Abstract
In this paper we present a straightforward approach to the obfuscation of sequential program control-flow in order to design tamper-resistant software. The principal idea of our technique is as follows: Let I be an instance of a hard combinatorial problem C, whose solution K is known. Then, given a source program π, we implant I into π by applying semantics-preserving transformations and using K as a key. This yields as its result an obfuscated program πI,K, such that a detection of some property P of πI,K, which is essential for comprehending the program, gives a solution to I. Varying instances I, we obtain a family II C of obfuscated programs such that the problem of checking P for II C is at least as hard as C. We show how this technique works by taking for C the acceptance problem for linear bounded Turing machines, which is known to be PSPACE-complete.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Brickell E.F., Davenport D.M. On the classification of ideal secret sharing schemes. J. Cryptology, 4, 1991, p.123–134.
Chow S., Johnson H., and Gu Y., Tamper resistant software — control flow encoding. Filed under the Patent Coöperation Treaty on August 18, 2000, under Serial No. PCT/CA00/00943.
Collberg C., Thomborson C., Low D., A taxonomy of obfuscating transformations, Tech. Report, N 148, Dept. of Computer Science, Univ. of Auckland, 1997.
Collberg C., Thomborson C., Low D., Manufacturing cheap, resilient and stealthy opaque constructs, Symp. on Principles of Prog. Lang., 1998, p.184–196.
Collberg C., Thomborson C., Low D. Breaking abstraction and unstructuring data structures, in IEEE Int. Conf. on Computer Languages, 1998, p.28–38.
Garey M.R., Johnson D.S., Computers and Intractability, W.H Freeman and Co., San Francisco, 1979.
Glenn A., Larus J., Improving Data-Flow Analysis with Path Profilers. In Proc. of the SIGPLAN ’98 Conf. on Prog. Lang. Design and Implementation, Montreal, Canada, published as SIGPLAN Notices, SIGPLAN Notices, N 5, 1998, pp. 72–84.
Horowitz S., Precise flow-insensitive May-Alias analysis is NP-hard, TOPLAS, 1997, 19, N 1, p.1–6.
Jalali M., Hachez G., Vasserot C. FILIGRANE (Flexible IPR for Software AGent ReliANcE) A security framework for trading of mobile code in Internet, in Autonomous Agents 2000 Workshop: Agents in Industry, 2000.
Jones N.D., Muchnik S.S. Even simple programs are hard for analysis, J. Assoc. Comput. Mach., 1977, 24 N 5, p.338–350.
Kennedy K., A Survey of Data Flow Analysis Techniques, in Program Flow Analysis: Theory and Applications, S.S. Muchnick and N.D. Jones (eds.). Prentice-Hall, Englewood Cliffs, NJ, 1981, pp. 5–54.
Kozen D., Automata and Computability, Springer, 1997.
Knoop J., Ruthing O., Steffen B., Partial Dead Code Elimination, in Proc. of the SIGPLAN ’94 Conf. on Prog. Lang. Design and Implementation, Orlando, FL, published as SIGPLAN Notices, 29, N 6, June 1994, pp. 147–158.
Kotov V.E., Sabelfeld V.K., Theory of program schemata, M.: Nauka, 1991, 246 p. (in Russian)
Kuroda S.Y., Classes of languages and linear bounded automata, Information and Control, 1964, v.7, p.207–223.
Landi W., Undecidability of static analysis, ACM Lett.on Prog. Lang. and Syst., 1, 1992, 1, N 4, p.323–337.
Mambo M., Murayama T., Okamoto E., A tentative approach to constructing tamper-resistant software, Workshop on New Security Paradigms, 1998, p.23–33.
Savitch W.J., Relationship between nondeterministic and deterministic tape complexities, J. of Comput. and Syst. Sci., 4, 1970, p.177–192.
SourceGuard, commercial version of HashJava, http://www.4thpass.coml
Tamper Resistant Software, http://www/cloakware.com/technology.html
Wang C., Hill J., Knight J., Davidson J., Software tamper resistance: obstructing static analysis of programs, Tech. Report, N 12, Dept. of Comp. Sci., Univ. of Virginia, 2000
Zakharov V. The equivalence problem for computational models: decidable and undecidable cases, Lecture Notes in Computer Science, 2055, 2001, p.133–152.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chow, S., Gu, Y., Johnson, H., Zakharov, V.A. (2001). An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs. In: Davida, G.I., Frankel, Y. (eds) Information Security. ISC 2001. Lecture Notes in Computer Science, vol 2200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45439-X_10
Download citation
DOI: https://doi.org/10.1007/3-540-45439-X_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42662-2
Online ISBN: 978-3-540-45439-7
eBook Packages: Springer Book Archive