Abstract
In this paper we present recent achievements and open problems in software security by obscurity. We consider the problem of software protection as part of the Digital Asset Protection problem, and develop a formal security model that allows to better understand and compare known attacks and protection algorithms. The ultimate goal is to provide a comprehensive theory that allows a deeper understanding and systematical derivation of secured code against specific attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S.P., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)
Collberg, C., Davidson, J., Giacobazzi, R., Xiang Gu, Y., Herzberg, A., Wang, F.-Y.: Toward digital asset protection. IEEE Intelligent Systems 26(6), 8–13 (2011)
Collberg, C., Nagra, J.: Surreptitious Software. Addison Wesley (2010)
Collberg, C., Thomborson, C.D.: Software watermarking: models and dynamic embeddings. In: 26th ACM SIGPLAN-SIGACT POPL 1999, pp. 311–324. ACM (1999)
Collberg, C., Thomborson, C.D., Low, D.: Manufactoring cheap, resilient, and stealthy opaque constructs. In: 25st ACM SIGPLAN-SIGACT POPL 1998, pp. 184–196. ACM (1998)
Collberg, C., Thomborson, C.D., Townsend, G.M.: Dynamic graph-based software fingerprinting. ACM Trans. Program. Lang. Syst. 29(6), 35 (2007)
Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: 4th ACM SIGPLAN-SIGACT POPL 1977, pp. 238–252. ACM (1977)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: 6th ACM SIGPLAN-SIGACT POPL 1979, pp. 269–282. ACM (1979)
Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTREÉ Analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)
Dalla Preda, M., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: 34th ACM SIGPLAN-SIGACT POPL 2007, pp. 377–388. ACM (2007)
Dalla Preda, M., Giacobazzi, R.: Semantic-based code obfuscation by abstract interpretation. Journal of Computer Security 17(6), 855–908 (2009)
Digital Asset Protection Association (2012), http://www.d-a-p-a.org
Giacobazzi, R.: Hiding information in completeness holes - new perspectives in code obfuscation and watermarking. In: Proc. of The 6th IEEE SEFM 2008, pp. 7–20. IEEE (2008)
Giacobazzi, R., Jones, N.D., Mastroeni, I.: Obfuscation by partial evaluation of distorted interpreters. In: ACM PEPM 2012. ACM (to appear, 2012)
Giacobazzi, R., Ranzato, F., Scozzari, F.: Making abstract interpretation complete. Journal of the ACM 47(2), 361–416 (2000)
Hoare, C.A.R.: Private communication (September 2007)
Kerckhoffs, A.: La cryptographie militaire. J. des Sciences Militaires IX(5-38), 161–191 (1883)
Lakhotia, A., Mohammed, M.: Imposing order on program statements to assist Anti-Virus scanners. In: WCRE, pp. 161–170 (2004)
Pavlovic, D.: Gaming security by obscurity. CoRR, abs/1109.5542 (2011)
Petitcolas, F.A.P., Anderson, R.J., Kuhn, M.G.: Information hiding – A survey. Proc. of the IEEE 87(7), 1062–1078 (1999)
Tamada, H., Nakamura, M., Monden, A., Matsumoto, K.: Detecting the theft of programs using birthmarks. Information Science Technical Report NAIST-IS-TR2003014, Graduate School of Information Science, Nara Institute of Science and Technology (November 2003) ISSN 0919-9527
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Giacobazzi, R. (2012). Software Security by Obscurity. In: Dua, S., Gangopadhyay, A., Thulasiraman, P., Straccia, U., Shepherd, M., Stein, B. (eds) Information Systems, Technology and Management. ICISTM 2012. Communications in Computer and Information Science, vol 285. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29166-1_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-29166-1_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29165-4
Online ISBN: 978-3-642-29166-1
eBook Packages: Computer ScienceComputer Science (R0)