Towards a theory of special-purpose program obfuscation

Most recent theoretical literature on program obfuscation is based on notions like virtual black box (VBB) obfuscation and indistinguishability obfuscation (iO). These notions are very strong and are hard to satisfy. Further, they offer far more protection than is typically required in practical applications. On the other hand, the security notions introduced by software security researchers are suitable for practical designs but are not formal or precise enough to enable researchers to provide a quantitative security assurance. Hence, in this paper, we introduce a new formalism for practical program obfuscation that still allows rigorous security proofs. We believe our formalism will make it easier to analyse the security of obfuscation schemes. To show the flexibility and power of our formalism, we give a number of examples. Moreover, we explain the close relationship between our formalism and the task of providing obfuscation challenges

When Are Opaque Predicates Useful?

Opaque predicates are a commonly used technique in program obfuscation, intended to add complexity to control flow and to insert dummy code or watermarks. However, there are many attacks known to detect opaque predicates and remove dummy code. We survey these attacks and argue that many types of programs cannot be securely obfuscated using opaque predicates. In particular we explain that most previous works on control flow obfuscation have introduced predicates that are easily distinguished from naturally occurring predicates in code, and hence easily removed by an attacker. We state two conditions that are necessary for a program to be suitable for control flow obfuscation. We give an integrated approach to control flow obfuscation that simultaneously obfuscates real predicates and introduces opaque predicates. The opaque predicates are indistinguishable from the obfuscated real predicates in the program. If an attacker applies the usual approaches (both static and dynamic) to identify and remove opaque predicates then they are likely to remove critical functionality and introduce errors. We have implemented our obfuscator in LLVM. We provide an analysis of the performance of the resulting obfuscated code

Obfuscating Decision Trees

We construct a new encoder for hiding parameters in an interval membership function. As an interesting application, we design a simple and efficient virtual black-box obfuscator for evasive decision tree classifiers. The security of our construction relies upon random oracle paradigm. Our exclusive goal behind designing the obfuscator is that, not only will the solution increase the class of functions that has cryptographically secure obfuscators, but also address the open problem of non-interactive prediction in privacy-preserving classification using computationally inexpensive cryptographic hash functions

Result pattern hiding boolean searchable encryption: Achieving negligible false positive rates in low storage overhead

Boolean Searchable Symmetric Encryption (SSE) enables secure outsourcing of databases to an untrusted server in encrypted form and allows the client to execute secure Boolean queries involving multiple keywords. The leakage of keyword pair result pattern (KPRP) in a Boolean search poses a significant threat, which reveals the intersection of documents containing any two keywords involved in a search and can be exploited by attackers to recover plaintext information about searched keywords (USENIX Security’16). However, existing KPRP-hiding schemes either rely on Bloom filters (S&P’14, CCS’18), leading to high false positive search results (where non-matching documents could be erroneously identified as matches) that hinder the extension to multi-client settings (CCS’13), or require excessive server storage (PETS’23), making them impractical for large-scale sparse databases. In this paper, we introduce Hidden Boolean Search (HBS), the first KPRP-hiding Boolean SSE scheme with both negligible false positives (essential for satisfying the standard correctness definition of SSE) and low server storage requirements. HBS leverages a novel cryptographic tool called Result-hiding Filter (RH-filter). It distinguishes itself as the first tool that supports computationally correct membership queries with hiding results at nearly constant overhead. With the help of RH-filter, compared to the most efficient KPRP-hiding scheme (CCS’18) in terms of overall storage and search efficiency, HBS surpasses it across all performance metrics, mitigates false positives, and achieves significantly stronger query expressiveness. We further extend HBS to the dynamic setting, resulting in a scheme named DHBS, which maintains KPRP-hiding while ensuring forward and backward privacy—two critical security guarantees in the dynamic setting

Impact of Safety-Related Dose Reductions or Discontinuations on Sustained Virologic Response in HCV-Infected Patients: Results from the GUARD-C Cohort.

BACKGROUND: Despite the introduction of direct-acting antiviral agents for chronic hepatitis C virus (HCV) infection, peginterferon alfa/ribavirin remains relevant in many resource-constrained settings. The non-randomized GUARD-C cohort investigated baseline predictors of safety-related dose reductions or discontinuations (sr-RD) and their impact on sustained virologic response (SVR) in patients receiving peginterferon alfa/ribavirin in routine practice. METHODS: A total of 3181 HCV-mono-infected treatment-naive patients were assigned to 24 or 48 weeks of peginterferon alfa/ribavirin by their physician. Patients were categorized by time-to-first sr-RD (Week 4/12). Detailed analyses of the impact of sr-RD on SVR24 (HCV RNA <50 IU/mL) were conducted in 951 Caucasian, noncirrhotic genotype (G)1 patients assigned to peginterferon alfa-2a/ribavirin for 48 weeks. The probability of SVR24 was identified by a baseline scoring system (range: 0-9 points) on which scores of 5 to 9 and <5 represent high and low probability of SVR24, respectively. RESULTS: SVR24 rates were 46.1% (754/1634), 77.1% (279/362), 68.0% (514/756), and 51.3% (203/396), respectively, in G1, 2, 3, and 4 patients. Overall, 16.9% and 21.8% patients experienced ≥1 sr-RD for peginterferon alfa and ribavirin, respectively. Among Caucasian noncirrhotic G1 patients: female sex, lower body mass index, pre-existing cardiovascular/pulmonary disease, and low hematological indices were prognostic factors of sr-RD; SVR24 was lower in patients with ≥1 vs. no sr-RD by Week 4 (37.9% vs. 54.4%; P = 0.0046) and Week 12 (41.7% vs. 55.3%; P = 0.0016); sr-RD by Week 4/12 significantly reduced SVR24 in patients with scores <5 but not ≥5. CONCLUSIONS: In conclusion, sr-RD to peginterferon alfa-2a/ribavirin significantly impacts on SVR24 rates in treatment-naive G1 noncirrhotic Caucasian patients. Baseline characteristics can help select patients with a high probability of SVR24 and a low probability of sr-RD with peginterferon alfa-2a/ribavirin.This study was sponsored by F. Hoffmann-La Roche Ltd, Basel, Switzerland. Support for third-party writing assistance for this manuscript, furnished by Blair Jarvis MSc, ELS, of Health Interactions, was provided by F. Hoffmann-La Roche Ltd, Basel, Switzerland

Comparative analysis of microsatellite variability in five macaw species (Psittaciformes, Psittacidae): Application for conservation

Cross-amplification was tested and variability in microsatellite primers (designed for Neotropical parrots) compared, in five macaw species, viz., three endangered blue macaws (Cyanopsitta spixii [extinct in the wild], Anodorhynchus leari [endangered] and Anodorhynchus hyacinthinus [vulnerable]), and two unthreatened red macaws (Ara chloropterus and Ara macao). Among the primers tested, 84.6% successfully amplified products in C. spixii, 83.3% in A. leari, 76.4% in A. hyacinthinus, 78.6% in A. chloropterus and 71.4% in A. macao. The mean expected heterozygosity estimated for each species, and based on loci analyzed in all the five, ranged from 0.33 (A. hyacinthinus) to 0.85 (A. macao). As expected, the results revealed lower levels of genetic variability in threatened macaw species than in unthreatened. The low combined probability of genetic identity and the moderate to high potential for paternity exclusion, indicate the utility of the microsatellite loci set selected for each macaw species in kinship and population studies, thus constituting an aid in planning in-situ and ex-situ conservation

Final Results from the First European Real-World Experience on Lusutrombopag Treatment in Cirrhotic Patients with Severe Thrombocytopenia: Insights from the REAl-World Lusutrombopag Treatment in ITalY Study

Background and aims: Management of severe thrombocytopenia poses significant challenges in patients with chronic liver disease. Here, we aimed to evaluate the first real-world European post-marketing cohort of cirrhotic patients treated with lusutrombopag, a thrombopoietin receptor agonist, verifying the efficacy and safety of the drug. Methods: In the REAl-world Lusutrombopag treatment in ITalY (REALITY) study, we collected data from consecutive cirrhotic patients treated with lusutrombopag in 19 Italian hepatology centers, mostly joined to the “Club Epatologi Ospedalieri” (CLEO). Primary and secondary efficacy endpoints were the ability of lusutrombopag to avoid platelet transfusions and to raise the platelet count to ≥50,000/μL, respectively. Treatment-associated adverse events were also collected. Results: A total of 66 patients and 73 cycles of treatment were included in the study, since 5 patients received multiple doses of lusutrombopag over time for different invasive procedures. Fourteen patients (19%) had a history of portal vein thrombosis (PVT). Lusutrombopag determined a significant increase in platelet count [from 37,000 (33,000–44,000/μL) to 58,000 (49,000–82,000), p < 0.001]. The primary endpoint was met in 84% of patients and the secondary endpoint in 74% of patients. Baseline platelet count was the only independent factor associated with response in multivariate logistic regression analysis (OR for any 1000 uL of 1.13, CI95% 1.04–1.26, p 0.01), with a good discrimination power (AUROC: 0.78). Notably, a baseline platelet count ≤ 29,000/μL was identified as the threshold for identifying patients unlikely to respond to the drug (sensitivity of 91%). Finally, de novo PVT was observed in four patients (5%), none of whom had undergone repeated treatment, and no other safety or hemorrhagic events were recorded in the entire population analyzed. Conclusions: In this first European real-world series, lusutrombopag demonstrated efficacy and safety consistent with the results of registrational studies. According to our results, patients with baseline platelet counts ≤29,000/μL are unlikely to respond to the drug