2,316 research outputs found
Recommended from our members
On the (Im)possibility of Obfuscating Programs
Informally, an obfuscator O is an (efficient, probabilistic) ācompilerā that takes as input a program (or circuit) P and produces a new program O(P) that has the same functionality as P yet is āunintelligibleā in some sense. Obfuscators, if they exist, would have a wide variety of cryptographic and complexity-theoretic applications, ranging from software protection to homomorphic encryption to complexity-theoretic analogues of Rice's theorem. Most of these applications are based on an interpretation of the āunintelligibilityā condition in obfuscation as meaning that O(P) is a āvirtual black box,ā in the sense that anything one can efficiently compute given O(P), one could also efficiently compute given oracle access to P.
In this work, we initiate a theoretical investigation of obfuscation. Our main result is that, even under very weak formalizations of the above intuition, obfuscation is impossible. We prove this by constructing a family of efficient programs P that are unobfuscatable in the sense that (a) given any efficient program P' that computes the same function as a program P ā p, the āsource codeā P can be efficiently reconstructed, yet (b) given oracle access to a (randomly selected) program P ā p, no efficient algorithm can reconstruct P (or even distinguish a certain bit in the code from random) except with negligible probability.
We extend our impossibility result in a number of ways, including even obfuscators that (a) are not necessarily computable in polynomial time, (b) only approximately preserve the functionality, and (c) only need to work for very restricted models of computation (TC0). We also rule out several potential applications of obfuscators, by constructing āunobfuscatableā signature schemes, encryption schemes, and pseudorandom function families.Engineering and Applied Science
Sphinx: A Secure Architecture Based on Binary Code Diversification and Execution Obfuscation
Sphinx, a hardware-software co-design architecture for binary code and
runtime obfuscation. The Sphinx architecture uses binary code diversification
and self-reconfigurable processing elements to maintain application
functionality while obfuscating the binary code and architecture states to
attackers. This approach dramatically reduces an attacker's ability to exploit
information gained from one deployment to attack another deployment. Our
results show that the Sphinx is able to decouple the program's execution time,
power and memory and I/O activities from its functionality. It is also
practical in the sense that the system (both software and hardware) overheads
are minimal.Comment: Boston Area Architecture 2018 Workshop (BARC18
Sphinx: a secure architecture based on binary code diversification and execution obfuscation
Sphinx, a hardware-software co-design architecture for binary code and runtime obfuscation. The Sphinx architecture uses binary code diversification and self-reconfigurable processing elements to maintain application functionality while obfuscating the binary code and architecture states to attackers. This approach dramatically reduces an attackerās ability to exploit information gained from one deployment to attack another deployment. Our results show that the Sphinx is able to decouple the programās execution time, power and memory and I/O activities from its functionality. It is also practical in the sense that the system (both software and hardware) overheads are minimal.Published versio
Achieving Obfuscation Through Self-Modifying Code: A Theoretical Model
With the extreme amount of data and software available on networks, the protection of online information is one of the most important tasks of this technological age. There is no such thing as safe computing, and it is inevitable that security breaches will occur. Thus, security professionals and practices focus on two areas: security, preventing a breach from occurring, and resiliency, minimizing the damages once a breach has occurred. One of the most important practices for adding resiliency to source code is through obfuscation, a method of re-writing the code to a form that is virtually unreadable. This makes the code incredibly hard to decipher by attackers, protecting intellectual property and reducing the amount of information gained by the malicious actor. Achieving obfuscation through the use of self-modifying code, code that mutates during runtime, is a complicated but impressive undertaking that creates an incredibly robust obfuscating system. While there is a great amount of research that is still ongoing, the preliminary results of this subject suggest that the application of self-modifying code to obfuscation may yield self-maintaining software capable of healing itself following an attack
Runtime protection via dataļ¬ow flattening
Software running on an open architecture, such as the PC, is vulnerable to inspection and modiļ¬cation. Since software may process valuable or sensitive information, many defenses against data analysis and modiļ¬cation have been proposed. This paper complements existing work and focuses on hiding data location throughout program execution. To achieve this, we combine three techniques: (i) periodic reordering of the heap, (ii) migrating local variables from the stack to the heap and (iii) pointer scrambling. By essentialy flattening the dataflow graph of the program, the techniques serve to complicate static dataflow analysis and dynamic data tracking. Our methodology can be viewed as a data-oriented analogue of control-flow flattening techniques. Dataflow flattening is useful in practical scenarios like DRM, information-flow protection, and exploit resistance. Our prototype implementation compiles C programs into a binary for which every access to the heap is redirected through a memory management unit. Stack-based variables may be migrated to the heap, while pointer accesses and arithmetic may be scrambled and redirected. We evaluate our approach experimentally on the SPEC CPU2006 benchmark suit
- ā¦