- Università di Verona
Thursday, March 30, 2017
Rinfresco 14.45, inizio seminario 15.00.
The talk concerns the design of code protecting transformations for anti-reverse engineering applications.
This is a gentle introduction for non-specialists to some of the results and studies I made during a 2 years sabbatical at University of Louisiana, IRDETO Canada, University of Melbourne, and IMDEA SW Institute. These technologies are widely used in code protection (e.g., IP protection or key protection), malware design, anti tampering, code watermarking and birth-marking of code. The battle scenario involves attackers intended to extract information by reverse engineering the code, and protecting code transformations modeled as distorted compilers devoted to inhibit these attacks. Attacks are inhibited by maximizing imprecision in all attempts made by the attacker to exploit control and data-flow of the obscured code.
After a brief survey on the state of the art in the field, we introduce a model for code obfuscation which is general enough to include generic automated static and dynamic attacks. Protecting transformations are then systematically and formally derived as distorted compilers, obtained by specializing a suitably distorted interpreter for the given programming language with respect to the source code to protect. Interestingly this distortion corresponds precisely to defeat the potency of the expected attacker, which is itself an interpreter and whose potency consists in its ability to extract a complete and precise view of program's execution.