Skip to main content
SpringerLink
Log in

On the Possibility of Provably Secure Obfuscating Programs

  • Conference paper
Perspectives of System Informatics (PSI 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2890))

Abstract

By obfuscation we mean any efficient semantic-preserving transformation of computer programs aimed at bringing a program into such a form, which impedes the understanding of its algorithm and data structures or prevents the extracting of some valuable information from the plaintext of a program. The main difficulty in designing an effective program obfuscator is to guarantee security, i.e. to prove that no algorithm can break software protection in reasonable time. All obfuscation techniques and tools developed so far rely on the informal concept of security and therefore can’t be regarded as provably secure. In this paper we (1) introduce for the first time a formal information-theoretic definition of obfuscation security, (2) present a new obfuscation technique which takes advantage of cryptographic primitives (one-way functions, hard-core predicates), and (3) demonstrate, taking a conventional password identification scheme as a case study, how to prove security of the obfuscating transformations.

This work was supported by the Russian Foundation for Basic Research (grant 03-01-00880)

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice Hall PTR, Englewood Cliffs (1994)

    MATH  Google Scholar 

  2. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vedhan, S., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Chow, S., Gu, Y., Johnson, H., Zakharov, V.: An approach to the obfuscation of control flow of sequential computer programs. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 144–156. Springer, Heidelberg (2001)

    Google Scholar 

  4. Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations, Tech. Report, N 148, Dept. of Computer Science, Univ. of Auckland (1997)

    Google Scholar 

  5. Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient and stealthy opaque constructs. In: Symposium on Principles of Programming Languages, pp. 184–196 (1998)

    Google Scholar 

  6. Collberg, C., Thomborson, C., Low, D.: Breaking abstraction and unstructuring data structures. In: IEEE International Conference on Computer Languages, pp. 28–38 (1998)

    Google Scholar 

  7. Collberg, C., Thomborson, C.: Watermarking, tamper-proofing and obfuscation — tools for software protection. IEEE Transactions on Software Engineering 28(2), 735–746 (2002)

    Article  Google Scholar 

  8. Devanbu, P.T., Stubblebine, S.: Software engineering for security: a roadmap. In: Future of SE Track, pp. 227–239 (2000)

    Google Scholar 

  9. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions in Information Theory 22, 644–654 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  10. Gollmann, D.: Computer Security. Willey, New York (1999)

    Google Scholar 

  11. Goldreich, O., Levin, L.A.: A hard-core predicate for all one-way functions. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 25–32 (1989)

    Google Scholar 

  12. Hada, S.: Zero-knowledge and code obfuscation. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, p. 443. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  13. Horwitz, S.: Precise flow-insensitive alias analysis is NP-hard. ACM Transactions on Programming Languages and Systems 19(1), 1–6 (1997)

    Article  Google Scholar 

  14. Landi, W.: Undecidability of static analysis. ACM Letters on Programming Languages and Systems 1(4), 323–337 (1992)

    Article  Google Scholar 

  15. MacDonald, J.: On program security and obfuscation. Technical Report, University of California (1998)

    Google Scholar 

  16. Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)

    MATH  Google Scholar 

  17. Ramalingam, G.: The undecidability of aliasing. ACM Transactions on Programming Languages and Systems 16(5), 1467–1471 (1994)

    Article  Google Scholar 

  18. Wang, C., Hill, J., Knight, J., Davidson, J.: Software tamper resistance: obstructing static analysis of programs, Tech. Report, N 12, Dep. of Comp. Sci., Univ. of Virginia (2000)

    Google Scholar 

  19. Wroblewski, G.: General method of program code obfuscation. In: Proceedings of the International Conference on Software Engineering Research and Practice (SERP), pp. 153–159 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory for Cryptography, Lomonosov State University, Moscow, RU-119899, Russia

    Nikolay P. Varnovsky

  2. Faculty of Computational Mathematics and Cybernetics, Lomonosov State University, Moscow, RU-119899, Russia

    Vladimir A. Zakharov

  3. Institute for System Programming, Russian Academy of Sciences, B. Kommunisticheskaya, 25, 109004, Moscow, Russia

    Nikolay P. Varnovsky & Vladimir A. Zakharov

Authors
  1. Nikolay P. Varnovsky
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vladimir A. Zakharov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Technische Universität München, Germany

    Manfred Broy

  2. A.P. Ershov Institute of Informatics Systems, Siberian Branch of Russian Academy of Sciences, 630090, Novosibirsk, Russia

    Alexandre V. Zamulin

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Varnovsky, N.P., Zakharov, V.A. (2004). On the Possibility of Provably Secure Obfuscating Programs. In: Broy, M., Zamulin, A.V. (eds) Perspectives of System Informatics. PSI 2003. Lecture Notes in Computer Science, vol 2890. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39866-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-39866-0_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20813-6

  • Online ISBN: 978-3-540-39866-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation