Presentation is loading. Please wait.

Presentation is loading. Please wait.

Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that.

Published byEmery Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that."— Presentation transcript:

1 Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that are isomorphic to the original source code. Such codes are easy to decompile, and hence they increase the risk of malicious reverse engineering attacks… Code obfuscation is a potent defence against reverse engineering. ” Reviewer: Hongying lai

2 Outline of the Paper  What is obfuscation ?  Transformation quality  Technique of obfuscation  Conclusion Obfuscation is a process that renders software unintelligible but still functional. - lexical transformation : modify the lexical structure of the program. - data transformation : modify inheritance relations,... - control transformation: alter control structures using opaque predicates. In this presentation I will focus on data transformations. - potency, resilience, stealth and cost.

3 How to Obfuscate Data  Class – modify inheritance.  Procedural abstraction(Java methods) - convert a section of code into a different virtual machine; - inline some methods, and outline other methods; - clone methods.  Variable – split built-in data types.  Arrays – restructure - split an array into several sub-arrays; - merge two or more arrays into one array; - fold an array( increasing the number of dimensions); - flatten and array(decreasing the number of dimensions). In this presentation I shall concentrate on modifying inheritance.

4 modify inheritance  Review of stage-1 CS: what is a Java class - an encapsulation data( V ) and control( M ). - an aggregation( C2 instance of type C1). - an inheritance ( class C2 extends class C1 ). V2 M2 V1 M1 Root C1 C2 V2 M2

5 modify inheritance (factoring classes)  the complexity of a class grows with - its depth in the inheritance hierarchy. - the number of its direct descendants. VMVM Root C V1 M1 Root C1 C2 V2 M2 Root V1 M1 V2 M2 C1C2 Further from the root More children

6 modify inheritance (false refactoring classes) Root V1 M1 V2 M2 C1C2 Root V1 M1 V2 M2 C1C2 V3 M3 C3 Insert a new bogus class

7 public class Cexample{ String message; public Cexample(String message){ this.message = message ; printMessage(); } public void printMessage(){ System.out.println(message); } example public abstract class C1example{ String message; public C1example(String message){ this.message = message ; printMessage(); } public abstract String getMessage(String message); public void printMessage(){ message = getMessage(message); System.out.println(message); } } public class C2example extends C1example{ String message; public C2example(String message){ this.message = message;} public String getMessage(String message){ return message;} } VMVM Root C V1 M1 Root C1 C2 V2 M2 Further from the root

8 Conclusion Code obfuscation does not provide an application with absolute protection against a malicious reverse engineering attack. Obfuscation is a cheap way of making reverse engineering so technically difficult that it becomes economically infeasible. Finding new obfuscation techniques is a sophisticated and challenging problem.

9 Questions Do you think that the more complicated the obfuscating transformation is, the better ?

Download ppt "Breaking Abstractions and Unstructuring Data Structures Christian Collberg Clark Thomborson Douglas Low “Mobile programs are distributed in forms that."

Similar presentations

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler

1 The Project of this year Mariano Ceccato FBK - Fondazione Bruno Kessler
General OO Concepts Objectives For Today: Discuss the benefits of OO Programming Inheritance and Aggregation Abstract Classes Encapsulation Introduce Visual.

General OO Concepts Objectives For Today: Discuss the benefits of OO Programming Inheritance and Aggregation Abstract Classes Encapsulation Introduce Visual.
COP 3502: Computer Science I (Note Set #21) Page 1 © Mark Llewellyn COP 3502: Computer Science I Spring 2004 – Note Set 21 – Balancing Binary Trees School.

COP 3502: Computer Science I (Note Set #21) Page 1 © Mark Llewellyn COP 3502: Computer Science I Spring 2004 – Note Set 21 – Balancing Binary Trees School.
JavaScript Obfuscation Facts and Fiction Pedro Fortuna, Co-Founder and CTO AuditMark.

JavaScript Obfuscation Facts and Fiction Pedro Fortuna, Co-Founder and CTO AuditMark.
Deducing Similarities in Java Source from Bytecodes (Appeared in the 1998 USENIX Technical Conference.) Brenda S. Baker Bell Laboratories, Lucent Technologies.

Deducing Similarities in Java Source from Bytecodes (Appeared in the 1998 USENIX Technical Conference.) Brenda S. Baker Bell Laboratories, Lucent Technologies.
Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.

Wmobf.1 1/5/00 Clark Thomborson Watermarking, Tamper-Proofing and Obfuscation – Tools for Software Protection Christian Collberg & Clark Thomborson Computer.
An Open-Source, Object-Oriented General Cartographic Transformation Program (GCTP) Michael S. Williams, Michael P. Finn*, and Robert A. Buehler** United.

An Open-Source, Object-Oriented General Cartographic Transformation Program (GCTP) Michael S. Williams, Michael P. Finn*, and Robert A. Buehler** United.
Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,

Java Code Obfuscation Neerja Bhatnagar. Reverse Engineering Figuring out source code corresponding to a given byte code Source code intellectual property,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Preventing Reverse Engineering by Obfuscating Bharath Kumar.

Preventing Reverse Engineering by Obfuscating Bharath Kumar.
Códigos y Criptografía Francisco Rodríguez Henríquez Software Security Through Code Obfuscation.

Códigos y Criptografía Francisco Rodríguez Henríquez Software Security Through Code Obfuscation.
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.
Comp 249 Programming Methodology Chapter 7 - Inheritance – Part A Dr. Aiman Hanna Department of Computer Science & Software Engineering Concordia University,

Comp 249 Programming Methodology Chapter 7 - Inheritance – Part A Dr. Aiman Hanna Department of Computer Science & Software Engineering Concordia University,
Binary Obfuscation Using Signals Igor V. Popov ( University of Arizona)‏ Saumya K. Debray (University of Arizona)‏ Gregory R. Andrews (University of Arizona)

Binary Obfuscation Using Signals Igor V. Popov ( University of Arizona)‏ Saumya K. Debray (University of Arizona)‏ Gregory R. Andrews (University of Arizona)
18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler
Software Obfuscation Anirban Majumdar University of Trento

Software Obfuscation Anirban Majumdar University of Trento
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
Inheritance. Extending Classes It’s possible to create a class by using another as a starting point  i.e. Start with the original class then add methods,

Inheritance. Extending Classes It’s possible to create a class by using another as a starting point  i.e. Start with the original class then add methods,
© S. Demeyer, S. Ducasse, O. Nierstrasz Duplication.1 7. Problem Detection Metrics  Software quality  Analyzing trends Duplicated Code  Detection techniques.

© S. Demeyer, S. Ducasse, O. Nierstrasz Duplication.1 7. Problem Detection Metrics  Software quality  Analyzing trends Duplicated Code  Detection techniques.
Experiments in Software Watermarking Bradford P. Cuppy B.S. University of Evansville Fri, Nov 8, 2002.

Experiments in Software Watermarking Bradford P. Cuppy B.S. University of Evansville Fri, Nov 8, 2002.

Similar presentations

Ads by Google