Contents P 尾化 スみ 0 曜 / ス 4 0 パ ス〃 0 ルなみな XXV XXVZZ 1 what ls 4 ″印た 0 町 0 盟 4 P 1 1.1 1.2 13 1.4 1. う 1.6 1.7 1.8 Setting the Scene Attack and Defense 6 Program Analysis 7 1 1.8. う PhysicaI Barriers 54 1.8.4 Encrypted Execution う 2 1.83 Ensuring Safe Execution Environment 1.8.2 Tying the Program to the CPU 50 1.8.1 Distribution with Physical Token 49 Hardware-Based Protection Techniques 49 1.7.4 A Birthmarking Example 47 1.73 Birthmarking 4 う 1.7.2 Software Forensics 44 1.7.1 PIagiarism の Software Similarity 4 ろ 1.6.2 Attacks on Watermarking Systems 41 1.6.1 An Example ろ 8 Software Watermark1ng ろ 6 1 ユ 2 An Example 1. う .1 Applications of Tamperproofing うう Tamperproofing ろ 2 1.43 BIack Hat Code Obfuscation 26 1.4.2 Obfuscating Transformations 20 1.4.1 Applications of C0de Obfuscation 16 Code Obfuscation リ 13.1 A Simple Reverse Engineering Example 9 う 1 VII

VIII 1.9 Discussion う 5 1.9.1 Reasons to Use Software Protection . . and Reasons Not To 56 1.9.2 . 1.93 So Which Algorithms Should I Use? Contents う 7 55 1.10 Notation 58 2 Methods of Attack and Defense 59 2.1 2.2 23 Attack Strategies 60 2.1.6 What Techniques Does the Adversary Use? 72 2.1.5 What T001S Does the Adversary Use? 72 2.1.4 What's the Adversary's Attack Methodology? 68 2.13 What Does the Adversary Get to Crack? 6 う 2.1.2 What's the Adversary's Motivation? 6 う 2.1.1 A PrototypicaI Cracking Target 61 Defense Strategies 86 2.1.7 Discuss10n 部 2.2.1 2.2.2 2.23 2.2.4 2.2. う 2.2.6 2.2.7 2.2.8 2.2.9 2.2.10 2.2.11 Notation 87 The び 0 怩 Primiuve 90 The ノゆ / Primitive 男 The を an d merge Primitives The 尾 Primitive 100 Th e 叩 Primitive 101 The z ・〃・尾 Primitive 104 / ″ z ・′〃な Primitive 106 The 4 ノ ve ″な Primitive 108 96 The 尾 0 〃ノ Primitive The ノア〃 4 な Primitive 112 2.2.12 Discussion 1 リ 110 23.2 How Do We Use the Models to Devise Algorithms? 11 う 114 23.1 What Do We Need from Attack and Defense Models? Discuss10n 114 Program Analysis 117 う .1 2 Static Analysis 118 1.1 Control FIow Analysis タ 1.2 Data Flow Analysis 127 う .13 Data Dependence Analysis う .1.4 AIias AnaIysis リ 4 う .1. う Slicing 141 タ 1.6 Abstract lnterpretation 14 う Dynamic Analysis 14 う 3.2.1 Debugging 146 う .2.2 Profiling 161 119 リ 2

Contents う .4 IX う 2. う Tracing 16 う う .2.4 Emulation 168 Reconstituting Source 170 う 3.1 Disassembly 172 ろ . う 2 Decompilation 180 Pragmatic An alysis 190 う .4.1 StyIe Metrics 191 う .4.2 Software Complexity Metrics ろ .43 Software Visualization 195 Discuss10n 198 1 男 4 Code Obfuscation 201 4.1 4.2 43 4.4 4. う 4.6 Semantics-Preserving Obfuscating Transformat10ns 202 4.1.1 Algorithm OBFCF: Diversifying Transformations 2() ろ 4.1.2 AIgorithm OBFT ア : ldentifier Renammg 209 4.1. う Obfuscation Executives 212 Definitions 217 4.2.1 potent Obfuscating Transformations 219 4.2.2 Efficient Obfuscating Transformations 222 4.23 Stealth 222 4.2.4 Other Definitions 224 Complicating Control Flow 22 う 43.1 Opaque Expressions 22 う 4. う .2 AIgorithm OBFWHKD. ・ Control-Flow Flattening 226 4. う 3 lntroducing AIiasing 229 43. う AIgorithm OBFLDK: Jumps Through Branch Functions 2 ろ 9 43.4 Algorithm OBFCI 方。 : lnserting Bogus control Flow 2 め 43.6 Attacks 242 Opaque Predicates 246 4.4.1 Algorithm OBFCT 方。 , 厩 paque Predicates from Pointer Aliasing 247 4.4.2 OBF Ⅳ日 KD 叩。ィ… . ・ Opaque Values from Array Aliasing 4.4. ろ AIgorithm OBFC 坊ノ : Opaque Predicates from Concurrency 2 う 1 4.4.4 Breaking Opaque Predicates 2 男 Data Encodings 2 う 8 4 ユ 1 Encoding lntegers 261 4. う .2 Encoding Booleans 266 4 ユろ Encoding Literal Data 269 4.5.4 Encoding Arrays 272 Breaking Abstractions 277 2 う 0 4.6.1 Algorithm OBFWCsig. Merging Function Signatures 277 4.6.2 AIgorithm OBFCTJ 。ん、、 : Splitting and Merging Classes 279

4.6. う AIgorithm OBFDMRVSL: Destroying High-Level Structures 281 4.6.4 Algorithm 0 砿月 1 Ⅵ Modifying lnstruction Encodings 4.7 Discussron 298 5 Obfuscation Theory 501 Contents 2 男 う .1 う .2 う .4 う .6 Definition s う 04 ProvabIy Secure Obfuscation: Possible or lmpossible? う .2.1 Turing's Halting Problem う 08 う .2.2 AIgorithm REAA: De-obfuscating Programs 引 1 ろ 07 う 3.1 Algorithm OBF. もおま Obfuscating with Point Functions 引 4 Provably Secure Obfuscation: lt's Possible (Sometimes) ! う 3.2 Algorithm 0 砿 N ま Obfuscating Databases ろ 22 う 33 AIgorithm 0 PP. ・ Homomorphic Encryption う 24 う 3.4 AIgorithm 0 攤 C 厚ひ Whitebox DES う 29 Provably Secure Obfuscation: lt's lmpossible (Sometimes) ! う .4.1 A GeneraI Obfuscator 6 う .4.2 Obfuscating Learnable Functions う 40 5.43 Proving that Obfuscation ls lmpossible 41 う .4.4 Discussion 弭う ProvabIy Secure Obfuscation: Can lt Be Saved? う . う .1 Overcoming lmpossibility ろ 46 う . う .2 Definitions Revisited: Make Obfuscation lnteractive うユろ Definition Revisited: Make Obfuscation Non-Semantics Preserving う 49 Discuss10n う 54 う 44 46 6 Dynamic Obfuscation 7 6.1 6.2 63 6.4 Definitions 60 Moving Code Around 62 6.2.1 AIgorithm OBFKMNM. ・ Replacing lnstructions ろ 62 6.2.2 0 砿ス G 叩 : SeIf-Modifying State Machine ろ 66 6.23 0 お FM MD 、ゞお . ・ Dynamic Code Merging ろ 76 Encryption 部 6. う .1 0 砿 CK 、ゞ P. ・ Code as Key Material め 63.2 OBF. ス G 町Ⅳ . ・ Combining Self-Modification and Encryption Discuss10n う 98 う 92 7 Software Tamperproofing 401 7.1 Definitions 40 う 7.1.1 Checking for Tampering 406

Contents 7.6 7. う 7.4 7. う 7.2 7.1.2 Responding to Tampering 410 7.13 System Design 4 IO lntrospectlon 412 7.2.1 AIgorithm TI ℃ス : Checker Network 414 7.2.2 Generating Hash Functions 418 7.23 Algorithm 7 ア日 M 、ゞ 7 : ・ Hiding Hash Values 42 う 7.2.4 The Skype Obfuscated Protocol 4 引 7.2. う Algorithm REWOS: Attacking Self-Hashing Algorithms 7.2.6 Discussion 9 Algorithm TPTCJ: Response Mechanisms 440 State lnspection 444 7.4.1 AIgorithm 料℃ VCP 斗・ Oblivious Hash Functions 447 7.4.2 AIgorithm TPJJV: Overlapping lnstructions 450 Remote Tamperproofing 4 男 7.5.1 Distributed Check and Respond わ 4 7 ユ 2 Solution Strategies 454 7. う 3 AIgorithm 7 ア ZG. ・ Slicing Functions 4 うう 7 ユ 4 AIgorithm T. バムゞ PDK. ・ Measuring Remote Hardware l)iscusslon 464 7 ユう TPCN 、ゞ: Continuous RepIacement 462 4 ろう 4 う 9 8 Software Watermarking 467 8.1 8.2 83 8.4 8. う 8.6 8.7 History and Applications 468 8.1.1 Applications 468 8.12 Embedding a Mark in Audio 472 8.13 Embedding a Mark in an lmage 474 8.1.4 Embedding a Mark in Natural-Language Text Watermarking Software 478 Definitions 480 83.1 Watermark Credibility 482 8. う .2 Attacks 484 83. う Watermarking vs. Fingerprinting 4 め Watermarking by Permutation 486 475 8.4.1 AIgorithm WMDM. ・ Reordering Basic Blocks 488 8.4.2 Renumbering 490 8.43 Algorithm WMQP. ・ lmproving Credibility 491 Tamperproofing Watermarks 494 lmproving Stealth う () う 8.6.1 Algorithm WM 、 SHKQ: Statistical Watermarking 498 lmproving Resilience 498 8.5.1 Algorithm WMMC ・ Embedding Media Watermarks 495

XII 8.8 8.9 Contents 8.7.1 AIgorithm VMMIMIT ・ : ・ M 叩 ping lnstructions う 05 8.7.2 AIgorithm Ⅳ MV Ⅵゞ . ・ Watermarks in CFGs 506 8.7. う Algorithm WMCC: Abstract lnterpretation う 16 Steganogr 叩 hic Embeddings う 22 8.8.1 AIgorithm VMASB.• The CompiIer as Embedder う 2 ろ Splitting Watermark lntegers う 26 8.9.1 SpIitting a Large Mark into Small Pieces う 27 8.9.2 Redundant Watermark Pieces う 28 8.9. う Sparse Codes for lncreased CredibiIity う引 8. IO Graph Codecs 男う 8.10.1 Oriented Parent-Pointer Tree うろ 4 8.10.2 Radix Graphs うう 4 8.103 Permutation Graphs うろう 8.10.4 Planted Plane Cubic Trees うう 6 8.10. ) Reducible Permutation Graphs 男 6 8.11 Discussron 男 7 8.11.1 Embedding Techniques 男 9 9 Dynamic Watermarking 541 8.11.2 Attack Models 男 9 9.1 9.2 93 9.4 Algorithm WMCT: Exploiting Alia sing 9.1.1 A Simple ExampIe う 47 9.1.2 Recognition ProbIems う 49 9.13 lncreasing Bitrate うう 1 9.1.4 lncreasing Resilience to Attack 9.1.5 lncreasing Stealth う 61 9.1.6 Discussion う 64 う 46 う 57 Algorithm WMNT ・ Exploiting ParaIIeIism う 65 9.2.1 Embedding Watermarking Widgets う 69 9.2.2 Embedding ExampIe う 74 9.23 Recognition う 77 9.2.4 Avoiding Pattern-Matching Attacks う 79 9.2. う Tamperproofing Widgets う 80 9.2.6 Discussion う 81 Algorithm Ⅳ MCCDK 日たゞん . ・ Expanding Execution paths う部 93.1 Encoding and Embedding う 84 93.2 Recognition う 90 93 3 Discussion う 91 Algorithm Ⅳ MCCDK 〃ムゞり . ・ Tamperproofing Execution paths う 92 9.4.1 Embedding 5 男 9.4.2 Recognition う 9 う

Contents 9.43 Tamperproofing the Branches 9.4.4 Discussion う 97 9. う Discussion う 98 10 Software Similarity Analysis 601 IO. 1 Applications 602 10.1.1 Clone Detection 60 ろ 10.1.2 Software Forensics 60 ) 10.13 Plagiarism Detection 608 10.1.4 Birthmark Detection 610 10.2 Definitions 611 10.2.1 SimiIarity Measures 612 103 k-gram-Based Analysis 616 XIII う 96 103.1 、ゞⅣス旧 NN ( ) Ⅳ : Selecting k-gram Hashes 616 103.2 & Ⅳス M ( 州 : Software PIagiarism Detection 619 10. う 3 MC 。 k-gram Java Bytecode Birthmarks 62 う 10.4 API-Based AnaIysis 625 10.4.1 、 ssTNMM. ・ Object-Oriented Birthmarks 626 10.4.2 、躄 TONMM. ・ Dynamic Function Call Birthmarks 629 10.43 、ゞ DL ・ Dynamc k-gram API Birthmarks 30 10. う Tree-Based AnaIysis 6 引 10. う .1 ssEFM: AST-Based CIone Detection 6 引 IO. 6 Graph-Based Analysis 6 め 10.6.1 K 日 : PDG-Based CIone Detection 6 う 6 IO. 6.2 、躄 LC 日 PDG-Based Plagiarism Detection 640 10.6. う、 MC 。が Dynamic " hole Program Birthmarks 1 10.7 Metrics-Based Analysis 644 10.7.1 、躄 KK. ・ Metrics-Based Clone Detection 5 10.7.2 ssLM: Metrics-Based Authorship Analysis 646 10.8 Discussion 652 11 Hardware for Protecting Software 655 11.1 Anti-Piracy by Physical Distribution 6 う 7 11.1.1 Distribution Disk Protection 6 う 8 11.1.2 Dongles and Tokens 6 臼 11.2 Authenticated Boot Using a Trusted Platform M0dule 11.2.1 Trusted Boot 671 11.2.2 Taking Measurements 67 ろ 11.23 The TPM 676 11.2.4 The ChaIIenge 677 670

XIV 11.2. う Social Trust and Privacy lssues 679 11.2.6 Applications and Controversies 681 113 Encrypted Execution 68 う 113.1 The XOM Architecture 6 め 113.2 Preventing Replay Attacks 688 1133 Fixing a Leaky Address Bus 690 113.4 Fixing a Leaky Data Bus 694 113.5 Discussion 694 11.4 Attacks on Tamperproof Devices 695 11.4.1 Tapping the Bus The Microsoft XBOX Hack 696 11.4.2 lnjecting Ciphertext—Dallas Semiconductor DS5002FP 11.43 Hacking Smartcards 701 11.4.4 Non-Invasive Attacks 70 う 11.4. う Board-Level Protection 708 11. う Discussion 711 Bibliography 7 リ lndex 乃 7 Conten ts 697

Abstract interpretation, 14 う一 145 , 516 ー 521 Abstract operations, defined, 145 Abstract syntax tree (AST) analysis based on, 6 引ー 6 う 5 defined, 181 Abstractions algorithms for breaking, 277 ー 297 defined, 14 ro に of, 277 transformation Of, 21 Access, program oracIe,336 types 0f0 ろ 7 Access controI,317 ー 520 Additive attacks, 4172 , 484 Address bus, securing of, 690 ー 694 Advertise primitive, 96 , 107 , 108-109 Alias analysis, 117 algorithms for, リ 8 ー 141 described, 134 ーリ 5 issues ⅲ , いにリ 8 protecting against, 560 ー 561 settings for, リうーい 6 AIiases, 229 ー 2 ろ 1 adding, 2 ろ 0 array, 2 う 0 ー 251 and watermarking, う 46 ーう 65 Analysis stage, 7 Anti-tamper research (AT), xix API-based analysis, 625 26 algorithms for, 626- 引 Aposematic coloration , 1 ( ) 8 Apple Computer, xviii /\rchitecture-neutral formats, Arrays aliasing, 2 う ( 2 う 1 folding of, 276 67 lndex merging of, 275 permutation of, 272 ー 27 う restructuring of, 274 ー 276 splitting of, 274 Artificial diversity, 20 Arxan, XViiI Assertion checks, 44 う Asset, defined,305—306, 引 1 Attack automation of, 71 ー 72 on black box, 70 cracking, 68 ー 69 , 70 , 7 う一 81 differential, 81 ー 82 motivation of, 61 ー 65 methodologies of, 68 ー 72 phases of, 68 preparatory phase of, 66 ー 68 techniques of, 72 ー 8 う tools of, 72 on watermark, 484785 Attack model, 6 , 114 ー 115 building algorithms from, 115 ー 116 importance of, 60 ー 61 issues addressed by, 60 for watermarking, 559 ー 540 Attack semantics, 64 Attack strategies, 41 ー 42 analyzing, 60 イ 1 Attacker limits, defined, 引 1 Attestation identity key (AIK), 679 ー 680 Audio, watermarking of, 472774 Audio CDs, protection schemes for, 6 ) 8 ー 659 Authenticated boot, 67 ( レ 675 distinguished from secure ト 00t , 673 Authorship, of software, 605 06 algorithms to determine, 607 , 6 ー 52 Authorship mark, 470 inadvertent , 472 Availability, 6 う 乃 7

7 8 Basic blocks , 11 defined , 119 marking of, う 15 Bidirectional debugging , 1 うう Binaries encryption of, う 59 stripped, 6 う , 66 , 172 ー 174 Birthmarking, xvi, 5 , う 0 , 602 algorithms for, 610 credibility of, 612 described, 47 , 472 , 610 ーる 11 dynamic vs. static, 612 dynamic function call, 629 ー 6 う 0 example of, 4779 functions in, 612 indications for use of, 4576 Java bytecode, 625 25 k-gram API, 0—6 引 object-oriented , 626 ーる 29 whole program, 1 ー 644 Black hat code obfuscation, 26 ー 27 types of, 27 2 Blackbox, 6 virtual, 8 , 0 BIock add ress table (BAT) , 6 男 94 Block splitting , 255 Blu- ray discs , protection schemes Camouflage, 106 Call graph, 12 う一 126 Bus enc ryption , 697 BuiId-and-execute strategy,357—358 Brute-force attacks, 484 Broadcast monitoring , 471 software, 15g152 hardware, 149 , 150 Break points, 146 attacks against, 245 ー 246 Branch functions, 2 9 , 592 Boomerang , 71 splitting of, 268 ー 269 encoding of, 266 ー 268 Booleans Board-level protection, 708 ー 711 for, 4 Cheapskate problem, う 47 48 CDs , p rotection schemes for, 658 ーる 59 660 ー 661 CD-ROMs, protection schemes for, lndex CHECK function, 4 鮖 , 411 accuracy and precrsron 0f, 409 distributed, 4 う 4 Checker network, 414718 Checkpointing , 1 う 4 , 157 Checksumming , 412 Chenxification, 226 , 228 , 2 う 4 Classes , splitting and merging of, 279 ー 281 Classification ma rks , 472 Cleft sentence transformation, 477 Cloakware , xvlii Clone detection , 602 algorithm for, 6 国 AST-b ased , 6 引め metrics-based , 5 46 PDG-based , 6 % ーる 59 phases of, 6 の Clone detectors, 418 , 6 の Cloning, 49 0 Code checking , 4 鮖 Code obfuscation, xv, 5 of abstractions, 277 ー 297 aliases , 229 ー 2 引 . background for, 201 ー 202 black hat, 2 う 2 branch functions, 2 う 9 t0 complicate control flow, 225 ー 246 described, 14 data encoding, 258 ー 276 disadvantages of, 46 dynamic. 、ゞ Dynamic obfuscation example of, 15 ー 16 history of, 202 non-semantics-preserving, う 49 ーめ 4 opaque predicates, 24 & ー 251 practicality 0f007 ー引う semantics-preserving, 202 ー 217 and tamperproofing , 401 transformations in, 20 ー 25 of, 16 ー 20 Collusive attacks, 42 , 158 Common subg raph , defined , 615 Computer security, aspects of, 1 Confidentiality, 6 う Confusion, 1 の Containment , 4 う defined, 614 15 graph, 61 う Co 〃 / 4 ゞ function, 612 Content Scrambling System (CSS), 1 ーる Continuous replacement, 462764

lndex Control flow bogus, 255 ー 259 complicating, 225 ー 246 Control flow analysis, 10 , 119 CFGs ⅲ , 119 ー 121 exceptions and, 121 ー 122 interprocedural, 12 う loops and, 12 う self-modifying code and, 122 ー 124 Control flow graphs (CFGs), 10, 117 , algorithm for building, 12g121 irreducible vs. reducible, 2 う 7 sample, 120 Control transformations, 21 ControI-fIow flattening, 24 , 22 -228 attacks against, 245 ー 24 う Convera, XVIII COPY protection, 6 う 7 ーる 58 Copy-on-write, defined, 1 う 7 Copy-paste-modify, 6 の Copying code, 206 ー 207 119 Core root Of trust for measurement (CRTM) Core semantics, 64 Correctness , defined 005 Corrector slot values, 4 ろ 07 引 Cost, described , 224 Cover primitive, 89 , 90—男 Cracking, 68 ー 69 decompilation , 82 ー 86 dynamic pattern matching in, 79 ー 81 memory watching , 76 ー 78 motivations for, 6 ろ 5 recovery of internal data ⅲ , 78 ー 79 skills needed for, め static analysis in, 70 static pattern matching in, 7 う一 76 tamperlng with environment, 79 targets of, 60 ー 6 ろ Crackmes , 86 Credibility ofbirthmarking, 612 through sparse codes, 5 引 , う of watermark, 48278 を 491794 Crema, 209 Crypto-processors, 5 を 54 Cryptography, xvi incompleteness of protection afforded by,3 Dallas Semicond uctor DS50002FB components 0 〔 698 , 672 乃 9 defenses of, 698- 99 function of, 699 hacking of, 695 96 , 699 ー 700 Dash0, 210 Data bus, securing of, 694 Data dependence analysis, 132 ー 1 Data encoding, 258 ー 260 of arrays, 272 of booleans , 266 ー 269 complications of, 26 ( レ 261 of integers, 261 ー 266 ofliteral data, 269 ー 272 Data flow analysis, 11 described, 127 ーリ 2 Data transformations, 21 Databases, obfuscation of, 522 2402 ) 26 Debugging , 68 ー 69 , 146 breakpoints and, 14 い 147 checking for, 407708 procedures in, 147 ー 1 う 2 relative, 82 , 146 , 1 う 8 ー 161 reverse, 146 , 1 う 2 ー 1 ) 7 Decompilation , リ , 82 ー 8 を 118 algorithms for, 183 ー 190 challenges of, 181 ー 182 described, 18g181 example of, めー 86 , 182 ー 1 め of high-level control flow, 185 ー 188 of high-level languages, 188 ー 190 Det / function, 612 [l ⅲ e ト 0X029 引 traditional, 1 ータ防 obfuscation of, ろー 5 DES combating,301—304 algorithms for, 24 ろー 246 Deobfuscation, 217 ー 219 , 242 elsewhere it S de-obfusc . defined, 引 1 ー引 2 [ed: here ⅲ text it's algo rithm fo ら引 2 ー引 Deobfuscating transformation Demons, 88 l)elete-empty function, 280 l)efinition-use chain (du-chain), 1 引ーリ 2 notation conventions for, 87 ー 89 evaluating, 87 defense-in-depth, 89 Defense strategies , 86 building algorithms from, 115 ー 116 Defense model, 6 , 114 ー 11 う Defense Departmen t (DoD) , xix—xi

740 Digital Rights Management (DRM) players, Digitalrights management, 5 , 1 い 18 Diffusion, 10 ろ Differential power analysis (DPA), 707 DifferentiaI attacks, 81 ー 82 precision of, 409-410 execution by, 410 dynamic vs. static, 410 Detector, ⅲ tamperp r(X)fing system Detection, of watermark, 481 Detect-respond primitive, 9 を 110 ー 111 history of, 6 臼 65 function of, 656 emulators for, 669 ーる 70 disadvantages of, 711 described , 5 attacks on, 9 ー 670 API for, う 69 Dongles, う 0 , 170 Dominance tree, 125 Diversifying transformations , 2 の一 Disto rtive attacks , 42 , 484 ー 485 Distance, types of, 61 ろ 14 for anti-piracy, 657 ー 6 Disk-based protection, う 0 , 656 Discrimination, software, 608 Discriminant analysis, 651 linear vs. recursive, 174 ー 178 dynamic vs. static, 17 ろ challenges of, 172 ー 174 algorithm for, 178 ー 180 DisassembIy, 10 , 118 Direct threaded interpreter, 207 Digital watermarks , 468 crackability of, 6 ( レ 65 204 strategies for, 357 defined , % 1 Dynamic obfuscation , ろ 57 Dynamic k-gram API birthmarks, 6 引 ) ー 6 引 Dynamic function call birthmarks, 629 ー 6 う 0 Dynamic fingerprints, 4071 , 1 う 8 ー 159 Dynamic code merging, う 7 & ら tracing, 165 ー 168 profiling, 161 ー 165 emulation, 168 ー 170 debugging, 14 い 161 l)ynamic analysis, 7 , 8 ー 9 , 117 DVDs, protection schemes for, 661 Duplicate primitive, 男ー 96 , 299 Dotfuscator, 210 obfuscation of API for, 7 69 lndex Dynamic obfuscator, described,36()—361 Dynamic primitive, 112 ー 11 を 598 99 Dynamic transformations , 21 Dynamic watermarking algorithms for, う 46 ー 597 defined, う 4 う一 544 drawbacks of, う 45 ー 546 , う 98 need for, う 41 ー 54 を 544 Dynamic whole program birthmarks, 1 44 Echo hiding , 4 Edge flips, protecting against, 557 ー 558 Edge profiling, 162 Edit distance and similarity, 6 リ , 614 Edit-compile-test cycle, 69 Effective obfuscating transformation, defined, 220 Efficient program, defined, 9 Embedding steganographic, 468 , う 22 ー 526 techniques 応 r, 男 9 of watermark, 481 , 495798 Emulation, 168 Emulators, 168 ー 169 problems with, 170 uses of, 169 ー 170 Encoding. 立に Data encoding Encrypted execution design for, 685 84 future of, 694 ーる 95 problems with , 688- 94 XOM architecture, 6 め 88 Encryption 引 go rithms for, 585 92 of binaries, め 9 bus traffic , 697 combined with self-modification, う 92 98 drawbacks of, う 84 homomorphic,324, ろ 2 う 29 implementation 0f084 め program, 52 ー 54 purpose 0f08 う Environment checking , 40 407 Execution paths expanding, 585 92 tamperproofing, 592 ーう 98 Expressions, equivalent, 2 の一 204 External-checking, defined , 411 External-responding, defined, 411 Extract function, 481

lndex Faraday cage, 710 Fault induction attacks, 705 Filtering marks, 472 Fingerprint mark, 47 ( ) ー 471 Fingerprinting, xv, う 08 9 , 1 う 8 dynamic and static, 4 ( ) -71 purpose of, 64 , 467 ー 706 disadvantages of, 711 cryptographic coprocessor, 708 ー 711 costs vs. benefits of, 711 ー 712 board-level protection, 708 ー 711 655 う 6 tO augment software-based protection, Hardware-based protection, 49 Hardware breakpoints, 146 , 149 ー 150 Hamming distance and similarity, 6 リ and obfuscation, う 10 Halting problem, う 08 09 Guard functions, 412 Grid computing, 19 ー 20 Graphical enumerations, うろ 4 algorithms for, & 44 Graph-based analysis, 35- 56 Graph similarity, 61 う Graph coloring , 492 Graph codecs, うー男 4 Global variables, as security risk, 562 Globalanalysis , 125 Glitch attacks, 70 う一 706 528 General Chinese Remainder Theorem, splitting and merging of, 20 う一 206 signatures of, 277 ー 279 Funct10ns Function call birthmarks, 629 ー 6 0 Frequency spectrum analysis, 161 Frames , 87 ー 88 Fragile watermarks, 469770 Forking, defined, 157 Flow sensitivity, 118 , リ 7 日 ow dependence, リ 2 Floppy disks, protection schemes for, 661 Flattening, control-flow, 24 , 226 ー 228 Finite State Automaton, 215 , 216 vs. watermarking, 48 う 786 system design for, 42 う一 427 741 distribution with physical token, 49 ー 51 , 6 うい 670 ensurmg a safe executlon envlronment, う 1 ーう 2 physical barriers, う 4 ー 5 う program encryption, 52 ーう 4 tamperproof devices, 69 う一 711 TPMs , 656 , 67 ( ) ー 68 う tY1ng program to the CPU, う 0 ーう 1 , 68 う一 6 Hash functions, 2 ろ 9 , 412 generating, 418 ー 425 oblivious, 404 , 4477 う 0 Heap analysis, い 8 High -definition movles , protection schemes for, 664 High-level structures, destroying, 281 ー 295 Homomorphism, defined, 265 Homomorphic encryption, 19024 , 526 29 HoseMoch a, 209 IBM 47 ) 8 coprocessor, 708 advantages and disadvantages of, 71 ( レ 711 capabilities of, 708 characteristics Of, 709 layers of protection of, 709 ー 710 and processing power, 710 ldentifier renaming, 209-212 lmages, watermarking of, 474 ー 47 う lnadvertent authorship mark, 472 lndirect primitive, 104 ー 105 , 299 lnlining, function, 205 lnput programs, defined, 引 1 lnsert-empty function, 280 lnstruction encodings, modifying, 29 ろー 297 lnstructions overlapping, 4 う 075 う replacing, 362 66 lntegers, encoding of, 261 ー 26 う lntegrity, 6 ろ lntel, xviii lnteresting events, defined, 195 lnterference graph, 492 lnternational()bfuscated C Code Contest (IOCCC), 26 lnterpreter, direct threaded, 207 lnterprocedural analysis, 12 う lntertrust, XVIII lnterval construction, 427728 lntraprocedural analysis, 124

742 lntrospection, 4 国 , 412--413 algorithms for, 414-418 attacks on, 4 い issues with , 444-44 う lntrusion detection , 2 lnvisible watermarks, 469 lrdetO , xvili lrreducible, defined, 2 7 lsomorphic , defined , 616 Java bytecode birthmarks, 62 う 25 Java code, disassembly of, 10 k-gram, defined, 616 k-gram API birthmarks, 6 引 k-gram hashes, 616 ーる 19 k-gram-based analysis, 616 algorithms for, 61 蜃る 25 Kruskal count, 174 LearnabIe functions, obfuscation of, 弭 ()—弭 1 Least Significant Bit (LSB) encoding , 474 Levenshtein distance and similarity, 6 リ 14 Library functions, vulnerability 7 う一 75 Licensing marks, 471 Linear sweep, 174 ー 178 Literal data, encoding of, 269 ー 272 Local analysis, 125 Local stealth , 223 Locate-alter-test cycle, 69 ー 70 Loops, identifying, 12 ) Map primitive, 101 ー 1 国 , 105 , 108 , 299 , 599 Maximal common subgraph, defined, 615 May-alias problems, リ 6 , 137 Mealy machine, 270 ー 272 Media watermarking, う 7 8 , 468 , 469 of functions, 205 ー 206 of classes, 279 ー 281 Merging, 298 Merge primitive, 9 い 100 , 298099 Memory watchpoints, 1 う 0 Memory watching, 76 ー 78 Memory splitting, 458 ー 4 ろ 9 Memory remanence, 710 embedding ⅲ , 494798 lndex Meta-data marks, 471 Metamo rphic virus , う 2 Met rics software complexity, 190 , 1 男ー 195 style, 190 , 191 ー 1 男 Metrics-based analysis , 4- ー 5 algorithms for, 645 ー 652 rosoft , XVii1 Military, use Of surreptitious software by, xix—XX1 Millionaire problem, 548 ーう 49 Mim ic functions , 106 Mimic primitive, 106 ー 108 , 298 Misdirection , 27 Mobile agent computing , 18 ー 19 Mocha, 209 Modular exponentiation, 691 MoveUp function, 280 , 282 Must-alias problems, リ 6 Mutual exclusion object, 5 Naturallanguage text , watermarking of, 475778 Network firewall, 2 Node classes , unstealthy, 562 ー 565 Node splitting, 2 う 7 protecting against, 5 う 8 ー 559 Nodes-and-arcs, defined, 196 Nonce, defined, 679 Northern TeIecom , xviil Null cipher, 6 0 0BFAGcrypt algo rithm , 392 94 deriving keystream , 94 96 example 0f096 ー 398 OBFAGsw 叩 algorithm 06 & 69078 auxiliary routines used in, 577 coding 0f076 example execution 0f074 function 0f069 ーう 74 overview 0f070 OBFAJV algorithm, 2 男ー 297 , 299 algorithm , 267 ー 268 OBFBDKNIRVcrypto algorithm , 265 ー 266 0BFBDKMRVnum algorithm , 265 0BFCEJO algorithm, 529 ー 5 ( ) 川 CF algorithm , 2 の一 204 OBFCFcopy algorithm , 206 ー 207 , 299

lndex OBlCFinouthne algorithm, 20 う一 206 , 298 OBFCF interp algorithm, 207 ー 209 , 299 ()BFCF( ル algorithm, 2 い OBICFreorder algorithm, 204 ー 205 , 299 OBI•CKSP algorithm, ろ 84 90 dealing with multiple paths, う 91 encryption guards used ⅲ 088 example 0f089 ーう 90 overview 0f086 ーう 87 OBICTJahas algorithm , 2 う 0 OBICTJarray algorithm, 274 ー 276 , 298 OBlCTJbog. algorithm, 2 う 5 ー 2 う 9 , 299 OBlCTJbcx)l algorithm, 268 ー 269 OBlCTJclass algorithm, 279 ー 281 , 298 ()BFC ・ FJ()E algorithm, 213 ー 21 う 0BlCTJ pointer algorithm, 247 ー 2 う () , 299 OBlCTJshce algorithm, 2 う 7 ー 258 algorithm, 2 う 1 ー 2 う 0B1'DMRVSL algorithm, 281 evaluation of, 291 ー 29 example of use of, 284 ー 291 OBFHC algorithm, 2 い一 216 0BlKMNM 引 gorithm,362 example of, う function 0f06 う ()B FLBS algorithm , 引 4 22 OBFLDK algorithm, 2 う 9 ー 242 , 299 0BFMAMDSB algorithm, う 76 80 concerns regarding, ろ 8 う examples of, う 81 82 overview 0f080 OBINS 引 gorithm,322 24 OBFPP algorithm, う 24 , う 26 29 ( ) 川 TP algorithm, 209 ー 212 , 299 Obfuscated, defined, 9 ー 540 Obfuscating transformation defined, 219 , 引 ) 6 described , 20 efficiency of, 222 example of, 22 ー 2 う mechanics of, 21 strength 0f006 types of, 21 , 220 ー 222 Obfuscating viruses, 29 ーろ 2 Obfuscat ion, xvi general, 6 40 impossibility of, う 40 , 541 4 う interactive, う 46- 49 possibility of, 引 3 ーう provable, 引をろ 44 46 立に 4 な 0 Code obfuscation 743 Obfuscation executives, 21 う一 217 ( ) 川 WCs,g algorithm, 277 ー 279 , 298 ()川、 WHKD algorithm, 226 ー 228 , 299 ()B1'WHKDahas algorithm, 25g2 う 4 OB1•WHKDopaque algorithm, 250 ー 251 OBFZCW algorithm, 272 ー 27 を 299 ()bject-oriented birthm arks , 626 ーる 29 Oblivious hashing, 404 , 4477 う 0 Ob servable behavior, defined , 219 ー 220 Opaque expression, defined, 22 う Opaque predicates, 246 ー 247 , 25 う algorithms for, 247 ー 2 う 1 attacks against, 255 ー 2 う 8 defined, 14 う interdependent, 2 う 8 types of, 225 ー 226 Oracle access, 6 22 ( レ 222 POtent obfuscating transformation, defined Potency, desc ribed , 224 Polymorphic virus, う 2 POinter analysis. 、ゞにに Alias analysis Point functions, 引 4 22 Platform configuration registers (PCRs), 675 Planted plane cubic trees (PPCTs), 男 6 PDG -based , ( ) ー 641 algorithms for, 609- る 10 , 619 ー 625 Plagiarism detection, 602 types of, 608 ー 609 software, 4 ろ 74 Plagiarism, 45 Pioneer ProtocoI, 460762 Physical tokens, 49 ー 51 Phase-ordering problem, 212 Permutation graphs, うう 5 ーうろ 6 reordering , 488790 renumbering, 49 ( ) -791 of arrays, 272 ー 275 Permutation, 486787 Pattern-matching attacks, 579 ー 580 Patchwork, 474 477 Pass ivizatlon , natural langu age transformation , Partial Sum SpIitter, う 24 , 527 Parallelism, 56 & ーう 69 Overlap factor, 427 Outlining, function, 20 う Oriented parent-pointer tree codec, うう 4 , うう 2 Oracle access computable probability, 8

744 Power analysis, 707 ー 708 pragmatic analysis, 118 software complexity style metrics, 190 , 191 ー 1 男 Precision, 409 defined , 409 ー 410 PreEmptive Solutions, xviii Prim itives , 87 dynamic nature of, 112 ー 113 listed, 90--112 Prisoner's p roblem , う 190 , 19 う一 195 privacy Certification AuthoritY (PCA) , Product cipher, 1 国 Profiling described, 161 implementation of, 162 ー 165 program analysis dynamic and static , 7 stages 0f, 7 680 program dependency graph (PDG)' 1 clone detection based on , 6 う & ー 6 9 plagiarism detection based ( ) ーる 41 program distribution disks, 50 , 6 う 6 for anti-piracy, 65 & -664 Program encryption, 52 ー 54 program transformations, 118 Programming layout metrics, 7 , 9 programming structure metriCS' 647 , 650 Programming style metrics' 7 , 650 protectlon semantics , 64 ProtocoI attacks , 485 Quines 00 Race conditions, 251 Radix graphs, うめ , 2 REAA algorithm, 引 1 ー引 3 Reaching definitions, 128 , 13()—131 REAMB algorithm , 122 ー 124 REBB algorithm , 152 ーい 7 RF,BD algorithm , 4 ううう RECG algorithm, 1 部一 188 Recognition, 0f watermark, 481 , う 13 ー 5 い Recursive traversal, 174 ー 178 ReducibIe, defined, 2 ろ 7 Reducible permutation graphs (RPGs)' 男い男 7 References, 88 Regular expressions, 0bfuscatinB320—322 RITIM algorithm, 178 ー 180 lndex Relative debugging, 82 , 146 , 1 う 9 ー 161 defined, 158 RFLJ algorithm, 16 う一 168 combined with encryption,392—398 algorithms for, う 66 76 Self-modification strategy, め 8 ーめ 9 SeIf-hashing, attacking , 4 めう 7 Self-collusive attacks, 418 Self-checking, defined , 411 through obscurity, xvi-xviii, 14 , 102 goals of, 6 ろ Secu rity Secure boot, 67 う secret marks, 472. See な 0 Steganography SandMa rk, 215 Root of trust, 6 , 656 , 657 Robust watermarks , 469770 Rewrite attacks , 41 responses to, 440744 REWOS algorithm , 4557 う 7 , 440 example of, 9 ー 13 combating through code obfuscation, 16 Reverse engineermg, xix, 8 Reverse debugging, 146 , 1 う 2 ー 157 REUDM algorithm, 2 一 2 わ Result checking , 4 鮖 responses by, 410 distributed , 454 RESPOND function, 4 , 411 of watermark, 498 ー 5 国 desc ribed , 224 Resilience REPMBG algorithm , 2 う 257 Replay attacks, 688 90 watermarking by, 488 ー 490 of code and data, 2 国一 205 , 299 Reo rdering Reorder primitive, 100 ー 101 , 299099 Renumbering, watermarking by, 490-791 Remote- responding , defined , 411 Remote-checking , defined , 411 strategies for, 454-455 distributed check and respond , 454 desc ribed , 4 男 754 algorithms for, 4557 Remote tamperproofing,34,347, 404 ー 405 Remote procedure call (RPC), 551 ー 2 Remote hardware, measuring, 459762 REMASB algorithm , 245 ー 246

lndex Self-modifying code, 122 , 174 dealing with, 122-124 performance issues with,362, ろ 98 and stealth, ろ 98 Self-plagiarism, 4 ろ SeIf-Protecting MobiIe Agents (SPMA) , Self-responding, defined, 411 Semantics, of program, 64 Semantics-preserving, defined, 118 Signature, of function, 277 ー 279 Side-channeI attack, 691 Shuffle buffer, 692 SHriMP views, defined, 197 ー 198 Shape analysis, リ 8 Series-parallel graphs, 6 Sequence similarity, 6 い Smartcards Small program, defined, 9 Slots, 88 using, 4 うう 759 preventing, 257 ー 258 Slicing, 141 ー 14 ろ attacks on, 4 防うう Skype protocol, 4 引 Skype , xviii Simple power analysis (SPA), 707 types of, 6 リ 15 graph, 61 う defined, 614 Simila rity uses of, 701 non-lnvasive attacks agalnst, 705 lnvasive attacks against, 7 の一 705 defense against attacks, 707 ー 708 attacks against, 702 architecture and function of, 701 ー ー 707 702 281 Software birthmarking. 立に Birthmarking Software breakpoints, 146 , 1 う () ー 152 Software complexity metrics, 19 ( ) , 1 男ー 195 Software fingerp rinting. 立に Fingerprrnting lmportance of, 54 ーう 5 drawbacks of, 5 い 57 distinguished from cryptography,3 algorithm choice for, う 7 ーう 8 Software protection premises of, 606 described , 605 attack model for, 607 algorithm for, 607 Software forensics, 447 う , 602 745 Software Protection lnitiative (SPI) , xx—xxi Software as a service (SAAS), 4 う 4 Software similarity analysis, 45 algorithm overview for, 6 う 2 ー 6 う API -based , 625 引 birthmarking, 4779 , 472 , 61 ( ) - 12 clone detection , 602 国 graph-based, 6 ー 644 k-gram based, 616- 2 う metrics-based, 4 52 plagiarism detection, 609- 10 software forensics, 4475 , 6 ( ) 6- る 07 tree-based, 6 引ろ 5 types 0f, 602 Software tamperproofing. 立に Tamperproofing Software visualization, 195 ー 198 S0ftware watermarking. 、ゞにに Watermarking Source-code computable probability, defined, 8 Sparse cut, 506 Split primitive, 9 い 100 , 298 Splitting, 298 , 404 of classes, 279 ー 281 of functions, 205 ー 206 0f graphs, う 54 ー 5 ) 6 of memory, 45 & ろ 9 of watermark integers, う 2 & ー 533 Spread spectrum, 498-799 ssEFM algorithm, 6 引う 5 ssKH algorithm, & う 9 ssKK algorithm , 64 第 646 ssLCHY algorithm, ( ) ー 641 ssLM 引 go rithm , 6 ー 652 histograms in, 7 metrics selection for, 7 , 9 ー 650 overwew of, 8 SSMCkgram algo rithm , 62 タ 25 SSMCwpp algorithm , 1- 44 ssSDL algorithm, 0—6 引 ssSWAMOss algorithm , 619 22 example of, 622 ー 625 ssSWA WINNOW algorithm, 616 ー 619 ssTNMM algorithm, 62 に 629 ssTONMM algorithm , 629 ーるろ 0 State inspection algorithms for, 4477 うろ need for, 444 ー 447 Static analysis, 7 ー 8 , 117 , う 98 abstract interpretation, 145 ー 14 う alias analysis, い 4 ー 141 control flow analysis, 119 ー 126

746 static analysis ( co 厩 / 〃″にノ ) data dependence analysis , 132— data flow analysis, 127 ーリ 2 described, 118 ー 119 slicing, 141 ー 145 Static fingerprints, 40 strong obfuscating transformatiom defined' 306 disassembly of, 172 ー 174 advantages 0f, 172 Stripped binaries, 6 ) , stored measurement list (SML), 675 Stirmark, 470 , 495 Steganography, 5 defined , 224 Steganographic stealth , 22 ろ systems for, う 22 goals of, う 22 algorithms for, う 2 う 26 Steganographic embeddings , 468 of watermark, う 05 ー 516 , 561 steganographic, 22 去 224 local, 225 described , 224 Stealth, 222 ー 2 幻 static path feasibility analysis , 244 defined, 405 Tamperproofing , xv, XVI Tamperproof module, 672 XBOX, 69 う 97 Smartcards, 701 ー 708 IBM 4758 , 708 ー 711 698 ー 700 Dallas Semiconductor DS50002 FB , 69 う 96 , Tamperproof devices responding t0 , 410 defined, 40 う checking for, 4 710 Tam penng military use Of, xviii—xxi attack model and , い 7 surreptitious SOftW ・ are lmportance Of, XVi—XX11 function Of, xvi surreptitious software, XV Superoperato rs , 207 Sun . Microsystems , XVIII Subtractive attacks , 484 Substitution, 105 Style metrics, 190 , 191 ー 19 lndex desc ribed, 52 example of, 6 of execution paths, う 92 ー 598 functions in , 404 ー 405 obfuscation as adjunct t0, 401 related to watermarking, 402 , 494 ー 498 remote, う 4 , う 47 , 4 ( ) 4 ー 405 system design for, 411712 , 425727 uses of, ーめ , 4 ( ) 2 ー 404 , 4 of watermarking widgets, 580 ー 581 Tamper-resistant watermarks , 469 TEA (Tiny Encryption Algorithm), 79 ー 80 Testing functions, 412 Text, watermarking of, 475778 ・新 a に s Group, xix, う 16 Threat model, developing, め T1ming attacks, 70 & ー 707 TPCA algorithm, 414 , 417718 advantages of, 459 example of, 416717 overview of, 415 FIVCNS algorithm , 462764 "ITCVCPSJ algorithm , 447750 "IVGCK algorithm , 4 ろ 87 う 9 'ITHMST 引 go rithm , 42 724 advantages of, 4 9 corrector slot values, 4307 引 example of, 428 ー 429 interval construction ⅲ , 427 ・ 728 overview of, 424 and system design, 425727 TPJJV algorithm , 4 う 07 'ITSLSPDK algorithm, 459760 uses of, 460762 "ITTCJ algorithm, 44 ( ) 744 overview of, 442 'IVZG algorithm , 455759 , 465 overview of, 456 Tracing, 16 ろ algorithm for, 165 ー 168 Transformation stage, 7 Translation, 101 , 1 の Tree-based analysis, 6 引ーめ Treemap views, defined, 197 ー 198 Trusted platform module (TPM), 6 必 applications of, 682 め authenticated boot based on, 670 ー 67 ろ challenging of, 677 ー 679 components of, 676 controversies regarding , 681 ーる 8 う function of, 657 , 67 ( ) ー 671

lndex Java model of, 674 life events of, 676 ー 677 measurements for, 67 タ 76 privacy issues in, 68 ( ) ー 81 Use-definition chain (ud-chain), 128 ー 151 Validation marks, 471772 Vertex profiling, 162 Virtual blackbox alternate definition 0f0 う 0 defined , 8 Virus scanmng, 2 Viruses, obfuscating, 29 2 signature Of, ろ 0 Visible watermarks, 469 Watermarking, 5 attacks on, 417 去 4847 め of audio, 472774 in CFGs, う 0 い 508 credibility in, 4827 部 , 491794 , 5 引 , う digital, 468 disadvantages of, 46 dynamic. 、ゞ e に Dynamic watermarking robust vs. fragile, 469770 resiliency of, 498- う 04 redundant pieces in, 528 ーう引 , 5 タ 5 purpose of, 64 , 467 by permutation, 48 & 794 media,37—38, 468 , 469 issues ⅲ , うう 7 ーう 40 0f images, 474-775 history of, 468 functions in, 480782 vs. fingerprinting, 4 め 786 example 0f08 ー 41 embedding of, 481 , 495798 747 of software, 478 ー 480 splitting ⅲ , 526 ー 5 static, 479 ー 480 statistical, 498 ー 504 stealth of, う 05 ー 516 tamperproofing of, 402 , 494798 of text, 47 う一 478 uses of, 468772 visible vs. invisible, 469 Weak cuts, 565 ーう 64 Whitebox cryptography, xviii Whitebox DES,329 ー 1 WhitebOX remote progr•am execution, タ 52 54 ' ho に program birthmarks, 1- 44 wMASB algorithm, う 11 ー 512 , 525 ー 526 WMCC algorithm, う 1 & ーう 21 advantages of, う 20 ーう 21 embedding of watermark, 518 ー 520 recognition Of watermark, 520 wMCCDKHLSbf algorithm , 592 WMQP algorithm, 491794 watermarking widgets ⅲ , 569 ー 572 tamperproofing of, う 8 ( 厦 581 , う 82 recognition issues, う 77 ーう 79 overview of, う 74 issues with, 569 function of, 566 ーう 68 example of, う 74 ーう 77 579 ーう 80 avoiding pattern-matching attacks, advantages and disadvantages of, 582 め WMNT algorithm, う 6 う一う 66 , う 98 , 599 , 600 wMMIMIT algorithm, う 05 ーう 06 WMMC algorithm, 495798 WMDM algorithm, 468 , 488 ー 490 stealth of, う 61 ー 5 resiliency of, う 57 ー 561 recognition problems with, う 40 ー 551 overview of, うう 0 graph splitting for, うう 4 ー 556 graph encoding for, うう 2 ー 5 ) 4 example of, う 47 ーう 49 evaluation of, 564 ー 565 and data bitrate, う 51 ー 556 WMCT algorithm, 54 う 47 , う 98 recognition by, う 90 overview of, う 84 encoding and embedding in, う 84 ー 590 described, うめ advantages and disadvantages of, 591 wMCCDKHLSpaths algorithm, う 99 , 6()() tamperproofing of, う 96 ーう 97 recognition by, 595 ー 596 overview of, う 94 embedding ⅲ , 5 男 advantages and disadvantages of, う 97 ー 598

748 wMSHKQ algorithm, 498 国 embedding 0f watermark, 50 ( レ 502 problems with , 5 国 recognition Of watermark, う 02 ー 504 WMVVS algorithm, 5 ーう 08 , う 99 embedding of watermark, う 08 ー 510 , 5 リ recognition by, 5 リー 515 lndex XBOX components of, 69 97 design of, 697 hacking of, 695 , 69 & 97 XOM architecture , 685 86 instruction set modification for, 687 ー 688

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear ⅲ this book, and the publisher was aware of a trademark claim, the designations have been printed with initial capital letters or in all capitals. "lhe authors and publisher have taken care in the preparation of this ト 00k , but make no expressed or implied warranty Of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages ln connection with or arising out of the use of the informatlon or programs contained herein. 'lhe publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales , WhiCh may include electronic verSIOns and/or custom covers and content particular to your business , training goals , marketing focus , and branding interests. For more information , please contact : U. S. Corporate and Government Sales ( 800 ) う 82 419 corpsales@pearsontechgroup.com For sales outside the United States, please contact: lnternational Sales lnternational@pearson.com ViSit us on the 、に b : www.informit.com/aw し房 4 Co 〃 g 朝あ g 切 g - - P 勗″〃 Da Collberg , Christian. Surreptitious software : obfuscation, watermarking, and tamperproofing for software protection / Christian Collberg, Jasvir Nagra. ー lst ed. P ・ cm ・ lncludes bibliographicalreferences and index. ISBN 0 ら 21-54925-2 (pbk. : a 慊 . paper) 1. Computer security. 2. Cryptography. 3. Data protection. 4. Copyright and electronic data processing—United States. I. Nagra, Jasvir. Ⅱ . Title. QA76.9. A25C6165 2009 005.8 ー dc22 Copyright ◎ 2010 Pearson Education , lnc. 200901 うう 20 All rights reserved. Printed in the United States of America. "lllis publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage ln a retrieval system, or transm1SS10n ln any form or by any means, electromc, mechanical, photocopytng, recording, or likewise. For information regarding permissions, write to: Pearson Education, lnc. Rights and Contracts Department う 01 BoyIston Street, Suite 900 Boston, MA 02116 Fax: ( 617 ) 671 ら 447 ISBN-13: 978-0 づ 21- う 492 う -9 ISBN-IO: 0 ら 21- う 492 う -2 Text printed in the United States on recycled paper at Edwards Brothers ⅲ Ann Arbor, Michigan. First printing,July 2009