{"title":"A compiler-based infrastructure for software-protection","authors":"C. Liem, Y. Gu, H. Johnson","doi":"10.1145/1375696.1375702","DOIUrl":null,"url":null,"abstract":"Not long after the introduction of stored-program computing machines, the first high-level language compilers appeared. The need for automatically and efficiently mapping abstract concepts from high-level languages onto low-level assembly languages has been recognized ever since. A compiler has a unique ability to gather and analyze large amounts of data in a manner that would be an unwieldy manual endeavor. It is this property that makes known compiler techniques and technology ideally suited for the purposes of software protection against reverse engineering and tampering attacks. In this paper, we present a code transformation infrastructure combined with build-time security techniques that are used to integrate protection into otherwise vulnerable machine programs. We show the applicability of known compiler techniques such as aliasanalysis, whole program analysis, data-flow analysis, and control-flow analysis and how these capabilities provide the basis for program transformations that provide comprehensive software protection. These methods are incorporated in an extensible framework allowing efficient development of new code transformations, as part of a larger suite of security tools for the creation of robust applications. We describe a number of successful applications of these tools.","PeriodicalId":119000,"journal":{"name":"ACM Workshop on Programming Languages and Analysis for Security","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"28","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1375696.1375702","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 28
Abstract
Not long after the introduction of stored-program computing machines, the first high-level language compilers appeared. The need for automatically and efficiently mapping abstract concepts from high-level languages onto low-level assembly languages has been recognized ever since. A compiler has a unique ability to gather and analyze large amounts of data in a manner that would be an unwieldy manual endeavor. It is this property that makes known compiler techniques and technology ideally suited for the purposes of software protection against reverse engineering and tampering attacks. In this paper, we present a code transformation infrastructure combined with build-time security techniques that are used to integrate protection into otherwise vulnerable machine programs. We show the applicability of known compiler techniques such as aliasanalysis, whole program analysis, data-flow analysis, and control-flow analysis and how these capabilities provide the basis for program transformations that provide comprehensive software protection. These methods are incorporated in an extensible framework allowing efficient development of new code transformations, as part of a larger suite of security tools for the creation of robust applications. We describe a number of successful applications of these tools.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
