t he problem hiding and unveiling in sw
play

T HE PROBLEM : HIDING AND UNVEILING IN SW ! Understanding programs - PowerPoint PPT Presentation

Feb 13, 2023 •271 likes •1.2k views

H IDING I NFORMATION IN C OMPLETENESS H OLES N EW PERSPECTIVES IN CODE OBFUSCATION AND WATERMARKING Roberto Giacobazzi Dipartimento di Informatica Universit` a di Verona Italy SEFM08, Cape Town November 2008 SEFM08 Cape Town

  1. H IDING I NFORMATION IN C OMPLETENESS H OLES N EW PERSPECTIVES IN CODE OBFUSCATION AND WATERMARKING Roberto Giacobazzi Dipartimento di Informatica Universit` a di Verona Italy SEFM’08, Cape Town November 2008 SEFM’08 – Cape Town – p.1/37

  2. T HE PROBLEM : P ROTECTION ! In SW much of the know-how is located in the product itself! ! According to Business Software Alliance (BSA): ! the worldwide weighted average piracy rate is 35%, the median piracy rate is 62%, meaning half of the countries have a piracy rate of 62% or higher of the market, which grows to 75% in one-third of the countries ! In 2007, every 2.00USD worth of software purchased legitimately, 1.00USD worth was obtained illegally!! ! knowledge extraction by static and dynamic analysis ! program decomposition for code reuse ! source code disassembly and decompilation for reverse engineering ! integrity corruption for code hacking SEFM’08 – Cape Town – p.2/37

  3. T HE PROBLEM : P ROTECTION We need adequate strategies for Intellectual Property Protection (IPP) and Digital Right Management (DRM) ! Make difficult source code analysis ! Make difficult program decomposition, disassembly and decompiation ! Steganography (watermarking and fingerprinting) against theft ! Tamper proofing against integrity corruption SEFM’08 – Cape Town – p.3/37

  4. T HE PROBLEM : A TTACK Malware represents malicious software. Malware detector is a program D that determines whether another program P is infected with a malware M . � True if P is infected with M D ( P , M ) = False otherwise SEFM’08 – Cape Town – p.4/37

  5. T HE PROBLEM : A TTACK Malware represents malicious software. Malware detector is a program D that determines whether another program P is infected with a malware M . � True if P is infected with M D ( P , M ) = False otherwise An ideal malware detector detects all and only the programs infected with M , i.e., it is sound and complete. ! Sound = no false positives (no false alarms) ! Complete = no false negatives (no missed alarms) SEFM’08 – Cape Town – p.4/37

  6. M ALWARE T RENDS There is more malware every year. New Malware 10992 445 2002 2003 2004 2005 SEFM’08 – Cape Town – p.5/37

  7. M ALWARE T RENDS There is more malware every year. New Malware 10992 New Malware Families 445 141 101 2002 2003 2004 2005 But the number of malware families has almost no variation. Beagle family has 197 variants (as on Jan. 2007). Warezov family has 218 variants (as on Jan. 2007). SEFM’08 – Cape Town – p.5/37

  8. SW PROTECTION VS . SW ATTACKS SW attack host malicious SW SW attack host malicious host SEFM’08 – Cape Town – p.6/37

  9. SW PROTECTION VS . SW ATTACKS SW attack host malicious SW viruses worms SW attack host malicious host SEFM’08 – Cape Town – p.6/37

  10. SW PROTECTION VS . SW ATTACKS SW attack host malicious SW viruses worms SW attack host malicious host IP integrity SEFM’08 – Cape Town – p.6/37

  11. SW PROTECTION VS . SW ATTACKS SW attack host malicious SW misuse detection SW attack host malicious host SEFM’08 – Cape Town – p.6/37

  12. SW PROTECTION VS . SW ATTACKS SW attack host malicious SW code obfuscation misuse detection (syntactic) SW attack host malicious host SEFM’08 – Cape Town – p.6/37

  13. SW PROTECTION VS . SW ATTACKS SW attack host malicious SW code obfuscation misuse detection (syntactic) SW attack host malicious host reverse engineering SEFM’08 – Cape Town – p.6/37

  14. SW PROTECTION VS . SW ATTACKS SW attack host malicious SW code obfuscation misuse detection (syntactic) SW attack host malicious host code obfuscation reverse engineering (behaviour) SEFM’08 – Cape Town – p.6/37

  15. SW PROTECTION VS . SW ATTACKS SW attack host malicious SW code obfuscation misuse detection (syntactic) deobfuscation SW attack host malicious host code obfuscation reverse engineering (behaviour) deobfuscation SEFM’08 – Cape Town – p.6/37

  16. P ROTECTION BY OBSCURITY : C ODE O BFUSCATION τ : P → P is a code obfuscation if it is an obfuscating compiler: ! it is potent: τ ( P ) is more complex (ideally unintelligible) than P ; ! it preserves the observational behaviour of programs � τ ( P ) � = � P � [C. Collberg et al. ’97, ’98]. Input Input τ P → τ � P � Output Output SEFM’08 – Cape Town – p.7/37

  17. P ROTECTION BY OBSCURITY : C ODE O BFUSCATION τ : P → P is a code obfuscation if it is an obfuscating compiler: ! it is potent: τ ( P ) is more complex (ideally unintelligible) than P ; ! it preserves the observational behaviour of programs � τ ( P ) � = � P � [C. Collberg et al. ’97, ’98]. The limit. Obfuscating programs is (im)possible: Even under restrictive hypothesis a general purpose obfuscator generating perfectly unintelligible code (virtual black-box) does not exist! [Barak et al. ’01]. The challenge. Design obfuscators that work against specific attacks Extensional properties of programs are undecidable [Rice ’53]. ....so formal methods and static analysis are born! SEFM’08 – Cape Town – p.7/37

  18. A N E XAMPLE (Pseudo-)Code: mov eax, [edx+0Ch] push ebx push [eax] call ReleaseLock SEFM’08 – Cape Town – p.8/37

  19. A N E XAMPLE (Pseudo-)Code: Obfuscated code (junk): mov eax, [edx+0Ch] mov eax, [edx+0Ch] push ebx inc eax push [eax] push ebx call ReleaseLock dec eax push [eax] call ReleaseLock SEFM’08 – Cape Town – p.8/37

  20. A N E XAMPLE (Pseudo-)Code: Obfuscated code (junk + reordering): mov eax, [edx+0Ch] mov eax, [edx+0Ch] jmp +3 push ebx push ebx push [eax] dec eax call ReleaseLock jmp +4 inc eax jmp -3 call ReleaseLock jmp +2 push [eax] jmp -2 SEFM’08 – Cape Town – p.8/37

  21. S TATE OF THE A RT [Collberg et al. ’97, ’98] ! opaque predicate insertion ! code flattening, ! variable splitting, ! bogus code insertion, ! spurious aliases Potency measure by standard metrics: code size, number of predicates, number of methods in OO code, height of inheritance, and variable dependence length SEFM’08 – Cape Town – p.9/37

  22. S TATE OF THE A RT [Wang et al. ’00] ! spurious aliases Potency measure by complexity of static analysis ! 1-level aliasing is easy P [Banning ’79] ! ≥ 2 -level aliasing is hard NP [Horowitz ’97] ! with dynamic memory allocation is undecidable!! understanding control-flow = solve a ≥ 2 -level aliasing problem SEFM’08 – Cape Town – p.9/37

  23. S TATE OF THE A RT [Cloackware ’00] ! code flattening Potency is related with the PSPACE complexity of reachability in dispatchers !" !$ !% !& !# SEFM’08 – Cape Town – p.9/37

  24. S TATE OF THE A RT [Cloackware ’00] ! code flattening Potency is related with the PSPACE complexity of reachability in dispatchers !"#$%&'()* +, +. +/ +0 +- 111111111 SEFM’08 – Cape Town – p.9/37

  25. S TATE OF THE A RT [Drape et al ’05 and ’07] ! data obfuscation ! slicing obfuscation: enlarging slices by adding dependencies Potency is related with data-refinement ! If D is a data-type, D is a refinement of D if � D , α, γ, D � is a GI ! Correctness: � P � = α ◦ � τ ( P ) � ◦ γ ! ...i.e.: P and γ ; τ ( P ); α are observationally equivalent! Obfuscation corresponds precisely to concretise (in the sense of abstract interpretation) a data-type SEFM’08 – Cape Town – p.9/37

  26. T HE PROBLEM : HIDING AND UNVEILING IN SW ! Understanding programs corresponds to understand their semantics ! The attacker is an interpreter (static or dynamic) ! Potency is related with the degree of precision of the interpreter ! τ ( P ) is an obfuscation of P if the interpretation of τ ( P ) fails (is less precise) than the same interpretation of P : � P � ≤ � τ ( P ) � ! In this case τ defeats � · � !! ! We need a theory of interpreters at different levels of abstraction We need Abstract Interpretation SEFM’08 – Cape Town – p.10/37

  27. T HE PROBLEM : HIDING AND UNVEILING IN SW Input SW Deobfuscation malicious user Reverse Engineering α δ Output SEFM’08 – Cape Town – p.10/37

  28. W HY A BSTRACT I NTERPRETATION ? ! The attacker ! Reverse engineering needs (static or dynamic) analysis ! Watermark extraction or violation need (static or dynamic) analysis ! The defender ! Can exploit attack flaws to embed information ! Can exploit attack limitations (complexity, accuracy, time, space etc) for obscuring information Abstract Interpretation (1977) is the most general model for the (static or dynamic) approximation of semantics of discrete dynamic systems ! Including: Static program analysis, type checking and type inference, model checking and predicate abstraction, trajectory evaluation, testing, proof systems, etc. SEFM’08 – Cape Town – p.11/37

  29. A BSTRACT I NTERPRETATION Design approximate semantics of programs [Cousot & Cousot ’77, ’79]. ⊤ ⊤ γ γ ( α ( c )) α ( c ) α c ⊥ ⊥ A C Galois Connection: � C , α, γ, A � , A and C are complete lattices. � uco ( C ) , ⊑� set of all possible abstract domains, A 1 ⊑ A 2 if A 1 is more concrete than A 2 SEFM’08 – Cape Town – p.12/37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UNVEILING THE SUPER ORBITAL UNVEILING THE SUPER ORBITAL UNVEILING THE SUPER-ORBITAL UNVEILING

UNVEILING THE SUPER ORBITAL UNVEILING THE SUPER ORBITAL UNVEILING THE SUPER-ORBITAL UNVEILING

4 th FAN workshop, Hong Kong UNVEILING THE SUPER ORBITAL UNVEILING THE SUPER ORBITAL UNVEILING THE SUPER-ORBITAL UNVEILING THE SUPER-ORBITAL MODULATION OF LS I +61 303 IN X-RAYS MODULATION OF LS I +61 303 IN X-RAYS Jian Li ( ) Special

486 views • 23 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Information hiding Information hiding Notice how a user of a service being provided by an

Information hiding Information hiding Notice how a user of a service being provided by an

Information hiding Information hiding Notice how a user of a service being provided by an object, need only know the name of the messages that the object will accept. They need not have any idea how the actions performed in response to

474 views • 34 slides
Perturbation Hiding and the Batch Steganography Problem Andrew Ker @

Perturbation Hiding and the Batch Steganography Problem Andrew Ker @

Perturbation Hiding and the Batch Steganography Problem Andrew Ker @

243 views • 21 slides
Features of OO Programming Topic 4 Encapsulation Inheritance abstraction information hiding

Features of OO Programming Topic 4 Encapsulation Inheritance abstraction information hiding

Features of OO Programming Topic 4 Encapsulation Inheritance abstraction information hiding breaking problem up based on data types "Question: What is the object oriented way of Inheritance getting rich? code reuse specialization

500 views • 8 slides
POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos

POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos

POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos Cristiano Giuffrida Vrije Universiteit Amsterdam Teaser Break ideal information hiding in seconds Few probes, typically no crashes

854 views • 33 slides
The Zen Shakuhachi Truth Research Project, Denmark Finding and unveiling the hidden, ignored,

The Zen Shakuhachi Truth Research Project, Denmark Finding and unveiling the hidden, ignored,

The Zen Shakuhachi Truth Research Project, Denmark Finding and unveiling the hidden, ignored, secret, fabricated or falsified texts and pictures ... What to do with them - How to present and share them? A presentation by Torsten Olafsson,

58 views • 3 slides
David Lorge Parnas When the first papers on information Hiding were published (1970-72) ,

David Lorge Parnas When the first papers on information Hiding were published (1970-72) ,

Middle Road Software, Inc. How Precise Documentation allows Information Hiding to Reduce Software Complexity and Increase its Agility" David Lorge Parnas When the first papers on information Hiding were published (1970-72) , reaction

845 views • 47 slides
DPA Solutions Unveiling Novel Opportunities IP CELL About Us DPA Solutions is an upcoming

DPA Solutions Unveiling Novel Opportunities IP CELL About Us DPA Solutions is an upcoming

Website: http://dp-analytics.com Email: info@dp-analytics.com DPA Solutions Unveiling Novel Opportunities IP CELL About Us DPA Solutions is an upcoming outsourcing and information technology company. The company primarily supports

580 views • 17 slides
NuSTAR catches the unveiling nucleus of NGC 1068 Stefano Bianchi A. A. Marinucci, G. Matt M.

NuSTAR catches the unveiling nucleus of NGC 1068 Stefano Bianchi A. A. Marinucci, G. Matt M.

NuSTAR catches the unveiling nucleus of NGC 1068 Stefano Bianchi A. A. Marinucci, G. Matt M. Balokovic, F. E. Bauer, N. Brandt, P. Gandhi, M. Guainazzi, F. Harrison, K. Iwasawa, F. Nicastro, S. Puccetti, C. Ricci, D. J. Walton, D. Stern The

390 views • 9 slides
Unveiling an Exceptional Project Montepuez Value Engineering Study October 2017 1 Corporate

Unveiling an Exceptional Project Montepuez Value Engineering Study October 2017 1 Corporate

Unveiling an Exceptional Project Montepuez Value Engineering Study October 2017 1 Corporate Overview Share Price David Flanagan Jeff Dawkins Executive Chairman Chief Financial Officer 0.14 10 Millions Daily Volume Traded On-Market 9

573 views • 32 slides
Forensic Data Hiding Optimized for JPEG 2000 Dieter Bardyn, Johann A. Briffa, Ann Dooms and Peter

Forensic Data Hiding Optimized for JPEG 2000 Dieter Bardyn, Johann A. Briffa, Ann Dooms and Peter

Forensic Data Hiding Optimized for JPEG 2000 Dieter Bardyn, Johann A. Briffa, Ann Dooms and Peter Schelkens May 18, 2011 Overview Image adaptive data hiding Overview Image adaptive data hiding Overview Image adaptive data hiding

778 views • 60 slides
Thick as thieves unveiling the most compact and obscured nuclei Susanne Aalto Department of

Thick as thieves unveiling the most compact and obscured nuclei Susanne Aalto Department of

Thick as thieves unveiling the most compact and obscured nuclei Susanne Aalto Department of Space, Earth and Environment (SEE), Chalmers University of Technology Sweden +many collaborators Outline Dusty nuclei Why do we care?

559 views • 26 slides
Unveiling an Exceptional Project BATTERY MINERALS LIMITED November 2017 Investor Presentation

Unveiling an Exceptional Project BATTERY MINERALS LIMITED November 2017 Investor Presentation

Unveiling an Exceptional Project BATTERY MINERALS LIMITED November 2017 Investor Presentation Montepuez Value Engineering Study 1 Corporate Overview Share Price David Flanagan Jeff Dawkins Executive Chairman Chief Financial Officer 0.14

624 views • 34 slides
Deep X-ray view of the bare nucleus Seyfert Ark120: unveiling the core of AGN Delphine Porquet

Deep X-ray view of the bare nucleus Seyfert Ark120: unveiling the core of AGN Delphine Porquet

Deep X-ray view of the bare nucleus Seyfert Ark120: unveiling the core of AGN Delphine Porquet CNRS, Observatoire Astronomique de Strasbourg, France J. Reeves, V. Braito, A. Lobban, E. Nardini, T. Dauser , J. Garcia, N. Grosso, G. Matt, A.

237 views • 12 slides
SAP University Alliance University Alliance Program Program Daniel Pantaleo Pantaleo,

SAP University Alliance University Alliance Program Program Daniel Pantaleo Pantaleo,

SAP University Alliance University Alliance Program Program Daniel Pantaleo Pantaleo, Director Higher Learning Initiatives , Director Higher Learning Initiatives Daniel Amelia Maurizio, Manager University Alliance Program Amelia Maurizio,

759 views • 48 slides
Derek Price Director, North America Expedia Media Solutions Previous experience: 20+ years in

Derek Price Director, North America Expedia Media Solutions Previous experience: 20+ years in

Derek Price Director, North America Expedia Media Solutions Previous experience: 20+ years in travel industry holding roles from market management to business development. Fun Fact: I graduated from culinary school Expedia Media Solutions

338 views • 10 slides
data science @ The New York Times and how a 164-year old content company became data-driven

data science @ The New York Times and how a 164-year old content company became data-driven

data science @ The New York Times and how a 164-year old content company became data-driven chris.wiggins@columbia.edu chris.wiggins@nytimes.com @chrishwiggins references: bit.ly/icerm data science @ The New York Times and how a 164-year old

1.45k views • 101 slides
You never get a second chance to make a first impression. In a 2016 sample of US Internet

You never get a second chance to make a first impression. In a 2016 sample of US Internet

You never get a second chance to make a first impression. In a 2016 sample of US Internet users, almost 60% reported that they "always" or "oFen" research a small business online before visiHng.

836 views • 46 slides
Game Development 1001 Everything you wanted to know about the game development business...and

Game Development 1001 Everything you wanted to know about the game development business...and

Game Development 1001 Everything you wanted to know about the game development business...and didnt know to ask. A few statistics 2004 sales of video game software: $7.3B (2x 1996), 248 million units 75% of US head of households play

507 views • 13 slides
Click to edit Master title Service - -oriented Government ( oriented Government (SoG SoG) )

Click to edit Master title Service - -oriented Government ( oriented Government (SoG SoG) )

www.oasis-open.org Open Standard and SOA support Open Standard and SOA support Click to edit Master title Service - -oriented Government ( oriented Government (SoG SoG) ) Service style Reform Reform Xiao LAN Xiao LAN General Secretary

509 views • 28 slides
Policy Perspectives for an Evolving Energy Efficiency Landscape Carmen Best, Director of Policy

Policy Perspectives for an Evolving Energy Efficiency Landscape Carmen Best, Director of Policy

Policy Perspectives for an Evolving Energy Efficiency Landscape Carmen Best, Director of Policy & Emerging Markets, Recurve Housekeeping Attendees are muted Webinar will be recorded and sent out after Questions? Enter them in

372 views • 36 slides
Agile Methods Using ROI & Real Options Dr. David F. Rico, PMP, CSM Website :

Agile Methods Using ROI & Real Options Dr. David F. Rico, PMP, CSM Website :

Business Value of Agile Methods Using ROI & Real Options Dr. David F. Rico, PMP, CSM Website : http://davidfrico.com Biography : http://www.linkedin.com/in/davidfrico Agenda Introduction to Agile Methods Types of Agile Methods

760 views • 56 slides

More recommend