Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Slides:



Advertisements
Similar presentations
Introduction to Java 2 Programming Lecture 3 Writing Java Applications, Java Development Tools.
Advertisements

Picture It Very Basic Game Picture Pepper. Original Game import java.util.Scanner; public class Game { public static void main() { Scanner scan=new Scanner(System.in);
Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.
Chapter 7 User-Defined Methods. Chapter Objectives  Understand how methods are used in Java programming  Learn about standard (predefined) methods and.
Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,
Mutation Testing Presented by Sharath Kumar Garlapati Vinesh Thummala.
Preventing Reverse Engineering by Obfuscating Bharath Kumar.
Códigos y Criptografía Francisco Rodríguez Henríquez Software Security Through Code Obfuscation.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler
Aalborg Media Lab 23-Jun-15 Inheritance Lecture 10 Chapter 8.
Obfuscation techniques in Java Therese Berge Jonas Ringedal.
Data Abstraction and Object- Oriented Programming CS351 – Programming Paradigms.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.
Reverse Engineering State Machines by Interactive Grammar Inference Neil Walkinshaw, Kirill Bogdanov, Mike Holcombe, Sarah Salahuddin.
Application Security Tom Chothia Computer Security, Lecture 14.
UNIVERSITI TENAGA NASIONAL “Generates Professionals” CHAPTER 4 : Part 2 INTRODUCTION TO SOFTWARE DEVELOPMENT: PROGRAMMING & LANGUAGES.
Self-Protecting Mobile Agents Lee Badger Brian Matt Steven Kiernan Funded by both ITS and Active Networks Programs NAI Labs, Network Associates, Inc. 17.
1 “Operating System Protection Through Program Evolution” Dr. Frederick B. Cohen “…one of the major reasons attacks succeed is because of the static nature.
KEVIN COOGAN, GEN LU, SAUMYA DEBRAY DEPARTMENT OF COMUPUTER SCIENCE UNIVERSITY OF ARIZONA 報告者:張逸文 Deobfuscation of Virtualization- Obfuscated Software.
An Introduction to Java Chapter 11 Object-Oriented Application Development: Part I.
Hello.java Program Output 1 public class Hello { 2 public static void main( String [] args ) 3 { 4 System.out.println( “Hello!" ); 5 } // end method main.
(c) University of Washington01-1 CSC 143 Java Programming as Modeling Reading: Ch. 1-6.
1 Experience With Software Watermarking Author: Jens Palsberg et al. Presenter: Charles He “Embedding Watermarking in dynamic data structures … can be.
Programming for Beginners Martin Nelson Elizabeth FitzGerald Lecture 6: Object-Oriented Programming.
Vikas Gonti. Dictionary Meaning: To confuse, to make obscure a problem with extraneous information or to darken. - In Terms of Technology:
Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU.
Chapter 10 Defining Classes. The Internal Structure of Classes and Objects Object – collection of data and operations, in which the data can be accessed.
BEGINNING PROGRAMMING.  Literally – giving instructions to a computer so that it does what you want  Practically – using a programming language (such.
Object Oriented Programming
CSC 1051 M.A. Papalaskari, Villanova University Algorithms Dr. Mary-Angela Papalaskari Department of Computing Sciences Villanova University Course website:
CiS 260: App Dev I. 2 Introduction to Methods n A method (or ________) is a segment of code that performs a specific task. n Advantages of modular program.
User Defined Methods Methods are used to divide complicated programs into manageable pieces. There are predefined methods (methods that are already provided.
Session 6 Comments on Lab 3 & Implications of Inheritance.
Operating System Protection Through Program Evolution Fred Cohen Computers and Security 1992.
SEG 4110 – Advanced Software Design and Reengineering Topic T Introduction to Refactoring.
Chapter 5 System Modeling. What is System modeling? System modeling is the process of developing abstract models of a system, with each model presenting.
By Mr. Muhammad Pervez Akhtar
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University 1 Extracting Sequence.
Formal Refinement of Obfuscated Codes Hamidreza Ebtehaj 1.
Code Obfuscation Tool for Software Protection. Outline  Why Code Obfuscation  Features of a code obfuscator Potency Resilience Cost  Classification.
Matthew Small Introduction to Object-Oriented Programming.
Object Oriented Programming and Data Abstraction Earl Huff Rowan University.
Programming for Interactivity Professor Bill Tomlinson Tuesday & Wednesday 6:00-7:50pm Fall 2005.
9.1 CLASS (STATIC) VARIABLES AND METHODS Defining classes is only one aspect of object-oriented programming. The real power of object-oriented programming.
STATIC CODE ANALYSIS. OUTLINE  INTRODUCTION  BACKGROUND o REGULAR EXPRESSIONS o SYNTAX TREES o CONTROL FLOW GRAPHS  TOOLS AND THEIR WORKING  ERROR.
Compilers and Security
 The Object Oriented concepts was evolved for solving complex problems. Object- oriented software development started in the 1980s. Object-oriented design.
Chapter 0: Introduction
Paul Ammann & Jeff Offutt
Code Optimization.
Application of Obfuscation Techniques on Android Applications
Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,
Types for Programs and Proofs
Un</br>able’s MySecretSecrets
March 29th Odds & Ends CS 239.
Paul Ammann & Jeff Offutt
Security by Obscurity: Code Obfuscation
slides created by Ethan Apter
Object Oriented Programming (OOP) LAB # 5
slides created by Ethan Apter
Obfuscation in .NET Atchyutuni Shilpa CS-795.
Building Java Programs
By Rajanikanth B OOP Concepts By Rajanikanth B
[Robert W. Sebesta, “Programming the World Wide Web
Obfuscation Aparna Belhe CS-795.
Outline Software Development Activities
Computer Programming-1 CSC 111
Presentation transcript:

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1

 Introduction  Transformations  Conclusion ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs2

 Programmers  Protected  Secured  Reverse engineers  Decompile the code  Opposite goals ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs3

 Describe ways to transform the object- oriented programs  Hard to understanding (confuse human reader)  Difficult to reverse engineer (confuse machine)  Obfuscation examples ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs4 if (true){ if (!true){ execute;} exit;} else{exit;} else{execute;} int A=3; int a1=1; int a2=2;

 Source codes are easily stolen and modified  Nolan’s Decompiling Java  Reuse, misuse, attack  Protect source code and prevent automated reverse engineering  Watermarking, obfuscation, tamper-resistance  Obfuscation is the most effective method ▪ protect software against malicious reverse engineering ▪ make the code more complex and confusing ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs5

 Obfuscating tools  Allatori  Dash-O-Pro  Proguard  RetroGuard  yGuard (Free)  Zelix Klassmanster  No guarantee  Perfect obfuscator ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs6

Strength can be measured by:  Potency  E(P’)/E(P)-1  Confuse human reader  Resilience  Trivial, weak, strong, full, one-way  Confuse automated reverse engineering  Cost  Free, cheap, costly, expensive  Creation, execute time ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs7

 Introduction  Transformations  Conclusion ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs8

 Relocate the frame of program  Class combination  Simple combination  Complex combination  Class promotion  Class splitting ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs9

 Affect addressing the methods and the control flow of programs  Method Interleaving  Method Splitting  Loop transformation  Add irrelevant code ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs10

 Operate on the data structures  Change Encoding  Variable promotion  Variable to object  Local variable to global variable  Variable splitting ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs11

 Typically trivial to perform and reduce the amount of information  Layout obfuscation:  Affect the comprehensibility of the program  removing debugging information and comments  renaming identifiers  Name overloading  Same identifier  Different identifier ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs12

 Introduction  Transformations  Conclusion ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs13

 Applying one level’s transformations  may be not very efficiency  E.g. name level transformations, potency but not resilience.  Combine different levels’ transformations  may perform much better  Name level should be applied ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs14

 Viewing current month’s calendar ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs15 public class MonthView{ …;}

 Promote the variable to object and class splitting ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs16 public class MonthView{ …;} public class ShowMonth { …;} public class MonthNameAndDays

 Method splitting and classing splitting techniques ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs17 public class Print { public static void prt(String s) { System.out.println(s); } public static void prt1(String s){ System.out.print(s); } public static void prt(int i){ System.out.print(i); } public static void prt() { System.out.println(); } }

 Layout obfuscation technique ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs18 public class MV{…;} public class P {…;} public class MND { String[ ] m; int d [ ]; …;} public class S {…;}

 Variable splitting and variable promotion ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs19 public int ls=0; public int ls1=1;

 Adding variables and fingerprint code ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs20 public double ls; public int ls1; private double x private double y private static void check_std(int k) { …;}

 Name level obfuscation transformation  Same identifier  Remove the layer ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs21

 Four level transformations  Class level  Method level  Variable level  Name level  Most of them seem to produce acceptable substitutes for original source code  Original and obfuscated codes produce identical behavior ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs22

 New obfuscating transformations  Quality of obfuscation  Study of measuring potency, resilience and cost  Does the order matter:  effects of composing obfuscations together  interaction and ordering between different transformations ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs23

ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs24