Presentation is loading. Please wait.

Presentation is loading. Please wait.

Program Obfuscation: A Quantitative Approach Presented by: Mariusz Jakubowski Microsoft Research Third Workshop on Quality of Protection October 29 th,

Published byAlexandra Butler Modified over 9 years ago

Similar presentations

Presentation on theme: "Program Obfuscation: A Quantitative Approach Presented by: Mariusz Jakubowski Microsoft Research Third Workshop on Quality of Protection October 29 th,"— Presentation transcript:

1 Program Obfuscation: A Quantitative Approach Presented by: Mariusz Jakubowski Microsoft Research Third Workshop on Quality of Protection October 29 th, 2007 Bertrand Anckaert, Matias Madou, Bjorn De Sutter, Bruno De Bus, Koen De Bosschere, and Bart Preneel Ghent University and K.U.Leuven, Belgium

2 Obfuscation has many applications 2

3 There is a large gap between theoretical results 3 - On the (Im)possibility of Obfuscating Programs – Barak et al. (2001) - On the Impossibility of Obfuscation with Auxiliary Input – Goldwasser et al. (2005) - Positive Results and Techniques for Obfuscation – Lynn et al. (2004) - Towards Realizing Random Oracles: Hash Functions that Hide All Partial Information Canetti et al. (1997) + - Large gap Intuitively, obfuscation does help

4 We need a practical system for evaluating obfuscating transformations It should be easy to evaluate existing and future transformations => Automated The evaluation should convey difficulty of reverse-engineering => Build upon experience from complexity metrics 4

5 oIntro oMetrics oInstruction Count oCyclomatic Number oKnot Count o(De)Obfuscating transformations Outline 5

6 Four axes based on typical reverse- engineering scenario 6 Disassemble Flow graph construction Analyse Data Flow Interpret Data Code Control flow Data flow Data

7 + No uncertainty about executed code + Always availabe - Only about covered part of the code Evaluated Complexity Metrics 7 Code Control flow Data flow Data Instruction Count Cyclomatic Number Knot Count Metrics are collected by a run-time instrumentation framework

8 Cyclomatic number and knot count Cyclomatic number: – #edges – #nodes + 2 – Intuitively: the number of decision points Knot count: – #crossings – Intuitively: the unstructuredness 8

9 oIntro oMetrics o (De)Obfuscating transformations oJump redirection [Linn et al. 2003] oControl flow flattening [Chenxi Wang et al. 2001] oOpaque predicates [Collberg et al. 1998] Outline 9

10 Jump redirection Redirect branches to function 10 1 Jmp 2 2 1 call branch Branch Function 2 garbage assumed return site

11 Impact of Jump Redirection 11

12 Jump redirection - deobfuscation Identify Branch Function – signature based – run-time behavior Record (call,return) pairs under debugger Overwrite calls 12 1 call branch Branch Function 2 garbage assumed return site (1,2) (4,7) (9,5) … jmp 2

13 Success of De-obfuscation 13

14 Control flow flattening All original basic blocks have the same predecessor and successor 14 1 4 32 1 43 2 switch

15 Control flow flattening significantly increases the complexity metrics 15

16 Success of De-obfuscation 16

17 Opaque predicates 17 1 Jmp 2 2 1 Jmp if (2==2) 2fake Add fake decision statements

18 Impact of Opaque Predication 18

19 Conclusion A first step towards a unified quantitative evaluation of – obfuscating transformations – deobfuscating transformations Which leverages experience from the established field of complexity metrics 19

20 Program Obfuscation: A Quantitative Approach Presented by: Mariusz Jakubowski Microsoft Research Third Workshop on Quality of Protection October 29 th, 2007 Bertrand Anckaert, Matias Madou, Bjorn De Sutter, Bruno De Bus, Koen De Bosschere, and Bart Preneel Ghent University and K.U.Leuven, Belgium

Download ppt "Program Obfuscation: A Quantitative Approach Presented by: Mariusz Jakubowski Microsoft Research Third Workshop on Quality of Protection October 29 th,"

Similar presentations

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
Saumya Debray The University of Arizona Tucson, AZ 85721.

Saumya Debray The University of Arizona Tucson, AZ
Evaluation of Abstraction Techniques. Uses for the complexity metrics in our framework Comparing the complexity of the reference model with the abstracted.

Evaluation of Abstraction Techniques. Uses for the complexity metrics in our framework Comparing the complexity of the reference model with the abstracted.
Wish Branches Combining Conditional Branching and Predication for Adaptive Predicated Execution The University of Texas at Austin *Oregon Microarchitecture.

Wish Branches Combining Conditional Branching and Predication for Adaptive Predicated Execution The University of Texas at Austin *Oregon Microarchitecture.
Control Flow Analysis. Construct representations for the structure of flow-of-control of programs Control flow graphs represent the structure of flow-of-control.

Control Flow Analysis. Construct representations for the structure of flow-of-control of programs Control flow graphs represent the structure of flow-of-control.
1 Ivan Marsic Rutgers University LECTURE 15: Software Complexity Metrics.

1 Ivan Marsic Rutgers University LECTURE 15: Software Complexity Metrics.
Iterated Transformations and Quantitative Metrics for Software Protection International Conference on Security and Cryptography SECRYPT 2009 July 7-10,

Iterated Transformations and Quantitative Metrics for Software Protection International Conference on Security and Cryptography SECRYPT 2009 July 7-10,
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security.

Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security.
Whole-Program Linear-Constant Analysis with Applications to Link-Time Optimization Ludo Van Put – Dominique Chanet – Koen De Bosschere Ghent University.

Whole-Program Linear-Constant Analysis with Applications to Link-Time Optimization Ludo Van Put – Dominique Chanet – Koen De Bosschere Ghent University.
Predicate Complete Testing * Thomas Ball * Thomas Ball, A Theory of Predicate-Complete Test Coverage and Generation, Technical Report MSR-TR-2004- 28,

Predicate Complete Testing * Thomas Ball * Thomas Ball, A Theory of Predicate-Complete Test Coverage and Generation, Technical Report MSR-TR ,
Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.

Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.
Topics to be discussed Problem Definition Project Purpose – Building Obfuscator Obfuscation Using Opaque Predicates Implementation details Obfuscation.

Topics to be discussed Problem Definition Project Purpose – Building Obfuscator Obfuscation Using Opaque Predicates Implementation details Obfuscation.
Preventing Reverse Engineering by Obfuscating Bharath Kumar.

Preventing Reverse Engineering by Obfuscating Bharath Kumar.
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
CMSC 345, Version 11/07 SD Vick from S. Mitchell Software Testing.

CMSC 345, Version 11/07 SD Vick from S. Mitchell Software Testing.
Binary Obfuscation Using Signals Igor V. Popov ( University of Arizona)‏ Saumya K. Debray (University of Arizona)‏ Gregory R. Andrews (University of Arizona)

Binary Obfuscation Using Signals Igor V. Popov ( University of Arizona)‏ Saumya K. Debray (University of Arizona)‏ Gregory R. Andrews (University of Arizona)
Binary Program Rewriting with Diablo – Bjorn De Sutter – 2006-6-11 Engineering Sciences Faculty – Electronics and Information Systems Department p. 1 Binary.

Binary Program Rewriting with Diablo – Bjorn De Sutter – Engineering Sciences Faculty – Electronics and Information Systems Department p. 1 Binary.
Software engineering for real-time systems

Software engineering for real-time systems
Steganography for Executables and Code Transformation Signatures Bertrand Anckaert, Bjorn De Sutter, Dominique Chanet and Koen De Bosschere.

Steganography for Executables and Code Transformation Signatures Bertrand Anckaert, Bjorn De Sutter, Dominique Chanet and Koen De Bosschere.

Similar presentations

Ads by Google