Abstract
By obfuscation we mean any efficient semantic-preserving transformation of computer programs aimed at bringing a program into such a form, which impedes the understanding of its algorithm and data structures or prevents the extracting of some valuable information from the plaintext of a program. The main difficulty in designing an effective program obfuscator is to guarantee security, i.e. to prove that no algorithm can break software protection in reasonable time. All obfuscation techniques and tools developed so far rely on the informal concept of security and therefore can’t be regarded as provably secure. In this paper we (1) introduce for the first time a formal information-theoretic definition of obfuscation security, (2) present a new obfuscation technique which takes advantage of cryptographic primitives (one-way functions, hard-core predicates), and (3) demonstrate, taking a conventional password identification scheme as a case study, how to prove security of the obfuscating transformations.
This work was supported by the Russian Foundation for Basic Research (grant 03-01-00880)
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice Hall PTR, Englewood Cliffs (1994)
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vedhan, S., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)
Chow, S., Gu, Y., Johnson, H., Zakharov, V.: An approach to the obfuscation of control flow of sequential computer programs. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 144–156. Springer, Heidelberg (2001)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations, Tech. Report, N 148, Dept. of Computer Science, Univ. of Auckland (1997)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient and stealthy opaque constructs. In: Symposium on Principles of Programming Languages, pp. 184–196 (1998)
Collberg, C., Thomborson, C., Low, D.: Breaking abstraction and unstructuring data structures. In: IEEE International Conference on Computer Languages, pp. 28–38 (1998)
Collberg, C., Thomborson, C.: Watermarking, tamper-proofing and obfuscation — tools for software protection. IEEE Transactions on Software Engineering 28(2), 735–746 (2002)
Devanbu, P.T., Stubblebine, S.: Software engineering for security: a roadmap. In: Future of SE Track, pp. 227–239 (2000)
Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions in Information Theory 22, 644–654 (1976)
Gollmann, D.: Computer Security. Willey, New York (1999)
Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 25–32 (1989)
Hada, S.: Zero-knowledge and code obfuscation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 443. Springer, Heidelberg (2000)
Horwitz, S.: Precise flow-insensitive alias analysis is NP-hard. ACM Transactions on Programming Languages and Systems 19(1), 1–6 (1997)
Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems 1(4), 323–337 (1992)
MacDonald, J.: On program security and obfuscation. Technical Report, University of California (1998)
Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Ramalingam, G.: The undecidability of aliasing. ACM Transactions on Programming Languages and Systems 16(5), 1467–1471 (1994)
Wang, C., Hill, J., Knight, J., Davidson, J.: Software tamper resistance: obstructing static analysis of programs, Tech. Report, N 12, Dep. of Comp. Sci., Univ. of Virginia (2000)
Wroblewski, G.: General method of program code obfuscation. In: Proceedings of the International Conference on Software Engineering Research and Practice (SERP), pp. 153–159 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Varnovsky, N.P., Zakharov, V.A. (2004). On the Possibility of Provably Secure Obfuscating Programs. In: Broy, M., Zamulin, A.V. (eds) Perspectives of System Informatics. PSI 2003. Lecture Notes in Computer Science, vol 2890. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39866-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-39866-0_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20813-6
Online ISBN: 978-3-540-39866-0
eBook Packages: Springer Book Archive