Achieving Obfuscation Through Self-Modifying Code: A Theoretical Model

With the extreme amount of data and software available on networks, the protection of online information is one of the most important tasks of this technological age. There is no such thing as safe computing, and it is inevitable that security breaches will occur. Thus, security professionals and practices focus on two areas: security, preventing a breach from occurring, and resiliency, minimizing the damages once a breach has occurred. One of the most important practices for adding resiliency to source code is through obfuscation, a method of re-writing the code to a form that is virtually unreadable. This makes the code incredibly hard to decipher by attackers, protecting intellectual property and reducing the amount of information gained by the malicious actor. Achieving obfuscation through the use of self-modifying code, code that mutates during runtime, is a complicated but impressive undertaking that creates an incredibly robust obfuscating system. While there is a great amount of research that is still ongoing, the preliminary results of this subject suggest that the application of self-modifying code to obfuscation may yield self-maintaining software capable of healing itself following an attack

Um ambiente para o processamento de Linguagens Adaptativas de Programação

Dispositivos adaptativos apresentam a característica de se modificarem dinamicamente em resposta a estímulos de entrada, sem interferência de agentes externos. Eventuais necessidades de modificação de comportamento são automaticamente detectadas por estes dispositivos para, em seguida, reagirem a elas de forma espontânea. Historicamente tais dispositivos emergiram das pesquisas na área de linguagens formais e autômatos. No entanto, o formalismo suscitou aplicações em diversas outras áreas. Programas com código auto-modificável, que perderam terreno em conseqüência do advento da Engenharia de Software nos anos 70, voltaram á vida recentemente em aplicações diversas. Uma das formas de programação de código auto-modificável é a utilização de linguagens de programação especificamente projetadas para isso. Linguagens adaptativas de programação são dispositivos adaptativos que empregam uma linguagem de programação convencional como mecanismo subjacente. Com o correr de sua execução, um programa escrito em uma linguagem adaptativa exibirá um comportamento auto-modificável em decorrência da ativação de suas ações adaptativas. O artigo apresenta aspectos do projeto e implementação de um ambiente para gerenciar a execução de uma linguagem adaptativa. Com o emprego de linguagem adaptiva, um novo estilo de programação é concebido, uma vez que o seu comportamento está diretamente associado ao conjunto de regras que o define, o qual se altera á medida que o código é executado.Adaptive devices show the characteristic of dynamically change themselves in response to input stimuli with no interference of external agents. Occasional changes in behavior are immediately detected by the devices, which right away react spontaneously to them. Chronologically such devices derived from researches in the field of formal languages and automata. However, formalism spurred applications in several other fields. Programs with self-modifying code have been avoided since the advent of Software Engineering (1970 s) but are nowadays being used in several applications. One way to generate self-modifying programs is by using specially-designed programming languages. Adaptive programming languages are adaptive devices that use an usual programming language as underlying mechanism. A group of adaptive functions, defined through extension of the language, causes the self-modification of the device, resulting in a language with adaptive style. The paper shows design and implementation aspects of an environment to manager the adaptive language execution. With the use of adaptive language, a new programming style is conceived, once its behavior is directly associated to the set of rules that defines it, which change as the code is executed.Red de Universidades con Carreras en Informática (RedUNCI

Um ambiente para o processamento de Linguagens Adaptativas de Programação

Dispositivos adaptativos apresentam a característica de se modificarem dinamicamente em resposta a estímulos de entrada, sem interferência de agentes externos. Eventuais necessidades de modificação de comportamento são automaticamente detectadas por estes dispositivos para, em seguida, reagirem a elas de forma espontânea. Historicamente tais dispositivos emergiram das pesquisas na área de linguagens formais e autômatos. No entanto, o formalismo suscitou aplicações em diversas outras áreas. Programas com código auto-modificável, que perderam terreno em conseqüência do advento da Engenharia de Software nos anos 70, voltaram á vida recentemente em aplicações diversas. Uma das formas de programação de código auto-modificável é a utilização de linguagens de programação especificamente projetadas para isso. Linguagens adaptativas de programação são dispositivos adaptativos que empregam uma linguagem de programação convencional como mecanismo subjacente. Com o correr de sua execução, um programa escrito em uma linguagem adaptativa exibirá um comportamento auto-modificável em decorrência da ativação de suas ações adaptativas. O artigo apresenta aspectos do projeto e implementação de um ambiente para gerenciar a execução de uma linguagem adaptativa. Com o emprego de linguagem adaptiva, um novo estilo de programação é concebido, uma vez que o seu comportamento está diretamente associado ao conjunto de regras que o define, o qual se altera á medida que o código é executado.Adaptive devices show the characteristic of dynamically change themselves in response to input stimuli with no interference of external agents. Occasional changes in behavior are immediately detected by the devices, which right away react spontaneously to them. Chronologically such devices derived from researches in the field of formal languages and automata. However, formalism spurred applications in several other fields. Programs with self-modifying code have been avoided since the advent of Software Engineering (1970 s) but are nowadays being used in several applications. One way to generate self-modifying programs is by using specially-designed programming languages. Adaptive programming languages are adaptive devices that use an usual programming language as underlying mechanism. A group of adaptive functions, defined through extension of the language, causes the self-modification of the device, resulting in a language with adaptive style. The paper shows design and implementation aspects of an environment to manager the adaptive language execution. With the use of adaptive language, a new programming style is conceived, once its behavior is directly associated to the set of rules that defines it, which change as the code is executed.Red de Universidades con Carreras en Informática (RedUNCI

Harnessing Self-modifying Code for Resilient Software

Abstract. In this paper we argue that self-modifying code can become a better strategy for realizing long-lived autonomous software systems than static code, regardless how well it was validated and tested. We base our discussion on three facets – self-repairing software, adaptive software and networked systems – for which we point out ongoing and related work before presenting a roadmap towards a controlled framework for self-modifying code

Towards certifiable reconfigurable real-time mission critical software systems

This thesis makes a contribution towards the certification of reconfigurable real-time mission critical software systems. In highly reconfigurable software systems it is possible for a situation to arise where the system expends most or all of its resources on reconfiguring, and thus cannot provide sufficient resources to conduct intended computing functions. This anomaly has been termed "configuration thrashing" by the author due to its loose analogy to memory thrashing. If configuration thrashing is not eliminated, or at least minimised, then it is possible for circumstance to occur where reconfigurable systems cannot be certified due to potential failure to meet deadlines caused by configuration thrashing. The elimination of reconfiguration thrashing is a step towards certifiable dynamic reconfigurable systems capable of enforcing deadlines. The elimination of reconfiguration thrashing is necessary, though not sufficient, for this goal. In order to restrict configuration thrashing it is necessary to understand the possibilities available within reconfigurable software. A VDM-SL model is presented to explore the options available for reconfigurable architectures, and has allowed many operators to be formally specified providing a much greater understanding of the tasks involved in reconfiguration. The thesis demonstrates how model checkers can be used to check software processes for configuration thrashing using predefined CSP models, thus allowing system programmers to engineer configuration thrashing out of systems. However, model checkers are susceptible to state space explosion, particularly if models are large and / or complex, which may make the use of the model checkers impractical or even impossible for some systems. The thesis therefore also explores potential run-time solutions to configuration thrashing. These solutions allow developers to include additional logic / processes within their systems in order to eliminate configuration thrashing (without the use of model checkers). Several options are explored in-depth, from providing mechanisms for developers to choose when reconfiguration can / cannot occur, to a rule based solution. The exploration of the rule based solution explores issues such as rule expression, rule predictability, as well as potential core rules. The two approaches taken within this thesis to eliminate, or at least restrict sufficiently, configuration thrashing form a basis which would allow for the certification of reconfigurable real-time mission critical software systems.EThOS - Electronic Theses Online ServiceBAE SystemsGBUnited Kingdo