Code obfuscation -- a Hacking view on program analysis and understanding
The course will introduce the theory and practice of code protection technologies with particular emphasis in the relation between program analysis and code obfuscation. The former is devoted to understand programs while the latter is devoted to make this understanding hard if not even impossible.
- Obfuscation: informal definition, the battleground in the large, code protection technologies, examples in malware & IP/key protection. The market: economic & sociological impact
- Theory of Compilers: Ordered structures, complete lattices, fix-points, Semantics, Interpreters, Specializers. Futamura projections. Examples in Scheme
- Theory of code obfuscation: PTM, one-way functions, point functions, VBB, possibility and impossibility results
- Abstract interpretation based program analysis. Soundness and completeness
- Constraining attackers in an abstract interpreter. Examples: tracing & collecting, data/control-flow, profiling, monitoring, intervals, octagons, Karr's linear constraints
- Obscuring code: hacking an abstract interpreter. Some theory & hands-on: Imp vs Interproc
- Obscuring code: twisting a concrete interpreter to hack an abstract interpreter: code flattening, anti program slicing & anti monitoring
- Hands-on: Scheme/C-Tigress
- Challenges & open problems
Exam will be made in a final contest where students will have to produce obscured code out of some plain code.
- Programming in C and principles of functional programming.
- Semantics & Compilers.
- Elements of computability, formal languages and automata.
Students will need to have a laptop/computer to install tools and perform practical exercises.
- Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Authors: Christian Collberg and Jasvir Nagra. Editorial: Addison-Wesley Professional, 2010
- Papers to be handed out during the seminar
- 08 May, 15.00 - 17.00
- 09 May, 15.00 - 17.00
- 16 May, 15.00 - 17.00
- 17 May, 15.00 - 17.00
- 22 May, 15.00 - 17.00
- 23 May, 15.00 - 17.00
- 29 May, 15.00 - 17.00
- 30 May, 15.00 - 17.00
- 05 June, 15.00 - 17.00
- 06 June, 15.00 - 17.00
- 12 June, 15.00 - 17.00
- 13 June, 15.00 - 17.00