Abstract
Program obfuscation is a semantic-preserving transformation aimed at bringing a program into a form that impedes understanding of its algorithm and data structures or prevents extracting certain valuable information from the text of the program. Since obfuscation may find wide use in computer security, information hiding and cryptography, security requirements to program obfuscators have become a major focus of interest in the theory of software obfuscation starting from the pioneering works in this field. In this paper we give a survey of various definitions of obfuscation security and basic results that establish possibility or impossibility of secure program obfuscation under certain cryptographic assumptions.
Similar content being viewed by others
References
Diffie, W. and Hellman, M., New directions in cryptography, IEEE Trans. Inf. Theory, 1976, vol. 22, no. 6, pp. 644–654.
Collberg, C., Thomborson, C., and Low, D., A taxonomy of obfuscating transformations, Tech. Report, no. 148, Dept. of Computer Science, Univ. of Auckland, 1997.
Cohen, F., Operating system protection through program evolution, Comput. Security, 1993, vol. 12, no. 6, pp. 565–584.
Chess, D. and White, S., An undetectable computer virus, Proc. of the 2000 Virus Bulletin Conf., Orlando, 2000.
Szor, P. and Ferrie, P., Hunting for metamorphic, Proc. of the 2001 Virus Bulletin Conf., 2001, pp. 123–144.
Collberg, C. and Nagra, J., Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Program Protection, Addison-Wesley, 2009.
Aucsmith, D., Tamper resistant software: An implementation, Lect. Notes Comput. Sci., 1996, vol. 1174, pp. 317–333.
Scud, T.T., ObjObf—x86/Linux ELF relocateable object obfuscator. http://packetstormsecurity.org/files/31524/objobf-0.5.0.tar.bz2.
Solutions, P., DashO—the premier Java obfuscator and efficiency enhancing tool. http://www.preemptive.com/products/dasho/.
Solutions, P., Dotfuscator—the premier. NET obfuscator and efficiency enhancing tool. http://www.preemptive.com/products/dotfuscator/.
KlassMaster, Z., The second generation Java obfuscator. http://www.zelix.com/.
Ge, J., Chaudhuri, S., and Tyagi, A., Control flow based obfuscation, Proc. of the Digital Rights Management Workshop, Alexandria, VA, 2005, pp. 83–92.
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., and Ke Yang, On the (im)possibility of obfuscating programs, Lect. Notes Comput. Sci., 2001, vol. 2139, pp. 1–18.
Varnovsky, N.P., A note on the concept of obfuscation, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2004, no. 6, pp. 127–137.
Kuzurin, N.N., Shokurov, A.V., Varnovsky, N.P., and Zakharov, V.A., On the concept of software obfuscation in computer security, Lect. Notes Comput. Sci., 2007, vol. 4779, pp. 281–298.
Goldwasser, S. and Rothblum, G.N., On best possible obfuscation, Lec. Notes Comput. Sci., 2007, vol. 4392. pp. 194–213.
Canetti, R., Towards realizing random oracles: hash functions that hide all partial information, Lect. Notes Comput. Sci., 1997, vol. 1294, pp. 455–469.
Varnovsky, N.P. and Zakharov V.A. On the possibility of provably secure obfuscating programs, Lect. Notes Comput. Sci., 2004, vol. 2890. pp. 91–102.
Lynn, B., Prabhakaran, M., and Sahai, A., Positive results and techniques for obfuscation, Lect. Notes Comput. Sci., 2004, vol. 3027, pp. 20–39.
Wee, H., On obfuscating point functions, Proc. of the 37th Symp. on Theory of Computing, 2005, pp. 523–532.
Hofheinz, D., Malone-Lee, J., and Stam, M., Obfuscation for cryptographic purpose, Lect. Notes Comput. Sci., 2007, vol. 4392, pp. 214–232.
Canetti, R. and Dakdouk, R.R., Obfuscating point functions with multibit output, Lect. Notes Comput. Sci., 2008, vol. 4965, pp. 489–508.
Hohenberger, S., Rothblum, G.N., Shelat, A., and Vaikuntanathan, V., Securely obfuscating re-encryption, Proc. of the 4th Conf. on Theory of Cryptography, 2007, pp. 233–252.
Canetti, R., Rothblum, G.N., and Varia, M., Obfuscation of hyperplane membership, Proc. of the 7th Conf. on Theory of Cryptography, 2010, pp. 72–89.
Collberg, C., Thomborson, C., and Low, D., Manufacturing cheap, resilient and stealthy opaque constructs, Proc. of the Symp. on Principles of Programming Languages, 1998, pp. 184–196.
de Oor, A. and van der Oord L., Stealthy obfuscation techniques: Misleading pirates, Tech. report of Dept. of Computer Science Univ. of Twente Enschede, 2003.
Naumovich, G, and Memon, N., Preventing piracy, reverse engineering, and tampering, IEEE Comput., 2003, vol. 36, no. 7, pp. 64–71.
Collberg, C. and Thomborson, C., Watermarking, tamper-proofing, and obfuscation—tools for software protection, IEEE Trans. Software Eng., 2002, vol. 28, no. 6, pp. 735–746.
Arboit, G., A method for watermarking Java programs via opaque predicates, Proc. of the Int. Conf. on Electronic Commerce Research (ICECR-5), Montreal, 2002, pp. 1–8.
Zhu, W., Thomborson, C., and Wang, F.-Y., A survey of software watermarking, Lect. Notes Comput. Sci., 2005, vol. 3495, pp. 454–458.
Myles, G. and Collberg, C., Software watermarking via opaque predicates: Implementation, analysis, and attacks, Electron. Commer. Res., 2006, vol. 6, no. 2, pp. 155–171.
Sander, T. and Tchudin, C.F., Protecting mobile agents against malicious hosts, Lect. Notes Comput. Sci., 1997, pp. 44–60.
Hohl, F., Time limited blackbox security: Protecting mobile agents from malicious hosts, Lect. Notes Comput. Sci., 1998, vol. 1419, pp. 92–113.
D'Anna, L., Matt, B., Reisse, A., van Vleck, T., Schwab, S., and LeBlanc, P., Self-protecting mobile agents obfuscation report, Tech. report no. 03-015, Network Associates Laboratories, 2003.
Wu, J., Zhang, Y., Wang, X., et al., A scheme for protecting mobile agents based on combining obfuscated control flow and time checking technology, Proc. of the Conf. on Computational Intelligence and Security, Harbin, 2007, pp. 912–916.
Roeder, T. and Schneider, F.B., Proactive obfuscation, ACM Trans. Comput. Syst., 2010, vol. 28, no. 2.
Ostrovsky, R. and Skeith, W.E., Private searching on streaming data, Lect. Notes Comput. Sci., 2005, vol. 3621, pp. 223–240.
Narayanan, A. and Shmatikov, V., Obfuscated databases and group privacy, Proc. of the 12th ACM Conf. on Computer and Communications Security, 2005, pp. 102–111.
Ivannikov, V.P., Varnovsky, N.P., Zakharov, V.A., Kuzyurin, N.N., Shokurov, A.V., Kononov, A.N., and Kalinin, A.V., Methods of information protection of project solutions in manufacturing of microelectronic circuits, Izv. Taganrogskogo Radiotekhnicheskogo Univ., 2005, vol. 4, pp. 112–119.
Varnovsky, N.P., Zakharov, V.A., Kuzyurin, N.N., Cherov, A.V., and Shokurov, A.V., Problems and methods for ensuring information security in manufacturing of microelectronic circuits, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2006, vol. 11, pp. 29–61.
Borello, J.M. and Me, L., Code obfuscation technique for metamorphic viruses, J. Comput. Virology, 2008, vol. 4, pp. 211–220.
Bhatkar, S., Du Varney, D.C., and Sekar, R., Efficient techniques for comprehensive protection from memory error exploits, Proc. of the 14th Conf. on USENIX Security Symp., 2005, vol. 14, p. 17.
Wroblewski, G., General method of program code obfuscation, Proc. Int. Conf. on Software Engineering Research and Practice, 2002.
Linn, C. and Debray, S., Obfuscation of executable code to improve resistance to static disassembly, Proc. of the 10th ACM Conf. on Computer and Communication Security, 2003, pp. 290–299.
Sosonkin, M, Naumovich, G, and Memon, N., Obfuscation of design intent in object-oriented applications, Proc. of the Digital Rights Management Workshop, Washington, DC, 2003, pp. 142–153.
Collberg, C., Myles, G., and Huntwort, A., Sandmark—a tool for software protection research, IEEE Security Privacy, 2003, vol. 1, no. 4, pp. 40–49.
Heffner, K. and Collberg, C., The obfuscation executive, Lect. Notes Comput. Sci., 2004, vol. 3225, pp. 428–440.
Chan, J.T. and Yang, W., Advanced obfuscation techniques for Java bytecode, J. Syst. Software, 2004, vol. 71, nos. 1–2, pp. 1–10.
Cimato, S., De, S.A., and Petrillo, U.F., Overcoming the obfuscation of Java programs by identifier renaming, J. Systems Software, 2005, vol. 78, no. 1, pp. 60–72.
Madou, M., Anckaert, B., de Sutter, B., and de Bosschere, K., Hybrid static-dynamic attacks against software protection mechanisms, Proc. of the 5th ACM Workshop on Digital Rights Management, 2005, pp. 75–82.
Udupa, S.K., Debray, S.K., and Madou, M., Deobfuscation: Reverse engineering obfuscated code, Proc. of the 12th Working Conf. on Reverse Engineering, Pittsburgh, 2005, pp. 45–54.
Ge, J., Chaudhuri, S., and Tyagi, A., Control flow based obfuscation, Proc. of the Digital Rights Management Workshop, Alexandria, VA, 2005, pp. 83–92.
Chen, K. and Chen, J.B., On instrumenting obfuscated Java bytecode with aspects, Proc. of the 2006 Int. Workshop on Software Engineering for Secure Systems, Shanghai, 2006, pp. 19–26.
Madou, M., Anckaert, B., de Sutter, B., de Bosschere, K., Cappaert, J., and Preenel, B., On the effectiveness of source code transformations for binary obfuscation, Proc. Int. Conf. on Software Engineering Research and Practice, 2006, pp. 527–533.
Madou, M., Anckaert, B., Moseley, P., Debray, S., de Sutter, B., and de Bosschere, K., Software protection through dynamic code mutation, Proc. of the 6th Int. Conf. on Information Security Applications, 2006, pp. 194–206.
Drape, S., Majumdar, A., and Thomborson, C., Slicing aided design of obfuscating transforms, Proc. of the Int. Computing and Information Systems Conf. (ICIS 2007), Melbourne, 2007, pp. 1019–1024.
Majumdar, A., Drape, S., and Thomborson, C., Slicing obfuscations: Design, correctness, and evaluation, Proc. of the 2007 ACM Workshop on Digital Rights Management, Alexandria, 2007, pp. 70–81.
Batchelder, M. and Hendren, L., Obfuscating Java: The most pain for the least gain, Proc. of the Compiler Construction, Braga, Portugal, 2007, pp. 96–110.
Ceccato, M., Di, P.M., Nagra, J., et al., Towards experimental evaluation of code obfuscation techniques, Proc. of the 4th ACM Workshop on Quality of Protection, Alexandria, 2008, pp. 39–46.
Darwish, S.M., Guirguis, S.K., and Zalat, M.S., Stealthy code obfuscation technique for software security, Proc. of the Int. Conf. on Computer Engineering and Systems, 2010, pp. 93–99.
Chernov, A.V., A method of program masking, Tr. Inst. Sist. Program. Ross. Akad. Nauk, 2003, vol. 4, pp. 85–119.
Majumdar, A., Drape, S., Thomborson, C., et al., Metrics-based evaluation of slicing obfuscations, Proc. of the 3rd Int. Symp. on Information Assurance and Security, Manchester, 2007, pp. 472–477.
Naeem, N.A., Batchelder, M., and Hendren, L., Metrics for measuring the effectiveness of decompilers and obfuscators, Proc. of the 15th IEEE Int. Conf. on Program, Banff, Canada, 2007, pp. 253–258.
Anckaert, B., Madou, M., De, S.B., et al., Program obfuscation: A quantitative approach, Proc. of the 2007 ACM Workshop on Quality of Protection, Alexandria, USA, 2007, pp. 15–20.
Tsai, H.Y., Huang, Y.L., and Wagner, D., A graph approach to quantitative analysis of control-flow obfuscating, IEEE Trans. Information Forensics Security, 2009, vol. 4, no. 2, pp. 257–267.
Cousot, P. and Cousot, R., An abstract interpretationbased framework for software watermarking, Proc. of 31st ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, 2004, pp. 173–185.
Zakharov, V.A. and Ivanov, K.S., Program obfuscation as obstruction of program static analysis, Tr. Inst. Sist. Program. Ross. Akad. Nauk, 2004, vol. 6, pp. 141–161.
Zakharov, V.A. and Ivanov, K.S., On counteraction to some algorithms of program static analysis, Proc. of Conf. “Mathematics and Safety of Information Technologies”, 2003, pp. 282–286.
Dalla Preda, M. and Giacobazzi, R., Semantic-based code obfuscation by abstract interpretation, Lect. Notes Comput. Sci., 2005, vol. 3580, pp. 1325–1336.
Zakharov, V.A. and Ivanov, K.S., Program models related to the problem of counteraction to algorithms of program static analysis, Tr. Inst. Sist. Program. Ross. Akad. Nauk, 2006, vol. 11.
Varnovsky, N.P., Zakharov, V.A., Kuzyurin, N.N., Podlovchenko, R.I., Shokurov, A.V., and Shcherbina, V.L., On the use of program deobfuscation methods for detecting complex computer viruses, Izv. Taganro. Radiotekh. Univ., 2006, vol. 6, pp. 18–27.
Kuzurin, N.N., Podlovchenko, R.I., Scherbina, V.L., and Zakharov, V.A., Using algebraic models of programs for detecting metamorphic malwares, Tr. Inst. Sist. Program. Ross. Akad. Nauk, 2007, vol. 12, pp. 77–94.
Della Preda, M. and Giacobazzi, G., Semantic-based code obfuscation by abstract interpretation, J. Comput. Security, 2009, vol. 17, no. 6, pp. 855–908.
Christodorescu, M. and Jha, S., Static analysis of executables to detect malicious patterns, Proc. of the 12th Security Symp., 2003, pp. 169–186.
Della Preda, M., Christodorescu, M., Jha, S., and Debray, S., A semantic-based approach to malware detection, Proc. of the 34th Annu. ACM SIGPLANSIGACT Symp. on Principles of Programming Languages, 2007, pp. 377–388.
Della Preda, M., Giacobazzi, G., Debray, S., Coogan, K., and Townsend, G., Modelling metamorphism by abstract interpretation, Lect. Notes Comput. Sci., 2010, vol. 6337, pp. 218–235.
Majumdar, A. and Thomborson, C., On the use of opaque predicates in mobile agent code obfuscation, Proc. of the ISI 2005, Altanta, 2005, pp. 648–649.
Majumdar, A. and Thomborson, C., Manufacturing opaque predicates in distributed systems for code obfuscation, Proc. of the 4th Int. Conf. on Information Security, Hobart, Australia, 2006, pp. 187–196.
Della Preda, M., Giacobazzi, G., Madou, M., and de Bosschere, K., Lect. Notes Comput. Sci., 2006, vol. 4019, pp. 81–95.
Wang, C., Davidson, J., Hill, J., and Knight, J., Protection of software-based survivability mechanisms, Proc. of the Int. Conf. of Dependable Systems and Networks, 2001.
Chow, S., Gu, Y., Johnson, H., and Zakharov, V., An approach to obfuscation of control-flow of sequential programs, Lect. Notes Comput. Sci., 2001, vol. 2000, pp. 144–155.
Ogiso, T., Sakabe, Y., Soshi, M., and Miyaji, A., Software obfuscation on a theoretical basis and its implementation, Inst. Electron., Inf. Commun. Eng., Trans., Sect. E, 2003, E86-A(1).
Varnovskii, N.P., Zakharov, V.A., Kuzyurin, N.N., and Shokurov, A.V., On prospcts of solving program obfuscation problem, Proc. of Conf. Mathematics and Safety of Information Technologies, 2003, pp. 344–351.
Ostrovsky, R., Efficient computation on oblivious RAMs, Proc. of the 22nd Annu. ACM Symp. on Theory of Computing, 1990, pp. 514–523.
Zhuang, X., Zhang, T., Lee, H.-H.S., and Pande, S., Hardware assisted control flow obfuscation for embedded processes, Proc. of the 2004 Int. Conf. on Compilers, Architecture, and Synthesis for Embedded Systems, 2004, pp. 292–302.
Bhatkar, S., Du Varney, D.C., and Sekar, R., Address obfuscation: An efficient approach to combat a broad range of memory error exploits, Proc. of the 12th Conf. on USENIX Security Symp., 2003, vol. 8, pp. 105–120.
Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., and Waters, B., Candidate indistinguishability obfuscation and functional encryption for all circuits, Proc. of the 2013 IEEE 54nd Annu. Symp. on Foundations of Computer Science, 2013, pp. 40–49.
Hada, S., Secure obfuscation for encrypted signatures, Lect. Notes Comput. Sci., 2010, vol. 6110, pp. 92–112.
Adida, B. and Wikstrom, D., How to shuffle in public, Lect. Notes Comput. Sci., 2007, vol. 4392, pp. 555–574.
Canetti, R., Dwork, C., Naor, M., and Ostrovsky, R., Deniable encryption, Lect. Notes Comput. Sci., 1997, vol. 1294, pp. 90–104.
Sahai, A. and Waters, B., How to use indistinguishability obfuscation: Deniable encryption, and more, Proc. of the 22nd Annu. ACM Symp. on Theory of Computing, 2014, pp. 475–484.
Hada, S., Zero-knowledge and code obfuscation, Lect. Notes Comput. Sci., 2000, vol. 1976, pp. 443–457.
Savage, J., Models of Computation: Exploring the Power of Computing, Boston: Addison-Wesley, 1997.
Valiant, L., A theory of learnable, Commun. ACM, 1984, vol. 27, no. 11, pp. 1134–1142.
Bitansky, N. and Canetti, R., On obfuscation with strong simulators, Lect. Notes Comput. Sci., 2010, vol. 6223, pp. 520–537.
Goldwasser, S. and Kalai, T.Y., On the impossibility of obfuscation with auxiliary input, Proc. of the 46th IEEE Annu. Symp. on Foundations of Computer Science, 2005, pp. 553–562.
Gentry, C., Fully homomorphic encryption using ideal lattices, Proc. of the 41st ACM Symp. on Theory of Computing (STOC 2009), 2009, pp. 169–178.
Gentry, C., Computing arbitrary functions of encrypted data, Commun. ACM, 2010, vol. 53, no. 3, pp. 97–105.
Gentry, C. and Halevi, S., Implementing Gentry’s fully-homomorphic encryption scheme, Lect. Notes Comput. Sci., 2011, vol. 6632, pp. 129–148.
Brakerski, Z. and Vaikuntanathan, V., Efficient fully homomorphic encryption from (standard) LWE, Proc. of the 2011 IEEE 542nd Annu. Symp. on Foundations of Computer Science, 2011, pp. 97–106.
Gentry, C., Lewko, A.L., and Waters, B., Homomorphic encryption from learning with errors: Conceptually-simpler, asymptotically-faster, attribute-based, Lect. Notes Comput. Sci., 2013, vol. 8042, pp. 75–92.
Brakerski, Z. and Rothblum, G.N., Virtual black-box obfuscation for all circuits via generic graded encoding, Lect. Notes Comput. Sci., 2014, vol. 8349, pp. 1–25.
Barak, B., Garg, S., Kalai, Y.T., Paneth, O., and Sahai, A., Protecting obfuscation against algebraic attacks, Lect. Notes Comput. Sci., 2014, vol. 8441, pp. 221–238.
Canetti, R., Kalai, Y. T., Paneth. O., On obfuscation with random oracles, Lect. Notes Comput. Sci., 2015, vol. 9015, pp. 456–467.
Author information
Authors and Affiliations
Corresponding authors
Additional information
Original Russian Text © N.P. Varnovskiy, V.A. Zakharov, N.N. Kuzyurin, A.V. Shokurov, 2015, published in Trudy Instituta Sistemnogo Programmirovaniya, 2014, Vol. 26, No. 3, pp. 167–198.
Rights and permissions
About this article
Cite this article
Varnovskiy, N.P., Zakharov, V.A., Kuzyurin, N.N. et al. The current state of art in program obfuscations: definitions of obfuscation security. Program Comput Soft 41, 361–372 (2015). https://doi.org/10.1134/S0361768815060079
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768815060079