Finding
Obfuscation strength can be characterized by the family of incomplete abstractions for a given program, which inhibits program slicing and automated disassembly.
Paper
Maximal incompleteness as obfuscation potency
Citations: 5
Full text
Semantic ScholarAbstract
Obfuscation is the art of making code hard to reverse engineer and understand. In this paper, we propose a formal model for specifying and understanding the strength of obfuscating transformations with respect to a given attack model. The idea is to consider the attacker as an abstract interpreter willing to extract information about the program’s semantics. In this scenario, we show that obfuscating code is making the analysis imprecise, namely making the corresponding abstract domain incomplete. It is known that completeness is a property of the abstract domain and the program to analyse. We introduce a framework for transforming abstract domains, i.e., analyses, towards incompleteness. The family of incomplete abstractions for a given program provides a characterisation of the potency of obfuscation employed in that program, i.e., its strength against the attack specified by those abstractions. We show this characterisation for known obfuscating transformations used to inhibit program slicing and automated disassembly.
Authors
R. Giacobazzi, Isabella Mastroeni, M. Preda
Journal
Formal Aspects of Computing