Surreptitious Software



Similar documents
Winning the Hardware-Software Game

Software Protection through Code Obfuscation

The Data Access Handbook

Lecture 12: Software protection techniques. Software piracy protection Protection against reverse engineering of software

RFID Field Guide. Deploying Radio Frequency Identification Systems. Manish Bhuptani Shahram Moradpour. Sun Microsystems Press A Prentice Hall Title

Delivery. Enterprise Software. Bringing Agility and Efficiency. Global Software Supply Chain. AAddison-Wesley. Alan W. Brown.

Code Obfuscation Literature Survey

Introduction to Program Obfuscation

Applications of obfuscation to software and hardware systems

Web Development with TIBCO General Interface

Computer Organization

Software Security. Building Security In. Gary McGraw. A Addison-Wesley

Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture *

BIRT: A Field Guide to Reporting

CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish

Network Security Essentials:

k-gram Based Software Birthmarks

Code Obfuscation. Mayur Kamat Nishant Kumar

Building. Applications. in the Cloud. Concepts, Patterns, and Projects. AAddison-Wesley. Christopher M. Mo^ar. Cape Town Sydney.

Practical Intrusion Analysis

Developer's Cookbook. Building Applications with. The Android. the Android SDK. A Addison-Wesley. James Steele Nelson To

CRYPTOGRAPHY AND NETWORK SECURITY

Obfuscation: know your enemy

Enterprise. ESXi in the. VMware ESX and. Planning Deployment of. Virtualization Servers. Edward L. Haletky

MIKE COHN. Software Development Using Scrum. VAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco

SOURCE CODE OBFUSCATION BY MEAN OF EVOLUTIONARY ALGORITHMS

AGILE GAME DEVELOPMENT WITH SCRUM

BUSINESS AND PROFESSIONAL COMMUNICATION

Managing the Unmanageable

Delivery. Continuous. Jez Humble and David Farley. AAddison-Wesley. Upper Saddle River, NJ Boston Indianapolis San Francisco

Learning HTML5 Game Programming

What is Software Watermarking? Software Watermarking Through Register Allocation: Implementation, Analysis, and Attacks

Domains and Competencies

Software Code Protection Through Software Obfuscation

JAVA r VOLUME II-ADVANCED FEATURES. e^i v it;

Social Media Marketing

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

Static Analysis of Virtualization- Obfuscated Binaries

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

CONTEMPORARY DIRECT & INTERACTIVE MARKETING

Security Metrics. A Beginner's Guide. Caroline Wong. Mc Graw Hill. Singapore Sydney Toronto. Lisbon London Madrid Mexico City Milan New Delhi San Juan

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

THE PSYCHOLOGY OF INVESTING

The Crossroads of Accounting & IT

Public Relations in Schools

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

MULTIFACTOR AUTHENTICATION FOR SOFTWARE PROTECTION

Concurrent Programming

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Operating Systems Principles

Audio and Video for the Internet

Software Configuration Management Patterns

Rapid System Prototyping with FPGAs

How To Write A Web Framework In Java

JAVA 2 Network Security

Single Sign-On Secure Authentication Password Mechanism

About the Authors Preface Acknowledgements List of Acronyms

Side Channel Analysis and Embedded Systems Impact and Countermeasures

Enterprise Java. Where, How, When (and When Not) to Apply Java in Client/Server Business Environments. Jeffrey Savit Sean Wilcox Bhuvana Jayaraman

Enterprise Integration Patterns

QUANTITATIVE METHODS. for Decision Makers. Mik Wisniewski. Fifth Edition. FT Prentice Hall

Contents. Introduction and System Engineering 1. Introduction 2. Software Process and Methodology 16. System Engineering 53

Virtualization and Forensics

An Introduction to Object-Oriented Programming with

The D Programming Language

Agile Methods. Introduction to. AAddison-Wesley. Sondra Ashmore, Ph.D. Kristin Runyan. Capetown Sydney Tokyo Singapore Mexico City

Database. Administration. The Complete. and Procedures. Guide to DBA Practices. AAddison-Wesley. Second Edition. Mullins

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Network Security Using Job Oriented Architecture (SUJOA)

The Designer's Guide to VHDL

Security for Computer Networks

Man at the end (MATE) attacks are an understudied

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu

Maximum vsphere. Tips, How-Tos,and Best Practices for. Working with VMware vsphere 4. Eric Siebert. Simon Seagrave. Tokyo.

BUSINESS INTELLIGENCE

Designing Interactive Systems

e-code Academy Information Security Diploma Training Discerption

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Performance Management

Software Reverse Engineering

ENTERPRISE SYSTEMS FOR MANAGEMENT

Advanced compiler construction. General course information. Teacher & assistant. Course goals. Evaluation. Grading scheme. Michel Schinz

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Transcription:

Surreptitious Software Obfuscation, Watermarking, and Tamperproofing for Software Protection Christian Collberg Jasvir Nagra rw T Addison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal London Munich Paris Madrid Capetown Sydney Tokyo Singapore Mexico City

Contents Preface xv About the Authors Acknowledgments xxv xxvii 1 What Is Surreptitious Software? 1 1.1 Setting the Scene 1 1.2 Attack and Defense 6 1.3 Program Analysis 7 1.3.1 A Simple Reverse Engineering Example 9 1.4 Code Obfuscation 13 1.4.1 Applications of Code Obfuscation 16 1.4.2 Obfuscating Transformations 20 1.4.3 Black Hat Code Obfuscation 26 1.5 Tamperprooflng 32 1.5.1 Applications of Tamperprooflng 33 1.5.2 An Example 35 1.6 Software Watermarking 36 1.6.1 An Example 38 1.6.2 Attacks on Watermarking Systems 41 1.7 Software Similarity 43 1.7.1 Plagiarism 43 1.7.2 Software Forensics 44 1.7.3 Birthmarking 45 1.7.4 A Birthmarking Example 47 1.8 Hardware-Based Protection Techniques 49 1.8.1 Distribution with Physical Token 49 1.8.2 Tying the Program to the CPU 50 1.8.3 Ensuring Safe Execution Environment 51 1.8.4 Encrypted Execution 52 1.8.5 Physical Barriers 54 VII

viii Contents 1.9 Discussion 55 1.9.1 Reasons to Use Software Protection... 55 1.9.2... and Reasons Not To 56 1.9.3 So Which Algorithms Should I Use? 57 1.10 Notation 58 2 Methods of Attack and Defense 59 2.1 Attack Strategies 60 2.1.1 A Prototypical Cracking Target 61 2.1.2 What's the Adversary's Motivation? 63 2.1.3 What Does the Adversary Get to Crack? 65 2.1.4 What's the Adversary's Attack Methodology? 68 2.1.5 What Tools Does the Adversary Use? 72 2.1.6 What Techniques Does the Adversary Use? 72 2.1.7 Discussion 83 2.2 Defense Strategies 86 2.2.1 Notation 87 2.2.2 The cover Primitive 90 2.2.3 The duplicate Primitive 93 2.2.4 Thesp/zVand merge Primitives 96 2.2.5 The reorder Primitive 100 2.2.6 The map Primitive 101 2.2.7 The indirect Primitive 104 2.2.8 The mimic Primitive 106 2.2.9 The advertise Primitive 108 2.2.10 The defect-respond Primitive 110 2.2.11 The dynamic Primitive 112 2.2.12 Discussion 113 2.3 Discussion 114 2.3.1 What Do We Need from Attack and Defense Models? 114 2.3.2 How Do We Use the Models to Devise Algorithms? 115 3 Program Analysis 117 3.1 Static Analysis 118 3.1.1 Control Flow Analysis 119 3.1.2 Data Flow Analysis 127 3.1.3 Data Dependence Analysis 132 3.1.4 Alias Analysis 134 3.1.5 Slicing 141 3.1.6 Abstract Interpretation 143 3.2 Dynamic Analysis 145 3.2.1 Debugging 146 3.2.2 Profiling 161

Contents ix 3.2.3 Tracing 163 3.2.4 Emulation 168 3.3 Reconstituting Source 170 3.3.1 Disassembly 172 3.3.2 Decompilation 180 3.4 Pragmatic Analysis 190 3.4.1 Style Metrics 191 3.4.2 Software Complexity Metrics 193 3.4.3 Software Visualization 195 3.5 Discussion 198 4 Code Obfuscation 201 4.1 Semantics-Preserving Obfuscating Transformations 202 4.1.1 Algorithm OBFCF: Diversifying Transformations 203 4.1.2 Algorithm OBFTP: Identifier Renaming 209 4.1.3 Obfuscation Executives 212 4.2 Definitions 217 4.2.1 Potent Obfuscating Transformations 219 4.2.2 Efficient Obfuscating Transformations 222 4.2.3 Stealth 222 4.2.4 Other Definitions 224 4.3 Complicating Control Flow 225 4.3.1 Opaque Expressions 225 4.3.2 Algorithm OBFWHKD: Control-Flow Flattening 226 4.3.3 Introducing Aliasing 229 4.3.4 Algorithm OBFCTJt, ogus : Inserting Bogus Control Flow 235 4.3.5 Algorithm OBFLDK: Jumps Through Branch Functions 239 4.3.6 Attacks 242 4.4 Opaque Predicates 246 4.4.1 Algorithm OBFCT} pointer : Opaque Predicates from Pointer Aliasing 247 4.4.2 OBFWHKD opaque : Opaque Values from Array Aliasing 250 4.4.3 Algorithm OBFCT]'thread: Opaque Predicates from Concurrency 251 4.4.4 Breaking Opaque Predicates 253 4.5 Data Encodings 258 4.5.1 Encoding Integers 261 4.5.2 Encoding Booleans 266 4.5.3 Encoding Literal Data 269 4.5.4 Encoding Arrays 272 4.6 Breaking Abstractions 277 4.6.1 Algorithm OBFWC S j g : Merging Function Signatures 277 4.6.2 Algorithm OBFCT]^: Splitting and Merging Classes 279

4.6.3 Algorithm OBFDMRVSL: Destroying High-Level Structures 281 4.6.4 Algorithm OBFAJV: Modifying Instruction Encodings 293 4.7 Discussion 298 5 Obfuscation Theory 301 5.1 Definitions 304 5.2 Provably Secure Obfuscation: Possible or Impossible? 307 5.2.1 Turing's Halting Problem 308 5.2.2 Algorithm REÄA: De-obfuscating Programs 311 5.3 Provably Secure Obfuscation: It's Possible (Sometimes)! 313 5.3.1 Algorithm OBFLBS: Obfuscating with Point Functions 314 5.3.2 Algorithm OBFNS: Obfuscating Databases 322 5.3.3 Algorithm OBFPP: Homomorphic Encryption 324 5.3.4 Algorithm OBFCEJO: Whitebox DES 329 5.4 Provably Secure Obfuscation: It's Impossible (Sometimes)! 335 5.4.1 A General Obfuscator 336 5.4.2 Obfuscating Learnable Functions 340 5.4.3 Proving that Obfuscation Is Impossible 341 5.4.4 Discussion 343 55 Provably Secure Obfuscation: Can It Be Saved? 344 5.5.1 Overcoming Impossibility 346 5.5.2 Definitions Revisited: Make Obfuscation Interactive 346 5.5.3 Definition Revisited: Make Obfuscation Non-Semantics Preserving 349 5.6 Discussion 354 6 Dynamic Obfuscation 357 6.1 Definitions 360 6.2 Moving Code Around 362 6.2.1 Algorithm OBFKMNM: Replacing Instructions 362 6.2.2 OBFAG swap - Self-Modifying State Machine 366 6.2.3 OBFMAMDSB: Dynamic Code Merging 376 6.3 Encryption 383 6.3.1 OBFCKSP: Code as Key Material 3 85 6.3.2 OBFAGayp t : Combining Self-Modification and Encryption 6.4 Discussion 398 7 Software Tamperproofing 401 7.1 Definitions 405 7.1.1 Checking for Tampering 406

7.1.2 Responding to Tampering 410 7.1.3 System Design 410 7.2 Introspection 412 7.2.1 Algorithm TPCA: Checker Network 414 7.2.2 Generating Hash Functions 418 7.2.3 Algorithm TPHMST: Hiding Hash Values 423 7.2.4 The Skype Obfuscated Protocol 431 7.2.5 Algorithm REWOS: Attacking Self-Hashing Algorithms 435 7.2.6 Discussion 439 7.3 Algorithm TPTCJ: Response Mechanisms 440 7.4 State Inspection 444 7.4.1 Algorithm TPCVCPSJ: Oblivious Hash Functions 447 7.4.2 Algorithm TPjJV: Overlapping Instructions 450 7.5 Remote Tamperproofing 453 7.5.1 Distributed Check and Respond 454 7.5.2 Solution Strategies 454 7.5.3 Algorithm TPZG: Slicing Functions 455 7.5.4 Algorithm TPSLSPDK: Measuring Remote Hardware 459 7.5.5 TPCNS: Continuous Replacement 462 7.6 Discussion 464 8 Software Watermarking 467 8.1 History and Applications 468 8.1.1 Applications 468 8.1.2 Embedding a Mark in Audio 472 8.1.3 Embedding a Mark in an Image 474 8.1.4 Embedding a Mark in Natural-Language Text 475 8.2 Watermarking Software 478 8.3 Definitions 480 8.3.1 Watermark Credibility 482 8.3.2 Attacks 484 8.3.3 Watermarking vs. Fingerprinting 485 8.4 Watermarking by Permutation 486 8.4.1 Algorithm WMDM: Reordering Basic Blocks 488 8.4.2 Renumbering 490 8.4.3 Algorithm WMQP: Improving Credibility 491 8.5 Tamperproofing Watermarks 494 8.5.1 Algorithm WMMC: Embedding Media Watermarks 495 8.6 Improving Resilience 498 8.6.1 Algorithm WMSHKQ: Statistical Watermarking 498 8.7 Improving Stealth 505

xii Contents 8.7.1 Algorithm WMMIMIT: Mapping Instructions 505 8.7.2 Algorithm WMWS: Watermarks in CFGs 506 8.7.3 Algorithm WMCC: Abstract Interpretation 516 8.8 Steganographic Embeddings 522 8.8.1 Algorithm WMASB: The Compiler as Embedder 523 8.9 Splitting Watermark Integers 526 8.9.1 Splitting a Large Mark into Small Pieces 527 8.9.2 Redundant Watermark Pieces 528 8.9.3 Sparse Codes for Increased Credibility 531 8.10 Graph Codecs 533 8.10.1 Oriented Parent-Pointer Tree 534 8.10.2 Radix Graphs 534 8.10.3 Permutation Graphs 535 8.10.4 Planted Plane Cubic Trees 536 8.10.5 Reducible Permutation Graphs 536 8.11 Discussion 537 8.11.1 Embedding Techniques 539 8.11.2 Attack Models 539 9 Dynamic Watermarking 541 9.1 Algorithm WMCT: Exploiting Aliasing 546 9.1.1 A Simple Example 547 9.1.2 Recognition Problems 549 9.1.3 Increasing Bitrate 551 9.1.4 Increasing Resilience to Attack 557 9.1.5 Increasing Stealth 561 9.1.6 Discussion 564 9.2 Algorithm WMNT: Exploiting Parallelism 565 9.2.1 Embedding Watermarking Widgets 569 9.2.2 Embedding Example 574 9.2.3 Recognition 577 9.2.4 Avoiding Pattern-Matching Attacks 579 9.2.5 Tamperproofing Widgets 580 9.2.6 Discussion 581 9.3 Algorithm WUCCDKHLS pat h s : Expanding Execution Paths 583 9.3.1 Encoding and Embedding 584 9.3.2 Recognition 590 9.3.3 Discussion 591 9.4 Algorithm WMCCDKHLSb/: Tamperproofing Execution Paths 592 9.4.1 Embedding 593 9.4.2 Recognition 595

9.4.3 Tamperproonng the Branches 596 9.4.4 Discussion 597 9.5 Discussion 598 10 Software Similarity Analysis 601 10.1 Applications 602 10.1.1 Clone Detection 603 10.1.2 Software Forensics 605 10.1.3 Plagiarism Detection 608 10.1.4 Birthmark Detection 610 10.2 Definitions 611 10.2.1 Similarity Measures 612 10.3 /k-gram-based Analysis 616 10.3.1 SSSWAWINNOW-' Selecting k-gram Hashes 616 10.3.2 SSSWAMOSS: Software Plagiarism Detection 619 10.3.3 SSMCkgram^ k-gram Java Bytecode Birthmarks 623 10.4 API-Based Analysis 625 10.4.1 SSTNMM: Object-Oriented Birthmarks 626 10.4.2 SSTONMM: Dynamic Function Call Birthmarks 629 10.4.3 SSSDL: Dynamic -gram API Birthmarks 630 10.5 Tree-Based Analysis 631 10.5.1 SSEFM: AST-Based Clone Detection 631 10.6 Graph-Based Analysis 635 10.6.1 SSKH: PDG-Based Clone Detection 636 10.6.2 SSLCHY: PDG-Based Plagiarism Detection 640 10.6.3 SSMC wpp : Dynamic Whole Program Birthmarks 641 10.7 Metrics-Based Analysis 644 10.7.1 SSKK: Metrics-Based Clone Detection 645 10.7.2 SSLM: Metrics-Based Authorship Analysis 646 10.8 Discussion 652 11 Hardware for Protecting Software 655 11.1 Anti-Piracy by Physical Distribution 657 11.1.1 Distribution Disk Protection 658 11.1.2 Dongles and Tokens 664 11.2 Authenticated Boot Using a Trusted Platform Module 670 11.2.1 Trusted Boot 671 11.2.2 Taking Measurements 673 11.2.3 TheTPM 676 11.2.4 The Challenge 677

xiv Contents 11.2.5 Social Trust and Privacy Issues 679 11.2.6 Applications and Controversies 681 11.3 Encrypted Execution 683 11.3.1 The XOM Architecture 685 11.3.2 Preventing Replay Attacks 688 11.3.3 Fixing a Leaky Address Bus 690 11.3.4 Fixing a Leaky Data Bus 694 11.3.5 Discussion 694 11.4 Attacks on Tamperproof Devices 695 11.4.1 Tapping the Bus The Microsoft XBOX Hack 696 11.4.2 Injecting Ciphertext Dallas Semiconductor DS5002FP 697 11.4.3 Hacking Smartcards 701 11.4.4 Non-Invasive Attacks 705 11.4.5 Board-Level Protection 708 11.5 Discussion 711 Bibliography 713 Index 737

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information