Surreptitious Software · Obfuscation, Watermarking, and Tamperproofing for Software Protection by Nagra, Jasvir -- Read -- Imperial Library of Trantor

Log In

Or create an account ->

Imperial Library

Home
About
News
Upload
Forum

Help

Login/SignUp

Index

Preface About the Authors Acknowledgments 1. What Is Surreptitious Software ? 1.1 Setting the Scene 1.2 Attack and Defense 1.3 Program Analysis 1.3.1 A Simple Reverse Engineering Example 1.4 Code Obfuscation 1.4.1 Applications of Code Obfuscation 1.4.2 Obfuscating Transformations 1.4.3 Black Hat Code Obfuscation 1.5 Tamperproofing 1.5.1 Applications of Tamperproofing 1.5.2 An Example 1.6 Software Watermarking 1.6.1 An Example 1.6.2 Attacks on Watermarking Systems 1.7 Software Similarity 1.7.1 Plagiarism 1.7.2 Software Forensics 1.7.3 Birthmarking 1.7.4 A Birthmarking Example 1.8 Hardware-Based Protection Techniques 1.8.1 Distribution with Physical Token 1.8.2 Tying the Program to the CPU 1.8.3 Ensuring Safe Execution Environment 1.8.4 Encrypted Execution 1.8.5 Physical Barriers 1.9 Discussion 1.9.1 Reasons to Use Software Protection... 1.9.2 . . . and Reasons Not To 1.9.3 So Which Algorithms Should I Use? 1.10 Notation 2. Methods of Attack and Defense 2.1 Attack Strategies 2.1.1 A Prototypical Cracking Target 2.1.2 What’s the Adversary’s Motivation? 2.1.3 What Does the Adversary Get to Crack? 2.1.4 What’s the Adversary’s Attack Methodology? 2.1.5 What Tools Does the Adversary Use? 2.1.6 What Techniques Does the Adversary Use? 2.1.7 Discussion 2.2 Defense Strategies 2.2.1 Notation 2.2.2 The cover Primitive 2.2.3 The duplicate Primitive 2.2.4 The split and merge Primitives 2.2.5 The reorder Primitive 2.2.6 The map Primitive 2.2.7 The indirect Primitive 2.2.8 The mimic Primitive 2.2.9 The advertise Primitive 2.2.10 The detect-respond Primitive 2.2.11 The dynamic Primitive 2.2.12 Discussion 2.3 Discussion 2.3.1 What Do We Need from Attack and Defense Models? 2.3.2 How Do We Use the Models to Devise Algorithms? 3. Program Analysis 3.1 Static Analysis 3.1.1 Control Flow Analysis 3.1.2 Data Flow Analysis 3.1.3 Data Dependence Analysis 3.1.4 Alias Analysis 3.1.5 Slicing 3.1.6 Abstract Interpretation 3.2 Dynamic Analysis 3.2.1 Debugging 3.2.2 Profiling 3.2.3 Tracing 3.2.4 Emulation 3.3 Reconstituting Source 3.3.1 Disassembly 3.3.2 Decompilation 3.4 Pragmatic Analysis 3.4.1 Style Metrics 3.4.2 Software Complexity Metrics 3.4.3 Software Visualization 3.5 Discussion 4. Code Obfuscation 4.1 Semantics-Preserving Obfuscating Transformations 4.1.1 Algorithm OBF CF: Diversifying Transformations 4.1.2 Algorithm OBF TP: Identifier Renaming 4.1.3 Obfuscation Executives 4.2 Definitions 4.2.1 Potent Obfuscating Transformations 4.2.2 Efficient Obfuscating Transformations 4.2.3 Stealth 4.2.4 Other Definitions 4.3 Complicating Control Flow 4.3.1 Opaque Expressions 4.3.2 Algorithm OBF WHKD: Control-Flow Flattening 4.3.3 Introducing Aliasing 4.3.4 Algorithm OBF CTJ bogus : Inserting Bogus Control Flow 4.3.5 Algorithm OBF LDK: Jumps Through Branch Functions 4.3.6 Attacks 4.4 Opaque Predicates 4.4.1 Algorithm OBF CTJ pointer : Opaque Predicates from Pointer Aliasing 4.4.2 OBF WHKD opaque : Opaque Values from Array Aliasing 4.4.3 Algorithm OBF CTJ thread : Opaque Predicates from Concurrency 4.4.4 Breaking Opaque Predicates 4.5 Data Encodings 4.5.1 Encoding Integers 4.5.2 Encoding Booleans 4.5.3 Encoding Literal Data 4.5.4 Encoding Arrays 4.6 Breaking Abstractions 4.6.1 Algorithm OBF WC sig : Merging Function Signatures 4.6.2 Algorithm OBF CTJ class : Splitting and Merging Classes 4.6.3 Algorithm OBF DMRVSL: Destroying High-Level Structures 4.6.4 Algorithm OBF AJV: Modifying Instruction Encodings 4.7 Discussion 5. Obfuscation Theory 5.1 Definitions 5.2 Provably Secure Obfuscation: Possible or Impossible? 5.2.1 Turing’s Halting Problem 5.2.2 Algorithm RE AA: De-obfuscating Programs 5.3 Provably Secure Obfuscation: It’s Possible (Sometimes)! 5.3.1 Algorithm OBF LBS: Obfuscating with Point Functions 5.3.2 Algorithm OBF NS: Obfuscating Databases 5.3.3 Algorithm OBF PP: Homomorphic Encryption 5.3.4 Algorithm OBF CEJO: Whitebox DES 5.4 Provably Secure Obfuscation: It’s Impossible (Sometimes)! 5.4.1 A General Obfuscator 5.4.2 Obfuscating Learnable Functions 5.4.3 Proving that Obfuscation Is Impossible 5.4.4 Discussion 5.5 Provably Secure Obfuscation: Can It Be Saved? 5.5.1 Overcoming Impossibility 5.5.2 Definitions Revisited: Make Obfuscation Interactive 5.5.3 Definition Revisited: Make Obfuscation Non-Semantics Preserving 5.6 Discussion 6. Dynamic Obfuscation 6.1 Definitions 6.2 Moving Code Around 6.2.1 Algorithm OBF KMNM: Replacing Instructions 6.2.2 OBF AG swap : Self-Modifying State Machine 6.2.3 OBF MAMDSB: Dynamic Code Merging 6.3 Encryption 6.3.1 OBF CKSP: Code as Key Material 6.3.2 OBF AG crypt : Combining Self-Modification and Encryption 6.4 Discussion 7. Software Tamperproofing 7.1 Definitions 7.1.1 Checking for Tampering 7.1.2 Responding to Tampering 7.1.3 System Design 7.2 Introspection 7.2.1 Algorithm TP CA: Checker Network 7.2.2 Generating Hash Functions 7.2.3 Algorithm TP HMST: Hiding Hash Values 7.2.4 The Skype Obfuscated Protocol 7.2.5 Algorithm RE WOS: Attacking Self-Hashing Algorithms 7.2.6 Discussion 7.3 Algorithm RE TCJ: Response Mechanisms 7.4 State Inspection 7.4.1 Algorithm TP CVCPSJ: Oblivious Hash Functions 7.4.2 Algorithm TP JJV: Overlapping Instructions 7.5 Remote Tamperproofing 7.5.1 Distributed Check and Respond 7.5.2 Solution Strategies 7.5.3 Algorithm TP ZG : Slicing Functions 7.5.4 Algorithm TP SLSPDK: Measuring Remote Hardware 7.5.5 TP CNS: Continuous Replacement 7.6 Discussion 8. Software Watermarking 8.1 History and Applications 8.1.1 Applications 8.1.2 Embedding a Mark in Audio 8.1.3 Embedding a Mark in an Image 8.1.4 Embedding a Mark in Natural-Language Text 8.2 Watermarking Software 8.3 Definitions 8.3.1 Watermark Credibility 8.3.2 Attacks 8.3.3 Watermarking vs. Fingerprinting 8.4 Watermarking by Permutation 8.4.1 Algorithm WM DM: Reordering Basic Blocks 8.4.2 Renumbering 8.4.3 Algorithm WM QP: Improving Credibility 8.5 Tamperproofing Watermarks 8.5.1 Algorithm WM MC: Embedding Media Watermarks 8.6 Improving Resilience 8.6.1 Algorithm WM SHKQ: Statistical Watermarking 8.7 Improving Stealth 8.7.1 Algorithm WM MIMIT: Mapping Instructions 8.7.2 Algorithm WM VVS : Watermarks in CFGs 8.7.3 Algorithm WM CC: Abstract Interpretation 8.8 Steganographic Embeddings 8.8.1 Algorithm WM ASB: The Compiler as Embedder 8.9 Splitting Watermark Integers 8.9.1 Splitting a Large Mark into Small Pieces 8.9.2 Redundant Watermark Pieces 8.9.3 Sparse Codes for Increased Credibility 8.10 Graph Codecs 8.10.1 Oriented Parent-Pointer Tree 8.10.2 Radix Graphs 8.10.3 Permutation Graphs 8.10.4 Planted Plane Cubic Trees 8.10.5 Reducible Permutation Graphs 8.11 Discussion 8.11.1 Embedding Techniques 8.11.2 Attack Models 9. Dynamic Watermarking 9.1 Algorithm WM CT: Exploiting Aliasing 9.1.1 A Simple Example 9.1.2 Recognition Problems 9.1.3 Increasing Bitrate 9.1.4 Increasing Resilience to Attack 9.1.5 Increasing Stealth 9.1.6 Discussion 9.2 Algorithm WM NT: Exploiting Parallelism 9.2.1 Embedding Watermarking Widgets 9.2.2 Embedding Example 9.2.3 Recognition 9.2.4 Avoiding Pattern-Matching Attacks 9.2.5 Tamperproofing Widgets 9.2.6 Discussion 9.3 Algorithm WM CCDKHLS paths : Expanding Execution Paths 9.3.1 Encoding and Embedding 9.3.2 Recognition 9.3.3 Discussion 9.4 Algorithm WM CCDKHLS bf : Tamperproofing Execution Paths 9.4.1 Embedding 9.4.2 Recognition 9.4.3 Tamperproofing the Branches 9.4.4 Discussion 9.5 Discussion 10. Software Similarity Analysis 10.1 Applications 10.1.1 Clone Detection 10.1.2 Software Forensics 10.1.3 Plagiarism Detection 10.1.4 Birthmark Detection 10.2 Definitions 10.2.1 Similarity Measures 10.3 k -gram-Based Analysis 10.3.1 SS SWA WINNOW : Selecting k -gram Hashes 10.3.2 SS SWA MOSS : Software Plagiarism Detection 10.3.3 SS MC kgram : k -gram Java Bytecode Birthmarks 10.4 API-Based Analysis 10.4.1 SS TNMM : Object-Oriented Birthmarks 10.4.2 SS TONMM: Dynamic Function Call Birthmarks 10.4.3 SS SDL: Dynamic k -gram API Birthmarks 10.5 Tree-Based Analysis 10.5.1 SS EFM: AST-Based Clone Detection 10.6 Graph-Based Analysis 10.6.1 SS KH: PDG-Based Clone Detection 10.6.2 SS LCHY: PDG-Based Plagiarism Detection 10.6.3 SS MC wpp : Dynamic Whole Program Birthmarks 10.7 Metrics-Based Analysis 10.7.1 SS KK: Metrics-Based Clone Detection 10.7.2 SS LM: Metrics-Based Authorship Analysis 10.8 Discussion 11. Hardware for Protecting Software 11.1 Anti-Piracy by Physical Distribution 11.1.1 Distribution Disk Protection 11.1.2 Dongles and Tokens 11.2 Authenticated Boot Using a Trusted Platform Module 11.2.1 Trusted Boot 11.2.2 Taking Measurements 11.2.3 The TPM 11.2.4 The Challenge 11.2.5 Social Trust and Privacy Issues 11.2.6 Applications and Controversies 11.3 Encrypted Execution 11.3.1 The XOM Architecture 11.3.2 Preventing Replay Attacks 11.3.3 Fixing a Leaky Address Bus 11.3.4 Fixing a Leaky Data Bus 11.3.5 Discussion 11.4 Attacks on Tamperproof Devices 11.4.1 Tapping the Bus—The Microsoft XBOX Hack 11.4.2 Injecting Ciphertext—Dallas Semiconductor DS5002FP 11.4.3 Hacking Smartcards 11.4.4 Non-Invasive Attacks 11.4.5 Board-Level Protection 11.5 Discussion Bibliography Index

← Prev
Back
Next →

← Prev
Back
Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion