検索 - みる会図書館

検索対象: Surreptitious software obfuscation watermarking and tamperproofing for software protection

Surreptitious software obfuscation watermarking and tamperproofing for software protectionから 37件ヒットしました。

Surreptitious software obfuscation watermarking and tamperproofing for software protection


Acknowledgments e would like to thank the followmg people without whose assistance this book could not have been written: Amena Ali Bertrand Anckaert, Gregory Andrews, Mike Atallah,Jan Cappaert, Edward Carter, lgor Crk, Mike Dager, Mila Dalla Preda, saumya Debray, Fabrice Desclaux, R0bert0 Giacobazzi, Jon Giffin, Gael Hachez, Wulf Harder, WiIIiam Horne, Mariusz Jakubowski, Yuichiro Kanzaki Phil Kaslo, David P. Maher, Scott Moskowitz, Yoram Ofek, Reiner Sailer, Christine Scheer, Arvind Seshadri, Richard Snodgrass, the students of CSc 620 , Clark Thomborson, Gregg Townsend, Tom Van Vleck, and Glenn Wurster. Special thanks to the lnstitute of Automat10n and Professor Fei-Yue Wang of the Chinese Academy of Sciences, for their generous support during Christian Collberg's sabbatical visit, August 2006 through July 2007 , and to Yoram Ofek and the RE-TRUST project for their support during the summer of 2008. To everyone at Addison wesley wh0 made this pr0Ject possible, our sincere thanks: Jessica Goldstein, Gary McGraw, Romny French, Elizabeth Ryan and Chuck Toporek. Finally, we would like to thank all our friends and family who have encour- aged and supported us throughout this project: Char10tte Bergh' Andrew C011berg' Melissa Fitch, Michael Hammer, John Hartman, Louise H01brook, Ma and Dad, Mamma, Ginger Myles, Qu 。 J 可 0 " Cheng, Shwetha Shankar, Haya Shulman, Mr. Snickers, and Tudou. XXVII

Surreptitious software obfuscation watermarking and tamperproofing for software protection


726 Bibliography に 14 」 Markus G. Kuhn. Sicherheitsanalyse ernes mikroprozessors mit busverschlüsselung (security analysis Of a microprocessor with bus encryption). Master's Erlangen' Germany, July 1996. ()n German) に 1. 刃 Markus G. Kuhn. Cipher instruction search attack on the bus-encryption secu- rity microcontroller ds5()()2fp•lEEE 7 4 あ 0 〃 CO 2 e パ , 47 ( 10 ) : 1155 ー 1157 , 1998. に 16 ] Sukhamay Kundu andJaydev Misra. A linear tree partitioning algorithm. ス M ル 〃 4 / 朝 戸 〃 g , 6 ( 1 ) : 151 ー 154 , March 1997. に 1 刀 Martin Kutter and Frank Hartung. lntroduction t0 watermarking techniques. ln S. Katzenbeisser and F. petitcolas, editors' ル ル ′ 刎 わ 〃 日 id g : 7 〃 岬 ″ e ゞ ル お & 4 〃 og 2 の 4 〃 ノ D な ″ 4 ん Ⅳ 4 ′ 4 g , pages 97 ー 120. Artech House' 2000. に 18 ] Mark D. LaDue. HoseMocha, January 1997. www.cigital.com/hostile-applets/ HoseMocha. j ava. に 19 ] M. K. Lai. Kn 叩 sack cryptosystems: the past and the future. www.ics.uci.edu/ rvmingl/kn 叩 sack. html' 200 引 に 20 ] Robert Charles Lange and spiros Mancoridis. Using code metric histograms and ge- netic algorithms t0 perform author identification for software forensics. ln GECCO ' 0 / : Pro 化 e ノ イ ど 9 ス 〃 〃 / CO 〃 秀 た 〃 化 0 〃 明 ノ E ″ 。 ん 戮 朝 2 刎 4 ー / あ 〃 , pages 2082 ー 2089 , New York' 2007. ACM. に 21 」 James R. Larus. Wh01e program paths. ln pro 化 / 〃 g ゞ / SIGPLAN ' 99 朝 〃 秀 た 〃 化 0 〃 programming La 〃 g g Deszgn 4 〃 ノ ー 戸 な 〃 わ ″ , 1999. ACM. に 2 幻 Tfmea Låszlo and Akos Kiss. Obfuscating c + + programs V1a control flow flattening. ln 川 坊 々 ツ 0 〃 programming レ 〃 g g 明 ノ 立 ア ル 4 尾 % 0 な ()P ム ゞ T 2 側 / ) , pages 15 ー 29 , D 。 ト 0g6k6 , Hungary, June 2007. に 2 引 Tfmea L Z10 and Akos Kiss. Obfuscatrng + + programs vla control flow flattening. ス 〃 〃 4 ん ゞ U 〃 ん e 々 ゞ e 〃 々 4 翔 ノ 夜 RO な 〃 ノ 0 E う / ゞ NO 4 e ー ー 、 ゞ e は わ CO 々 4 た ica, 2008. に 24 ] Kevin Lawton. Bochs 23.7. http : //bochs. sourceforge •net' 2008. ACM. に 2 引 Thomas Ⅳ Lee. Mz ⅳ oe ん む 〃 0 〃 な ル i ん 尾 ス い な ー ー D 巳 尺 € 秀 尾 〃 化 . ASM lnternational' MateriaIs park, OH, 3rd ed. , 19 男 . に 26 」 Thomas Ⅳ Lee and seshu pabbisetty, editors. Mz ⅳ “ ん け ro 〃 な ル ん 尾 ス 加 な 豆 「 一 - D た 尺 に 秀 尾 〃 化 . ASM lnternational, Materials Park' ()H' 3rd ed. , 19 男 . [ 22 刀 Don Libes. 〇 ろ 々 C 4 〃 ノ 0 e M ″ 言 . WileY' 19 男 . に 28 」 D. Lie , C. Thekkath , and M. Horowitz. lmplementing an untrusted operating system on trusted hardware. ln proceedings 坊 N / 〃 〃 坊 ACM 、 新 々 の ツ 0 〃 0 戸 e / 〃 g 、 新 立 ゞ p ゅ ん , pages 178 ー 192 , 20 . ACM. に 29 ] David Lie, John Mitchell, Chandramohan A. Thekkath' and Mark Horowitz. Speci- fying and verlfying hardware for tamper-resistant software. ln SP ' の : Proceedings the 20 の IEEE 、 新 戸 0 豆 〃 0 〃 立 翩 ″ り 明 ノ p 〃 加 , page 166 , Washingtom 20 の . IEEE Computer Society. に う 0 ] David Lie, Chandramohan Thekkath' Mark Mitchell' patrick Dan Boneh' John Mitchell, and Mark Horowitz. Architectural support for COPY and tamper re- sistant software. ln ス ゞ PL 〇 ゞ イ X : proceedings ど N 坊 ル 翔 4 朝 加 / 朝 / た 〃 化

Surreptitious software obfuscation watermarking and tamperproofing for software protection


乃 6 Bibliogr 叩 hy 卩 7 刀 Gregory wolfe, Jennifer L. wong, and Mi0drag potkonjak. Watermarking graph par- titionrng solutions. ln D sz ゑ 〃 ス 0 刎 あ 〃 CO 〃 秀 尾 〃 化 , pages 486 ー 489 , 2001. ACM. け 78 」 Wei Wu, Frank Nian-Tzu Chu, Erik Fortune, Julie D. Bennett, M0hammed EI- Gammal, and Simon D. Earnshaw. lnhibiting software tampering. U. S. Application 20060005251 , January 2006. Assigned to Microsoft Corporation. け 79 」 GIen Wurster, p.. C. van ()orschot, and Anil Somayaji. A generic attack on checksumming-based software tamper resistance. ln 20 の IEEE 、 新 戸 の zu 0 〃 立 - 翩 〃 の 4 〃 ノ P 〃 ツ 40 , pages 127 ー 138 , 2005. IEEE. 卩 80 」 12 Young and M. Munro. Visualising software in virtualreality. ln Pro 化 ツ g ゞ e IEEE 6 坊 ル 4 加 / Ⅳ 0 紡 02 0 〃 program 朝 戸 尾 あ 〃 , pages 19—26June 1998. IEEE. 卩 81 ] Jonathan A. Zdziarski. Nes. 叩 P 2.03 ー ー the Nintend0 emulator for iPhone. www. zdziarski. com/projects/nesapp, 2008. 卩 8 幻 Xiangyu Zhang and Rajiv Gupta. Hiding program slices for software security. ln CGO ' 0 丿 : Proceedings 0 / e ル 翔 4 〃 わ 〃 房 々 0 豆 4 0 〃 00 Ge 〃 e / あ 〃 4 〃 ノ 0 戸 〃 な 刎 あ 〃 , pages う 万 一 6 , Washington, DC, 200 引 IEEE. 卩 8 引 Youtao Zhang, Jun Yang, and Rajiv Gupta. Frequent value locality and value-centnc data cache design. ln ス 尾 ん ctu / ゞ 42 々 0 ″ ル programming 1 〃 gu 鰓 4 〃 ノ 0 戸 4 〃 〃 g 、 新 立 e , pages 1 う 0 ー わ 9 , 2000. ACM. 卩 ] W. Zhu, C. C. (r)mborson, and Fei-Yue Wang. Obfuscate arrays bY homomorphic functions. 夜 2 / 、 あ 〃 0 〃 CO 戸 4 立 ″ ノ Da P 〃 , pages 770 ー 77 を May 2006. IEEE. 卩 め 」 Xiaotong Zhuang, Tao zhang, Hsien-Hsin s. Lee, and Santosh Pande. Hardware assisted control flow obfuscation for embedded processors. ln CASE 、 ゞ ' 04 : Proceedings 坊 2004 ル 4 / 朝 〃 秀 尾 〃 化 0 〃 朝 2 ハ , ス 尾 ん 4 尾 , 4 〃 ノ 〃 坊 ル E ノ d 立 e ゞ , pages 292 02 , New York' 20 国 . ACM. 卩 86 ] Xiaotong Zhuang, Tao Zhang, and santosh pande. Hide: an infrastructure for effl- ciently protecting information leakage on the address bus. ln ス PLO & X を Proceedz;zgs 17 ル 4 / CO 〃 尾 〃 化 0 〃 ス 尾 ん 4 / ゆ ″ ル Programming レ 〃 - guages 4 〃 ノ 0 g 立 e ゞ , pages 72 ー 84 , New York' 2004. ACM.

Surreptitious software obfuscation watermarking and tamperproofing for software protection


Bibliogr 叩 hy 727 0 〃 ス 尾 ん 7 “ 、 / 4 / 、 戸 戸 0 ″ ル ぉ Programming 1 気 〃 guag 〃 ノ 〇 戸 ど / 切 g 、 新 立 pages 168 ー 177 , New York, 2()()0. ACM. に う 1 」 Cullen Linn and Saumya Debray. Obfuscation of executable code to lmprove resls_ tance to static disassembly. ln Pro 化 e ノ 彷 e 川 ACM Co 〃 秀 尾 〃 化 0 〃 Co 戸 4 4 〃 ノ Co 盟 〃 / あ 、 立 〃 , pages 290 ー 299 , 20 の . ACM. に う 幻 Chao Liu, Chen Chen, Jiawei Han, and PhiIip S. Yu. Gplag: detection of software plagiarism by program dependence gr 叩 h analysis. ln KDD ' 06. ・ pro 化 ツ 0 / 坊 に 72 功 ACMSIGKDD ル 翔 4 / あ 〃 4 / Co 〃 秀 尾 〃 化 0 〃 K 〃 0 ル ん 表 e Dz 0 4 〃 ノ Da Mining, pages 872 ー 881 , New York, 2006. ACM. に う 引 B. Lynn, M. Prabhakaran, and A. Sahai. positive results and techniques for obfuscation. ln E 0 Ⅳ , 2004. Springer—Verlag. に 54 」 Matias Madou, Bertrand Anckaert, Bjorn De sutter, and De Bosschere Koen. Hybrid static-dynamc attacks agalnst software protecuon mechanisms. ln p 0 化 ノ ツ g 0 / ) ACM - Ⅳ 0 訪 0 〃 D な / 犬 な る な Ma 〃 鰓 ど /. ACM, 2005. に う 引 Matias Madou, Bertrand Anckaert, patrick Moseley, saumya Debray, 均 orn De sutter, and Koen De Bosschere. Software protection through dynamic code mutation. ln The 6 坊 ル 4 朝 〃 4 / ー % 紡 0 〃 ル ル 厩 あ 〃 立 翩 の ス pp ん / あ ( Ⅳ ハ ス 20 の ). Springer-Verlag, August 200 う . に 36 」 Matias Madou, Ludo Van Put, and Koen De Bosschere. Loco: an interactive code (de)obfuscation tool. ln PEPM ' 06 : Proceedings イ / 厖 2006 ACM 、 SIGPLAN 、 新 ー 立 4 0 〃 P / / E ん 4 / あ 〃 4 〃 ノ 立 4 〃 / 言 ー 房 ノ prog Ma 〃 ゆ ツ 4 / あ 〃 , pages 140 ー 144 New York, 2006. ACM. に 刀 Matias Madou, Ludo Van Put, and Koen De Bosschere. Understanding obfuscated code. ln ICPC ' 06 : Proceedings 74 坊 IEEE ル 4 朝 〃 4 / Co 〃 秀 た ″ 化 0 〃 program 朝 訪 わ 〃 , pages 268 ー 274 , Washington, DC, 2006. IEEE. に 8 」 Christopher J. Madsen. VBinDiff う .0 beta 4—visuaI binary diff. www.cjmweb.net/ vbindiff, 2008. に う 9 」 David Paul Maher. Fault induction attacks, tamper resistance, and hostile reverse englneermg ln perspective. lnFC ' 9 た Pro 化 e み 〃 0 / ん / ル 厩 z わ 〃 4 / Co 〃 秀 尾 〃 化 0 〃 ん 4 〃 ロ ッ C og 叩 の , pages 109 ー 122 , London, 1997. Springer-VerIag. に 40 」 Anirban Majumdar. , Antoine Monsifrot, and CIark D. Thomborson. ()n evaluating obfuscatory strength of alias-based transforms usrng static analysis. ln 1 〃 翔 4 / あ 〃 4 / 朝 〃 秀 尾 〃 化 0 〃 ス 4 〃 化 ノ 朝 々 4 / g ノ 朝 4 〃 い DCOM200 の , pages 605 ー 610 , December 2006. IEEE. に 41 ] Anirban Majumdar, Stephen Drape, and Clark Thomborson. Metrics-based evalua- tion of slicing obfuscations. ln IA 、 ゞ ' 0 / : 怦 0 化 翻 g ゞ イ e 7 ・ ん ル 翔 4 / あ / 、 新 々 。 - 立 4 0 〃 ル ル 4 / あ 〃 月 〃 〃 化 4 〃 ノ 立 前 ア , pages 472777 , Washington, DC, 2007. IEEE. に 4 幻 Anirban Majumdar, Stephen J. Drape, and CIark D. Thomborson. Slicing obfusca- tions: design, correctness, and evaluation. ln DRM ' 0 / : pro 化 ノ ツ g ゞ e 200 / ACM ・ Ⅳ 0 紡 0 ″ DigitaI - R な る な Ma ge 夜 な , pages 7g81 , New York, 2007. ACM. に 4 引 J. Marchesini, S. W. Smith, O. Wild, and Rich MacDonaId. Experimenting with TC_ PA/TCG hardware, or: 日 ow I learned to stop worrylng and love the bear. Technica1 report TR2() の 一 476 , Computer Science, Dartmouth college, December 20 の .

Surreptitious software obfuscation watermarking and tamperproofing for software protection


718 Bibliogr 叩 hy ワ 刀 Frederick B. Cohen. ス 紡 0 ″ び 0 0 〃 び 0 24 嬲 ( 2 〃 ノ e ノ . ). J0hn Wiley & Sons' lnc. , New York, 1994. ロ 8 」 C. Collberg, E. carter, S. Debray, J. Kececioglu, A. Huntwork, C. Linn, and M. Stepp. Dynamic path-based software watermarklng. ln ACM SIGPLAN CO 〃 尾 〃 化 0 〃 Pro- g 川 g 1 〃 g ge D な 〃 4 〃 ノ ー 々 な 〃 わ ″ (PLDI 0 の , 2004. ロ 9 」 Christian CoIIberg, Edward carter, Stephen Kobourov' and Clark Thomborson. Error- correctlng gr 叩 hs for software watermarking. ln ・ Ⅳ 0 紡 叩 0 〃 G 叩 ん CO 々 4 立 / 化 い ′ G ' 20 の ) , June 2003. Springer-Verlag. L80 ] Christian Collberg, Andrew Huntwork, Edward Carter, and Gregg Townsend. Gr 叩 h theoretic software watermarks: lmplementation, analysis' and attacks. ln Ⅳ 0 訪 02 0 〃 ル ル あ 〃 日 id / 〃 g , pages 192 ー 207 , 2004. Springer-Verlag. L81 ] Christian CoIIberg, Ginger Myles, and Andrew Huntwork. Sandmark—A t001 for soft- ware protection research. IEEE 、 翩 〃 明 ノ P , 1 ( 4 ) : 4 ( ) ー 49 , 20 . IEEE. [ 8 幻 Christian Collberg, Ginger Myles, and Michael Stepp. An empirical study of Java bytecode programs. 0 4 尾 ー ー P 川 ⅳ を Ex. 〃 化 , う 7 ( 6 ) : う 81 ー 1 , 2007. [ 8 引 Christian Collberg,Jasv1r Nagra, and Will SnavelY. biånliän: Remote tamper-resistance with continuous replacement. Technical Report 08- , UniversitY of Arizona' 2008. [ 84 ] Christian Collberg, Jasvir Nagra, and Fei-Yue wang. Surreptitious software: M0dels from biology and history. 4 坊 ル 4 / CO 〃 尾 〃 化 0 〃 Ma 坊 e 4 / / Met ゐ 0 ム , MO els 4 〃 ノ ス 尾 ん 〃 化 ル CO 々 4 ′ Net ル 0 立 ″ , pages 1 ー 21 , Sept. 13 ー 15 , 2007. Springer-Verlag. [ 8 引 Christian collberg and Tapas Ranjan Sahoo. S0ftware watermarking ⅲ the frequency domain: implementation, analysis, and attacks. 1. 朝 2 刎 . 立 0 , リ ( 5 ) : 721 ー 755 , 2005. [ 86 ] Christian Collberg and Clark Thomborson. Software watermarking: M0dels and dY- namic embeddings. ln 朝 〃 尾 〃 化 犬 0 POPL ' 99 : The 26 ACM SIGPLAN- SIGACT 々 0 立 ツ 0 〃 P 〃 ツ ゆ Prog 切 g. レ 〃 g g , 1999. 「 8 刀 Christian CoIIberg, Clark Thomborson, and Douglas Low. A taxonomy of obfus- cating transformations. Technical Report 148 , Dep artment 0f Computer Science , The University of Auckland, New Zealand' July 1997. citeseer. ist.psu.edu/ coIIberg97taxonomy. html. 「 88 」 Christian Collberg, Clark Thomborson, and Douglas Low. Breaking abstractions and unstructuring data structures. ln IEEE ル 翔 4 〃 わ 〃 4 / CO 〃 秀 尾 〃 化 0 〃 CO 24 お 1 〃 ー guages,ICCL'98. , Chicago, May 1998. [ 89 」 Christian Collberg, clark Thomborson, and Douglas Low. Manufacturing cheap' re- silient, and stealthy opaque constructs. ln ACM SIGPLAN-SIGACT 、 新 2 。 立 ツ 0 〃 p 〃 ツ 夜 が イ 怦 og g ん 4 〃 g g POPE98' San Dieg0' January 1998. L90 」 Christian CoIlberg, Clark Thomborson, and Greg Townsend. Dynamic graph-based software fingerprinting. TOPLAS, 29 ( 6 ) : 1 7 , Oct0ber 2007. [ 91 ] Christian sven Collberg, clark David Thomborsom and Douglas Wai K0k Low. Ob- fuscation techniques for enhancing software security. U. S. Patent 6668 う 25 , December 20 . Assigned to InterTrust Technologies (Santa Clara, CA). 円 幻 S. D. conte, H. E. Dunsmore, and Y. Shen. 立 Ⅷ 尾 g 崩 g 〃 言 ノ 0 な . Benjamin-Cummings publishing CO. , lnc. Redwood CitY' 1986.

Surreptitious software obfuscation watermarking and tamperproofing for software protection


720 Bibliography ロ 10 ] Eduard K. de Jong. Rendering and encryption engine for application program obfus- cation. U. s. Application 200500691 引 , March 2005. Assigned t0 Sun Microsystems' lnc. は 11 」 saumya Debray, Benjamin Schwarz, Gregory Andrews' and Matthew Legendre. PLTO: A link-time optimizer for the lntel IA-32 architecture. ln Proc. 2007 ー - 紡 叩 0 〃 B 4 . Re ル 前 切 g ( W ' : 200. l) , September 2001. [ 11 幻 saumya K. Debray, William Evans, R0bert Muth' and Bjorn De Sutter. Compiler techniques for code compaction. ACM 7 . Program.. レ 〃 g. 、 新 立 . , 22 ( 2 ) う 78 ー 415 , 2000. は 1 引 Jean-Francois Dhem, Francois Koeune, Philippe-Alexandre Leroux' Patrick Mestré' Jean-Jacques Quisquater, and Jean-Louis 引 に ms. A pracucal implementation 0f the tlmmg attack. ln CARDIS, pages 167 ー 182 , 1998. Springer-Verlag. は 14 ] paul E Dietz. Maintaining order in a linked list. ln Pro 化 ノ ツ g the 74 坊 ス 〃 〃 / ACM 々 0 立 ツ 0 〃 T る CO 2 刎 g , pages 122 ー 127 , San Francisc0' May 1982. ACM. は 15 ] DoD. www.sstc-online.org/Exhibitor/exhibitorlist/OrgList.cfm?Letter=D' 2006. は 16 ] DoD. Bush comment. www.military.com/Content/MoreContent/l , 12 ① 44 , FL- [email protected]@[email protected]@.html, 2006. は 1 刀 stephen Dr 叩 e. Generalising the array split obfuscation. ル ル 厩 あ ″ 立 〃 化 , 177 : 202 ー 219 , 2006. は 18 」 Eldad Eilam. R ハ 〃 g : 尾 な 尾 怩 パ g 〃 〃 ツ g. WILEY, 200 う . [ 119 ] Rakan EI-KhaIiI and Angelos D. Keromytis. Hydan: lnformation hiding in program binaries. ln ー 〃 〃 4 / z わ 〃 4 / CO 〃 / 尾 〃 化 0 〃 わ 7 / 0 4 〃 わ 〃 4 〃 ノ CO 4 〃 な 4 々 わ 〃 ゞ e じ 4 〃 り , pages 189 ー 199.2004. Springer-Verlag. は 20 ] Bruce S. Elenbogen and Naeem seliya. Detecung outsourced student programmmg assignments.J. 朝 刎 . 4 〃 朝 〃 . , 23 け ) う 0 ー う 7 , 2008. は 21 ] W.. EIIiot and R. valenza. Was the Earl of Oxford the true Shakespeare? NO / ノ Q ″ 言 08 ( 4 ) う 01 ー 506 , 1991. は 2 幻 Mike Van Emmerik and Trent Waddington. Using a decompiler for real-world source recovery. ln 月 Ⅳ 0 g CO 〃 秀 尾 〃 化 0 〃 尺 e パ e E 〃 g / 〃 〃 ツ g い C 犬 E 200 の , pages 27 弓 6. IEEE, 2004. [ 12 引 paul England, Butler Lampson, John Manferdelli, Marcus Peinad0, and Bryan WiIIman. A trusted open platform. 朝 2 刎 e ら う 6 ( 7 ) : 55 2 , 20 の . [ 124 ] Ernie. Disk copy protection. http : //groups. google. com/group/comp.misc/msg/ 4 ① 9 ① 8776591692bb , March 1997. ロ 2 引 M. Anton ErtI. Stack caching for interpreters. SIGPLAN N 可 . , う 0 ( 6 ) う 15 27 , 199 う . は 26 ] Nick Farrell. Mac Display Eater kills home 石 les. The lnquirer(February 27 , 2007 ) , 2007. www.theinquirer.net/default . aspx?article=37824. は 2 刀 Robert Fitzgerald, Todd B. Knoblock, Erik Ruf, Bjarne Steensgaard, and David Tarditi. Marmot: an optlmmng compiler forJava. 、 ゞ 0 ア ル 4 肥 ー ー P ⅳ 4 〃 ノ Ex, 戸 〃 2 〃 化 , う 00 ) : 199 ー 2 う 2 , 2000.

Surreptitious software obfuscation watermarking and tamperproofing for software protection


Preface tO assume that the Army is worried about one of their missiles not exploding on lmpact, allowing the enemy access t0 the embedded targeting flight software. The DoD's current lnterest ⅲ protecting their software goes back to the infa- mous incident in 2001 when a—what CNN け ) 9 ] calls a US "Navy reconnaissance plane" but the rest of us know as a spy plane"—had a run-in with a Chinese fighter Jet and had to make an emergency landing on the Chinese island of Hainan. ln spite of George ( Bush's plea [ 116 ] for the "prompt return 'without further dam- age or tampering' 0f the crew and plane," the Chinese stalled, presumably so that they could gather as much information as possible from the plane's hardware and software. There is a claim [ 116 ] that all the software was erased: A former Pentagon intelligence official told United press lnternational the crew would have "zeroed" out the crypto analytic equlpment and other software on landing, essentially wiping their memories clean. Although the Chinese might have access to the hardware, the software that runs it would be almost impossible tO penetrate. Regardless ofwhether this is accurate or a carefully orchestrated leak to reassure the U. S. public (why was the software just 4 0 立 impossible to penetrate if it was ⅲ fact successfully wiped?), the DOD got significantly spooked and initiated a program to lnvestlgate technologies such as obfuscation and tamperproofing in order to protect sensitive weapons systems software. As one DOD official put it, 。 [T]he next time a plane goes down, we don't want to end up on the cover of the New 物 again [ 291 ]. ' Here's another quote from the DoD [ 11 第 : The Software Protection lnitiative (SPI) is an undertaking of the Depart- ment of Defense (DoD) to develop and deploy technologies to secure special-purpose computer programs contalning informatlon critical to DoD we 叩 on programs. SPI offers a novel approach to protecting high value computer programs. lt doesn't secure the computer or the network. ln- stead it empowers a single computer program to secure itself. This approach promises tO significantly improve DOD'S lnformation Assurance posture. SPI protection technology is effective on systems ranging from desktop 1. During a particularly lively dinner ⅲ BeiJing ⅲ January 2008 with Chinese security researchers, we (Collberg) asked about this incident. One person proudly announced, "Yes, some of the information was recovered ! " and then , realizing his mistake, immediately clammed up. was later corroborated by a different researcher at a second dinner: "The Americans didn't have trme to destroy everything! "

Surreptitious software obfuscation watermarking and tamperproofing for software protection


7 4 Bibliogr 叩 hy 卩 41 ] H. Tamada, M. Nakamura, A. Monden, and K. Matsumot0. Design and evaluation of birthmarks for detecting theft of Java programs. ln Proc• 切 、 ゞ 7 石 D ル 翔 〃 4 / Co 〃 秀 た 〃 化 0 〃 、 ゞ 0 ア ル 4 尾 E 〃 g ″ ツ g (IASTED SE 200 の , pages う 69 ー 575 , Feb. 2004. IASTED/ACTA. 卩 4 幻 H. Tamada, K. Okamoto, M. Nakamura, A. Monden, and K. Matsumot0. Dynamic software birthmarkmg to detect the theft of Windows 叩 plications. ln Pro 化 切 g ゞ イ the ル 4 朝 加 / 々 0 立 4 0 〃 ル 肥 立 第 4 尾 花 訪 〃 0 あ , Oct. 20 国 . 卩 4 引 Haruaki Tamada, Masahide Nakamura, Akit0 Monden' and Kenichi Matsumot0. De- tecting the theft ofprograms using birthmarks. lnformatlon Science Technical Report NAIST-IS-TR2003014 ISSN 0919-9527 , Graduate School of lnformation Science, Nara lnstitute of Science and Technology, Nov. 20 . 卩 44 ] Gang Tan, Yuqun chen, and Mariusz H. Jakubowski. l)elayed and controlled failures in tamper-resistant systems. ln ル ル ′ あ 〃 2006. Springer-Verlag. 卩 4 引 C. Thomborson, C. He, J. Nagra, and R. Somaraju. Tamper-proofing software water- marks. The Australasian lnformation SecuritY Workshop (AISWA) う 2 : 27 ー 36 , 2004. A ustralian Computer Society. 卩 46 ] CIark David Thomborson, Yong He, Ram Abhinav Somaraju' and Jasvir Nagra. Tamper-proofing watermarked computer programs. U. S. Application 200500 ) 0 う 96 , March 2005. Assigned to Auckland UniServices Limited. 卩 4 刀 Frank Tip. A survey of program slicing techniques. ル4翔4/イPmgな膨嬲Zツg. レ 〃 g g , う 0 ) : 121 ー 189 , September 1995. 卩 48 ] David S. Touretzky. Declaration in support of M0tion for Summary Judgement' in DVDCCA v. McLaughlin, Bunner, et al., case no. cv ー ー 786804 , November 2001. 卩 49 ] David S. Touretzky. Gallery of CSS descramblers. www. cs. cmu. Ga11ery, 2008. け 50 ] AIan M. Turing. On computable numbers, with an 叩 plication to the Entschei- dungsproblem. proceedings イ 坊 レ 〃 〃 M 厩 / 立 2 り , 2 ( 42 ) : 2 ろ g265 , 1 男 6. 卩 う 1 」 paul Tyma. Method for renaming identifiers of a computer program. t-J. S. patent 6 , 102 , 966 , 2000. 卩 5 幻 Sharath K. Udupa, saumya K. Debray, and Matias Madou. Deobfuscation: Reverse en- gineering obfuscated code. ln WCRE ' の : proc 市 〃 g ゞ / 72 Ⅳ 0 g 朝 〃 秀 尾 〃 化 0 〃 Re e E 〃 g 崩 g , pages 45 ー 54 , Washingtom 200 ). IEEE. 卩 5 引 unknown. Decoys: Tanks but NO Tanks. 7 冫 切 e M 鰓 ら (MondaY' Feb. 4 ) 1991. www.time.com/time/magazine/article/@, 9171 , 972244 , ① ① . html. 卩 う 4 ] Ramarathnam Venkatesan and VijayVazirani. Technique for producing through water- m arking hlghly tamper- resistant executable code and res ulting 。 waterm arked " code so formed. U. S. Patent 7051208 , May 2006. 卩 5 引 Ramarathnam Venkatesan, Vijay Vazirani, and Saurabh Sinha. A graph theoretic ap- proach to software watermarking. ln 4 坊 ル 4 朝 / ル ル 4 〃 Hiding Ⅳ 0 紡 , Pittsburgh, April 2001. Springer-Verlag. 卩 56 」 Hans peter Van Vliet. Crema—The Java obfuscator, January 1996. 卩 う 刀 Hans peter Van vliet. Mocha—The Java decompiler. www.brouhaha. comhueric/ software/mocha, January 1996.

Surreptitious software obfuscation watermarking and tamperproofing for software protection


86 Methods of Attack and Defen se which is why the algorithms in Ch 叩 ter 6 (Dynamic Obfuscation) were invented. The algorithms in Ch 叩 ter 7 (Software Tamperproofing) have been designed to make modifications Of the executable more difficult. ln this section we ve concentrated on attacking binary executables. lt's worth noting that many Ofthe problems the attacker faces go away when the target is instead a typed architecture-neutral format, such as Java bytecode. ln particular, accurate disassembly is trivial, accurate decompilation is always possible, and references to dynamic libraries are always exposed. The t001S we showed you in this sectlon are very mainstream and very simple. NOt only are there more powerful t001S ⅲ C01 mon use among the cracker 133t (the IDA Pro 0 刀 interactive disassembler and debugger and the SoftICE kernel mode debugger are both mainstays in the cracker community), it's also C01 mon for crackers to build their 0 ル 〃 specialized t001S. For example, ⅲ Section う .2. し 。 146 we'll show you a germ of a Linux debugger that could be specialized to perform common cracking tasks such as tracing system calls (a function gdb doesn't provide). You could also use it to build a simple code coverage t001 that would be useful for checking that your test cases have adequately covered the program after your crack. The type of challenge program you saw in Listing 2. し 、 62 is known in the cracking community as a 0 0 た 巳 There are lnternet sites devoted tO building and solving such exerclses. The site http : //craclanes. de, for example, has ()s of september 2008) 14 臼 6 registered users and 2 , 126 posted crackmes. 2.2 Defense Strategies SO far you've learned about various ways ⅲ which an attacker can analyze your pro- gram t0 find (and maybe destroy) a secret you've stored ⅲ it. The techniques range from stepping through the program, instruction by instructlon, with a debugger; running it under emulation; and decompiling it tO more easily digested source code. However, assuming th at you re one of the good guys , the question th at you really want this b00k tO answer is how tO 戸 ro your program from such attacks. As you read this b00k, you will see a few basic ideas reappearing many times in different gulses. For us, it's been interestlng to discover that these ideas are neither new nor limited tO use ln software: Since the dawn of time, plants and animals have developed surreptitious techniques for protecting themselves from predators, and over thousands Of years, humans have developed surreptltious techniques for protecting ourselves from the envlronment and from each other. ln this present part of the book we'll show you a model [ 84 ] that tries to capture these ideas and 叩 ply

Surreptitious software obfuscation watermarking and tamperproofing for software protection


7 2 Bibliography 卩 0 刀 Hex-Rays SA. The IDA pro disassembler and debugger. www.hex-rays ・ com/idapro' 2008. 卩 08 ] H. J. Saal and Z. weiss. An empirical study of APL programs. ル 4 / ル / Co 戸 刎 レ 〃 g ge , 20 ) : 47 ー 59 , 1977. け 09 」 Harry J. Saal and Zvi weiss. some properties of APL programs. ln Pro 化 市 〃 g イ 立 怩 〃 ル 翔 あ / CO 〃 秀 尾 〃 化 0 〃 APL pages 292 ー 297. ACM' 197 う . 卩 10 」 David safford. Clarifying misinformation on TCPA. Technicalreport' IBM Research' O ctober 2002. 卩 11 ] MooIy sagiv, Thomas Reps, and Reinhard Wilhelm. SOlving shape-analysis problems in languages with destructive updatlng. Technical report TR 1276 , Computer Sciences Department, Umversity 0f Wisconsin, Madisom JulY 1995. 卩 1 幻 Reiner sailer, Trent Jaeger, xiaolan Zhang, and Leendert van Doorn. Attestation- based policy enforcement for remote access. ln ccs ℃ 4 : proceedings イ / 月 坊 ACM Co 〃 秀 尾 〃 化 0 〃 Co 戸 4 〃 ノ CO 4 〃 な あ 立 ″ り , pages う 08 ー う 17 , New York' 2004. ACM. け 1 引 Reiner sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn. Design and implementation 0f a TCG-based integrity measurement architecture. ln YM ・ ' 04 : proceedings the わ CO 〃 秀 尾 〃 化 0 〃 USENIX 立 翩 の 20 立 ツ , pages 1 い 16 , BerkeIey, CA, 2004. USENIX. 卩 14 」 A SaIvadori, J. Gordon, and C. C 叩 stick. Static profile of COBOL programs. SIG- PLAN Notices, 10 ( 8 ) : 20 ー , 1975. 卩 1 引 Robert sather. 7 ・ ' pro あ 〃 朝 2 〃 立 ア 尾 ー ー 〃 、 「 花 訪 〃 0 あ ノ ス pp 厖 4 , Disc-based protection methods, pages 2 7. cambridge Un1versity Press' New York' 1989. け 16 」 saul Schleimer, Daniel Wilkerson, and Alex Aiken. Winnowing: Local algorithms for document fingerprinting. ln proceedings 坊 20 、 SIGMOD CO 〃 尾 〃 , 20 の . ACM. け 1 刀 D. schuler and V. Dallmeier. Detecting software theft with API call sequence sets. ln pro 化 市 〃 g ゞ イ e & Ⅳ 0 紡 立 ア 尾 尺 〃 gz ツ g , 2006. 卩 18 ] David schuler, valentin Dallmeier, and Christian Lindig. A dynamic birthmark for Java. 22 〃 ノ IEEE/ACM ル 4 〃 わ 〃 4 / CO 〃 秀 尾 〃 化 0 〃 ス 0 4 ノ 、 ゞ 0 ル 4 尾 E 〃 g ″ 〃 g い 、 ゞ E 2007 ) , 2007. ACM. 卩 19 」 B. Schwarz, S. Debray, and G. Andrews. DisassemblY of executable code revisited. ln WCRE ' 02 : Pro 化 ど 市 〃 the Nz 加 ん Ⅳ 0 / 〃 g CO 〃 秀 尾 〃 化 0 〃 Reverse E 〃 g 〃 〃 g ハ C 尺 E ' 02 ) , page 4 う , Washington, DC, 2002. IEEE. け 20 」 F-secure lnc. Global sl 叩 per worm information center. www. f-secure. com/slapper/' 2002. 卩 21 ] Dallas Semiconductor. Ds5002fp secure microprocessor chip. http : //datasheets. maxim-ic.com/en/ds/[email protected]@2FP.pdf' 2006. け 22 」 Arvind Seshadri, Mark Luk, Adrian perrig, Leendert van Doorm and Pradeep Khosla. Externally verifiable code execution. CO 4 〃 . ACM' 49 ( 9 ) : 4579 , 2006. け 2 引 Arvind Seshadri, Mark Luk, Elaine shi, Adrian perrib Leendert van Doorn' and pradeep Khosla. Pioneer: verifying code integrity an d enforcing untampered code execution on legacy systems. G 〇 P 0 戸 “ . Rev•' 39 ( 5 ) : 1 ー 16 , 2()05.