测量软件混淆抗自动攻击弹性的框架

2015 IEEE/ACM 1st International Workshop on Software Protection Pub Date : 2015-05-16 DOI:10.1109/SPRO.2015.16

Sebastian Banescu, Martín Ochoa, A. Pretschner

{"title":"测量软件混淆抗自动攻击弹性的框架","authors":"Sebastian Banescu, Martín Ochoa, A. Pretschner","doi":"10.1109/SPRO.2015.16","DOIUrl":null,"url":null,"abstract":"Software obfuscation of programs, with the goal of protecting against attackers having physical access to the machine executing them, is a common practice motivated by the necessity of keeping intellectual property (such as business critical algorithms) and critical data (such as cryptographic keys) secret. However, as of today, it is unclear how secure popular obfuscation operators are relative to each other or to other protection techniques. In this paper we propose a formal framework to characterize attacker models and guarantees, inspired by similar notions from cryptography. We then map prior work in the area of deobfuscation to our formal model to the possible extent. We also perform a case-study about using symbolic execution for deobfuscation, concretely mapped onto our formal model.","PeriodicalId":338591,"journal":{"name":"2015 IEEE/ACM 1st International Workshop on Software Protection","volume":"135 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-05-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"A Framework for Measuring Software Obfuscation Resilience against Automated Attacks\",\"authors\":\"Sebastian Banescu, Martín Ochoa, A. Pretschner\",\"doi\":\"10.1109/SPRO.2015.16\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software obfuscation of programs, with the goal of protecting against attackers having physical access to the machine executing them, is a common practice motivated by the necessity of keeping intellectual property (such as business critical algorithms) and critical data (such as cryptographic keys) secret. However, as of today, it is unclear how secure popular obfuscation operators are relative to each other or to other protection techniques. In this paper we propose a formal framework to characterize attacker models and guarantees, inspired by similar notions from cryptography. We then map prior work in the area of deobfuscation to our formal model to the possible extent. We also perform a case-study about using symbolic execution for deobfuscation, concretely mapped onto our formal model.\",\"PeriodicalId\":338591,\"journal\":{\"name\":\"2015 IEEE/ACM 1st International Workshop on Software Protection\",\"volume\":\"135 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-05-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 IEEE/ACM 1st International Workshop on Software Protection\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SPRO.2015.16\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE/ACM 1st International Workshop on Software Protection","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SPRO.2015.16","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

摘要

软件混淆程序的目的是防止攻击者对执行程序的机器进行物理访问，这是一种常见的做法，其动机是需要保持知识产权(如业务关键算法)和关键数据(如加密密钥)的机密性。然而，到目前为止，还不清楚流行的混淆操作相对于彼此或其他保护技术的安全性如何。在本文中，我们提出了一个形式化框架来描述攻击者模型和保证，灵感来自密码学的类似概念。然后，我们将消除混淆领域的先前工作映射到我们的正式模型中，以达到可能的程度。我们还执行了一个关于使用符号执行去混淆的案例研究，具体映射到我们的形式模型上。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A Framework for Measuring Software Obfuscation Resilience against Automated Attacks

Software obfuscation of programs, with the goal of protecting against attackers having physical access to the machine executing them, is a common practice motivated by the necessity of keeping intellectual property (such as business critical algorithms) and critical data (such as cryptographic keys) secret. However, as of today, it is unclear how secure popular obfuscation operators are relative to each other or to other protection techniques. In this paper we propose a formal framework to characterize attacker models and guarantees, inspired by similar notions from cryptography. We then map prior work in the area of deobfuscation to our formal model to the possible extent. We also perform a case-study about using symbolic execution for deobfuscation, concretely mapped onto our formal model.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 IEEE/ACM 1st International Workshop on Software Protection

自引率

0.00%

发文量

期刊最新文献

Automatic Discovery of Software Attacks via Backward Reasoning Infections as Abstract Symbolic Finite Automata: Formal Model and Applications Using Virtual Machine Protections to Enhance Whitebox Cryptography Matryoshka: Strengthening Software Protection via Nested Virtual Machines Assessment of Data Obfuscation with Residue Number Coding