Toward Digital Asset Protection

Collberg, Christian; Davidson, Jack W.; Giacobazzi, Roberto; Gu, Yuan; Herzberg, Amir; Wang, Fei‐Yue

doi:10.1109/mis.2011.106

Cited by 35 publications

(18 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that standard encryption is only partially applicable for protecting S in this scenario: The transformed code has to be executable while being protected. Protection is therefore implemented as obfuscation [8]. Essentially, an obfuscation is a compiler that transforms an input program p into a semantically equivalent one O(p) but harder to analyse and reverse engineer.…”

Section: The Scenariomentioning

confidence: 99%

“…In case (3), failurepath(s # , K, p, φ) (line 7) returns an abstract path that is a counterexample for φ, in the other cases the function failurepath(s # , K, p, φ) returns null and the algorithm enters a cycle (to be executed at most twice, see lines [8][9][10][11][12] that transforms the Kripke structure and the program to move from cases (1-2) back to case (3), in a way that we will explain later. Once a failure path π # is found whose failure state is s # , we consider the partition of concrete states in s # in the three classes bad, dead and irrelevant.…”

Section: Best Code Obfuscation Strategymentioning

confidence: 99%

See 1 more Smart Citation

Code obfuscation against abstraction refinement attacks

2018

Self Cite

View full text Add to dashboard Cite

Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of model deformation inducing an effective code obfuscation against attacks performed by abstract model checking. This means complicating the model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack. We transform the program model in order to make the removal of spurious counterexamples by abstraction refinement maximally inefficient. Because our approach is intended to defeat the fundamental abstraction refinement strategy, we are independent from the specific attack carried out by abstract model checking. A measure of the quality of the obfuscation obtained by model deformation is given together with a corresponding best obfuscation strategy for abstract model checking based on partition refinement.

show abstract

Section: The Scenariomentioning

confidence: 99%

Section: Best Code Obfuscation Strategymentioning

confidence: 99%

Code obfuscation against abstraction refinement attacks

2018

Self Cite

View full text Add to dashboard Cite

show abstract

“…Time diversity was firstly presented by Christian Collberg, and he believed that the time or space diversity is the necessary condition to ensure software suffer lasting protection [1], [20]. The so-called time diversity refers that the program after ... Fig.…”

Section: Dynamic Guarding Net: An Approach Against Cumulative Attackmentioning

confidence: 99%

AppIS: Protect Android Apps Against Runtime Repackaging Attacks

Song

Tang

et al. 2017

2017 IEEE 23rd International Conference on Parallel and Distributed Systems (ICPADS)

View full text Add to dashboard Cite

Apps repackaged through reverse engineering pose a significant security threat to the Android smart phone ecosystem. Previous solutions have mostly focused on the detection and identification of repackaged apps. Nevertheless, current app anti-repackaging services can only protect applications at a coarse level and have significant performance overhead. These approaches can neither meet the performance requirements of Android nor achieve fine-grained protection against cumulative attack 1 at the same time. Specifically, these solutions rely on a fix-structure detecting engine and then will execute the same path at different times, which lead to the whole protection performs poorly when faced with dynamic cumulative attack, which is typical in real-world attack. This paper introduces the AppIS, a reinforced antirepackaging immune system, that is robust to app-repackaging attack scenarios. Unlike past work, which mostly focuses on simple protection only from just one respect, our design exploits an interlocking guarding net with time diversity for the tamperproofing of Android applications. The intuition underlying our design is that a dynamic and static combining method can provide a multi-level protection for the codes, core algorithm and sensitive data. We analyze and classify the existing threats on Android platform and furthermore abstract then model the repackaging attack scenarios. We then adapt a random controller used by the dispatcher to randomly construct guarding net with different structure every time. We have built a prototype of our design using Java Native Interface cross-layer calling mechanism for performance requirement. Results from a deployment of AppIS on three kinds of popular apps demonstrate that the new design can prevent our apps from cumulative attack without extra performance cost.

show abstract

“…From a concealed point of view, the variables is randomly generated, so it is difficult for an attacker to restore the original state based on the scope of the program. The prospect of important application of Obfuscation algorithm has become a hotly issues of code protection, till now the production of Collberg and his colleague, who come from the University of Auckland in New Zealand [8], has gain the greatest impact, but we still need to spend much of time on the measure and implement of the obfuscation algorithm. The core of such code obfuscation tech is to design different kind of algorithms in order to achieve the best performance.…”

Section: B Experimentationmentioning

confidence: 99%

Technique of source code obfuscation based on data flow and control flow tansformations

Wang

et al. 2012

2012 7th International Conference on Computer Science &Amp; Education (ICCSE)

View full text Add to dashboard Cite

This paper mainly present a solution to cross platform problem about the obfuscation in C/C++ source code, and describe the principle and performance of source code obfuscation algorithm, such as layout obfuscation, data flow obfuscation and control structure flow obfuscation. And it analysis's the obfuscation algorithm's performance of the strength, flexibility, and cost by experimentation. Finally, it discusses the prospect of the research and application of the source code obfuscation technology.

show abstract

Toward Digital Asset Protection

Cited by 35 publications

References 1 publication

Code obfuscation against abstraction refinement attacks

Code obfuscation against abstraction refinement attacks

AppIS: Protect Android Apps Against Runtime Repackaging Attacks

Technique of source code obfuscation based on data flow and control flow tansformations

Contact Info

Product

Resources

About