Semantics. Given a transition system 〈Σ, ⌢〉, where Σ is a nonempty set of states and ⌢⊆ Σ × Σ is the transition relation over states, we denote by Σ + ω def and Σ =... |

18 |
Some results on the closure operators of partially ordered sets
- MORGADO
- 1960
(Show Context)
Citation Context ...empotent, and extensive (∀x ∈ C.x ≤ µ(x)) function. With uco(C) we denote the set of all upper closure operators of C. Each closure µ ∈ uco(C) is uniquely determined by the set of its fix-points µ(C) =-=[17]-=-. X ⊆ C is a set of fix-points of an upper closure operator on C iff X is a Moore family of C, i.e., X = M(X) def = {∧S|S ⊆ X} - where ∧∅ = ⊤ ∈ M(X). If C is a complete lattice also uco(C) is a comple... |

11 | Future directions in program transformations
- Paige
- 1997
(Show Context)
Citation Context ...ost software obfuscation techniques is that they do not have a well found theoretical base, and thus it is unclear how effective they are. Even if semantic preservation is implied in code obfuscation =-=[18]-=-, the lack of a complete formal setting where these program transformations can be studied defects any possibility of comparing them with respect to their ability to obfuscate program properties. The ... |

10 | Self-protecting mobile agents obfuscation report
- D’Anna, Matt, et al.
- 2003
(Show Context)
Citation Context ...though the “ideal” obfuscator of Barak et al. does not exist, software obfuscation would be still useful when employed for hiding specific code properties and working for specific classes of programs =-=[14]-=-. The classical notion of code obfuscation of Collberg et al. [4–6] defines an obfuscator as a potent transformation that preserves the observable behavior of programs. In this setting a transformatio... |

6 |
tamper-proofing, and obfuscation—tools for software protection
- Watermarking
- 2002
(Show Context)
Citation Context ...t the environment as a tuple (va, vb, vc, vd, ve) of values corresponding to the variables a, b, c, d, e in a certain execution point. Let us run the program in Table 4, and consider the states σ2 = 〈=-=(1, 2, 3, 3, 0)-=-, L3 : b := 2∗a; d := d+1; e := e−a; → L4〉 and σ3 = 〈(1, 2, 3, 4, −1), L4 : a := b−a; c := e+d → L2〉. Their transformed versions are: t C (σ2) = 〈(1, 2, 3, 3, 0), L3 : d := d+1; e := e −a; → L4〉 and t... |

2 | Deobfuscation: Improving reverse engineering of obfuscated code
- Chandrasekharan, Debray
- 2005
(Show Context)
Citation Context ... we need to model attackers, i.e., code de-obfuscation techniques. Static program analysis is the standard method for making reverse-engineering. Recently dynamic attacks have also been considered in =-=[3]-=- for strengthening static ones for de-obfuscation. Both static and dynamic attacks strongly relies upon program semantics: the first corresponds precisely to a decidable semantic abstraction, while th... |