Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

Slides:

Advertisements

Similar presentations

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

Advertisements

General OO Concepts Objectives For Today: Discuss the benefits of OO Programming Inheritance and Aggregation Abstract Classes Encapsulation Introduce Visual.

COP 3502: Computer Science I (Note Set #21) Page 1 © Mark Llewellyn COP 3502: Computer Science I Spring 2004 – Note Set 21 – Balancing Binary Trees School.

JavaScript Obfuscation Facts and Fiction Pedro Fortuna, Co-Founder and CTO AuditMark.

Deducing Similarities in Java Source from Bytecodes (Appeared in the 1998 USENIX Technical Conference.) Brenda S. Baker Bell Laboratories, Lucent Technologies.

Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.

An Open-Source, Object-Oriented General Cartographic Transformation Program (GCTP) Michael S. Williams, Michael P. Finn*, and Robert A. Buehler** United.

Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Preventing Reverse Engineering by Obfuscating Bharath Kumar.

Códigos y Criptografía Francisco Rodríguez Henríquez Software Security Through Code Obfuscation.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.

Comp 249 Programming Methodology Chapter 7 - Inheritance – Part A Dr. Aiman Hanna Department of Computer Science & Software Engineering Concordia University,

Binary Obfuscation Using Signals Igor V. Popov ( University of Arizona)‏ Saumya K. Debray (University of Arizona)‏ Gregory R. Andrews (University of Arizona)

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

Software Obfuscation Anirban Majumdar University of Trento

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Inheritance. Extending Classes It’s possible to create a class by using another as a starting point  i.e. Start with the original class then add methods,

© S. Demeyer, S. Ducasse, O. Nierstrasz Duplication.1 7. Problem Detection Metrics  Software quality  Analyzing trends Duplicated Code  Detection techniques.

Experiments in Software Watermarking Bradford P. Cuppy B.S. University of Evansville Fri, Nov 8, 2002.

Obfuscation techniques in Java Therese Berge Jonas Ringedal.

XML –Query Languages, Extracting from Relational Databases ADVANCED DATABASES Khawaja Mohiuddin Assistant Professor Department of Computer Sciences Bahria.

Software Uniqueness: How and Why? Puneet Mishra Dr. Mark Stamp Department of Computer Science San José State University, San José, California.

2  Problem Definition  Project Purpose – Building Obfuscator  Obfuscation Quality  Obfuscation Using Opaque Predicates  Future Planning.

CSCI-383 Object-Oriented Programming & Design Lecture 15.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Cs205: engineering software university of virginia fall 2006 Semantics and Specifying Procedures David Evans

9/4/2015Abstract classes & Interface1 Object Oriented Design and Programming II Chapter 10 Abstract classes and Interfaces.

Inheritance using Java

“is a”  Define a new class DerivedClass which extends BaseClass class BaseClass { // class contents } class DerivedClass : BaseClass { // class.

Types and Inheritances Compiler Design Lecture (03/04//98) Computer Science Rensselaer Polytechnic.

Object-Oriented Implementation of Reconciliations M.Sc. Seminar Talk by Costa Shapiro under supervision of Prof. Shmuel Katz Computer Science – Technion.

Self-Protecting Mobile Agents Lee Badger Brian Matt Larry Spector Doug Kilpatrick Funded by both OASIS and Active Networks Programs NAI Labs 14 Feb

Self-Protecting Mobile Agents Lee Badger Brian Matt Steven Kiernan Funded by both ITS and Active Networks Programs NAI Labs, Network Associates, Inc. 17.

CS 403 – Programming Languages Class 25 November 28, 2000.

Features of Object Oriented Programming Lec.4. ABSTRACTION AND ENCAPSULATION Computer programs can be very complex, perhaps the most complicated artifact.

Stephenson College DP 96 1 Object-Orientation by Derek Peacock.

More About Classes Ranga Rodrigo. Information hiding. Copying objects.

Copyright 2003 Scott/Jones Publishing Standard Version of Starting Out with C++, 4th Edition Chapter 13 Introduction to Classes.

Toward an Implementation of the “Form Template Method” Refactoring Nicolas Juillerat University of Fribourg Switzerland.

Refactoring Deciding what to make a superclass or interface is difficult. Some of these refactorings are helpful. Some research items include Inheritance.

1 Experience With Software Watermarking Author: Jens Palsberg et al. Presenter: Charles He “Embedding Watermarking in dynamic data structures … can be.

Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU.

1 Java applications reverse engineering Antoni Bertel AUGUST 4, 2015.

SORTING Chapter 8 CS Chapter Objectives  To learn how to use the standard sorting methods in the Java API  To learn how to implement the following.

Inheritance Revisited Other Issues. Multiple Inheritance Also called combination--not permitted in Java, but is used in C++ Also called combination--not.

HNDIT23082 Lecture 06:Software Maintenance. Reasons for changes Errors in the existing system Changes in requirements Technological advances Legislation.

Formal Refinement of Obfuscated Codes Hamidreza Ebtehaj 1.

Reverse Engineering CS3300 Fall What is it? Extracting design information from existing software Two types: Source Code based (easier) or Binary.

SOLID Design Principles

Code Obfuscation Tool for Software Protection. Outline  Why Code Obfuscation  Features of a code obfuscator Potency Resilience Cost  Classification.

Secure Execution of Computations in Untrusted Hosts S. H. K. Narayanan 1, M.T. Kandemir 1, R.R. Brooks 2 and I. Kolcu 3 1 Embedded Mobile Computing Center.

Experience with Software Watermarking Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, Yi Zhang CERIAS and Department of Computer.

Chapter 12: Support for Object- Oriented Programming Lecture # 18.

Inheritance New class derived from existing class Software engineering technique Software reuse : faster, easier, cheaper Parent class (supper class):

Gspan: Graph-based Substructure Pattern Mining

CSCI 383 Object-Oriented Programming & Design Lecture 15 Martin van Bommel.

Java Obfuscating Techniques Michael Batchelder 3 / 3 / 2006.

Module Road Map Refactoring Why Refactoring? Examples

Cash Me Presented By Group 8 Kartik Patel, Aaron Zhong, Wen-Kai Chen,

Lecture 12 Inheritance.

Sections Basic Concepts of Programming

Attacking an obfuscated cipher by injecting faults

Un</br>able’s MySecretSecrets

Comp 249 Programming Methodology

Security by Obscurity: Code Obfuscation

Week 3 Object-based Programming: Classes and Objects

Java Programming Course

Obfuscation in .NET Atchyutuni Shilpa CS-795.

Obfuscation Aparna Belhe CS-795.

Presentation transcript:

Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that are isomorphic to the original source code. Such codes are easy to decompile, and hence they increase the risk of malicious reverse engineering attacks… Code obfuscation is a potent defence against reverse engineering. ” Reviewer: Hongying lai

Outline of the Paper  What is obfuscation ?  Transformation quality  Technique of obfuscation  Conclusion Obfuscation is a process that renders software unintelligible but still functional. - lexical transformation : modify the lexical structure of the program. - data transformation : modify inheritance relations,... - control transformation: alter control structures using opaque predicates. In this presentation I will focus on data transformations. - potency, resilience, stealth and cost.

How to Obfuscate Data  Class – modify inheritance.  Procedural abstraction(Java methods) - convert a section of code into a different virtual machine; - inline some methods, and outline other methods; - clone methods.  Variable – split built-in data types.  Arrays – restructure - split an array into several sub-arrays; - merge two or more arrays into one array; - fold an array( increasing the number of dimensions); - flatten and array(decreasing the number of dimensions). In this presentation I shall concentrate on modifying inheritance.

modify inheritance  Review of stage-1 CS: what is a Java class - an encapsulation data( V ) and control( M ). - an aggregation( C2 instance of type C1). - an inheritance ( class C2 extends class C1 ). V2 M2 V1 M1 Root C1 C2 V2 M2

modify inheritance (factoring classes)  the complexity of a class grows with - its depth in the inheritance hierarchy. - the number of its direct descendants. VMVM Root C V1 M1 Root C1 C2 V2 M2 Root V1 M1 V2 M2 C1C2 Further from the root More children

modify inheritance (false refactoring classes) Root V1 M1 V2 M2 C1C2 Root V1 M1 V2 M2 C1C2 V3 M3 C3 Insert a new bogus class

public class Cexample{ String message; public Cexample(String message){ this.message = message ; printMessage(); } public void printMessage(){ System.out.println(message); } example public abstract class C1example{ String message; public C1example(String message){ this.message = message ; printMessage(); } public abstract String getMessage(String message); public void printMessage(){ message = getMessage(message); System.out.println(message); } } public class C2example extends C1example{ String message; public C2example(String message){ this.message = message;} public String getMessage(String message){ return message;} } VMVM Root C V1 M1 Root C1 C2 V2 M2 Further from the root

Conclusion Code obfuscation does not provide an application with absolute protection against a malicious reverse engineering attack. Obfuscation is a cheap way of making reverse engineering so technically difficult that it becomes economically infeasible. Finding new obfuscation techniques is a sophisticated and challenging problem.

Questions Do you think that the more complicated the obfuscating transformation is, the better ?