63 Encrypuon ln the first operation, a cleartext cell is xored with a key to make an encrypted cell. ln the second, an encrypted cell is xored with a key to make it a cleartext cell. ln the third, a cell that consists of two cells (white and gray) xored together with a key becomes a cleartext striped cell by xoring it with a cleartext white cell and the key. Have a 100k at this example: M() is the initial configuration, what the function 100kS like after it's been obfuscated but before execution starts. C() ( ⅲ light gray) is in cleartext since this is where execution will start. AII the other cells are xored with a key string, and in some cases, with another cell. Different cells have been encrypted with different keys. After C() has finished executing, all the cells in upper memory are xored into their respective partner cells in lower memory 4 〃ノ with a key, each cell with a different one. This gives you the configuration in MI. 嶬 have fixed the schedule ⅲ such a way that executlon should continue ⅲ C3. For C3 to become cleartext, we ve therefore fixed the keys so that the following will happen: 〇 B key ロ①① = ロ ln other words, the key that C3 was originally encrypted with is the same one that it is now xored with. The final round, M6 , yields a configuration identical to the initial one, M(). This means that the process IS ready to start over the next time the function is called.

6.2 Moving Code Around 371 IVc is the ″ ia / / of cell Cc , its value when the function is first called. / is the 4 / 4 / z わ〃 - ん / 〃び〃わ〃 , the function that xors this cell with its partner cell in the other memory region. 〃 x / , finally, is the number of the cell at which execution should contlnue after this one. TO construct these cells, the algorithm makes use of three data structures: two sets Of equations EI and 石 2 , and a table 〃 x /. EI expresses the current state of the memory cells as a function Of their initial values. 石 2 expresses h0 从 , - you can recover a piece of the original program p from the initial values IVo, Ⅳ← 1. The algorithm constructs the cells by "simulating" how they will be executed during runtime, updating 新 and E2 with each round. At the end of each round, the currently executing cell will issue a Jump to the next cell. As you re constructing the cells, you'll 石Ⅱ in a table 〃ば / that maps each cell to the cell it should jump to. Let's continue with the example above (it's adapted from an example in Auc- smith and Graunke に刀 ) , where a program P is split into 〃 6 subprograms . , ぅ , which reside in 6 cells Co, ... C5. P is straight line code, so the sub- programs will execute ⅲ the order po, PI . , P5. ln the initial configuration in the simulation, each cell Ct contalns its initial value 1 ⅣⅣⅣ畴 ⅣⅣⅣⅣⅣⅣ CO → ? C 1 → ? C → ? 0 1 0 1 2 3 4 5 0 1 2 3 4 5 The goal of the algorithm is to construct these initial values IV() IV5 and the schedule that determines which cell should be xored with which other cell. lnitially, C() is in cleartext (shown in light gray); this is where execution will start. From this you can draw the conclusion that the initial value in cell 0 should be P(). You enter this fact into 石 2. ln this example, 嶬℃ ' Ⅱ assume a very simple mutation function: l)uring even rounds, each cell / in upper memory is xored with cell / 十ろ in 10 嶬℃ r memory, and during Odd rounds, cell / in lower memory is xored with / ーう .

盟 e な々 0 が・ / イな砌可イ叩ゐがな c 皿イみッ な ea 立 9 月 0 、ノ 0 ぐ P X F な . ヨ 4. An 2 代 a from the posterior ) れ ion rests, while in the other ( の′ 0 conidia of another Daphnia. F なゞ . ヨー 42. spores in ( らイ ) remarn ln contact outside. F な . 6 タ . varlous stages Of alteration due to the actron The same picture as Fig. 68 , one-half hour of blood cells. F な . . A spore artially later. The conidium ( の has begun to form penetrating the wall: ( の small wa I open- a bud. F . 70. The same as Fig. 69 , without rng; ( の the lower portion of the spore, b100d cell ( の , which has in the meantime engulfed by a blood cell and markedly moved away, い vo hours later than Fig. 69. altered; (l) young Leptothrix, which has Conidium ( の is beginning to bud. g. 71. settled on the free portion of the spo 代 . The same picture, one and one-half hours F なゞ . 4 イ & Various stages of spore germina- after Fig. 70. F . 72. Two blood cells ad 戸 - tion and conidia formation. F なゞ . 49 ー夐 . A cent to four conidia. F な . お . A group of single blood cell in four different configura- conidia which have brought about the dis- tions. F な . づ 7. Various blood cells and solution of 2 blood cell that had engulfed conidia. F な . . A blood cell adjacent to a spo 代 . All that remains is an empty shell ハ vo conidia. F な . ータ . The same cell as in and fine debris. F な . 74. A fibrous phagocyte Fig. 58 , one-half hour later. . 石 0 ー 6 石 . containing three fungus cells. Fig. 7 An Various blood cells and conidia. g. 67. A injured layer of tissue with many blood ruptured blood cell, from which the conidia cells attached. F な . 76. A disrupted area of have escaped. F な . 6 & Two b 】 00d cells, in another Daphnia, also with many b100d cells. one Of WhiCh ( 4 ) a germinating conidium the earlier delicate spore can only be the blood corpuscles have united into determined through knowledge of the a fine-grained, pale plasmodium, which WhOle process Of transformation of still has the ability to move by amoe- one lntO the Other. ln the meantrme bOid mo ⅱ on. ()ccasionally one can 135 2 工

免疫学 第Ⅲ部 179 1 ミなメ , ・ん . ア新 3 れ 0 0 0 0. 1 イえ 有 / 0 0 んし P た X F な . ョイ . An area 仕 om the posterior portion rests, while in the other ( のれ vo conidia 0f another Daphnia. g ゞ . ガ 2. Spores. ⅲ ( らイ ) remain in contact outside. F な . 石去 various stages Of alteration due tO the action The same picture as Fig. 68, one-half hour later. The conidium ( イ ) has begun to form of b100d 0 。Ⅱ、 Fig. . A , 四 , 0 rartially penetrating the wall: ( の small wa 1 open- a bud. g. 70. The same as Fig. 69 , without mg; ( の the lower portion 0f the spore, b100d cell ( の , which has in the meantime engulfed by 2 b100d cell and markedly moved away, い VO hours later than Fig. 69. altered; 卩 ) young Lept0thrix, which has Conidium ( の is beginning to bud. F な . 71. settled on the free portion 0f the spo . The same picture, one and one-half g ゞ . イ 4 ー 4 & Various stages of spore germina- after Fig. 70. g. 72. Two b100d cells ad 戸 - cent to four conidia. な . 73. A group 0f tion and conidia formation. F なゞ . 4 ー . A single b100d cell in four different configura- conidia which have brought 2b0 the dis- 501u [ i011 0f a b100d cell that had engulfed tions. F な立 3 7. Various b100d cells and conidia. F な . . A b100d cell adjacent t0 2 spore ・ All that remains is ・ an empty shell れ vo conidia. g. . The same cell as in and fine debris. g. 74. A fibrous phagocyte Fig. 58 , one-half hour later. F なゞ . 砌ー . containing three fungus cells 、 F な . 7 . AII injured la er 0f tissue with many b100d Various b100d cells and conidia. g. 67. A cells 2 ac ed. F . 76. A disrupted 2 代 a 0f ruptured b100d cell, from which the conidia another Daphnia, 21S0 with many b100d cells. have escaped. F な . . TWO b100d cells, ⅲ one Of WhiCh ( 4 ) a germinating conidium

134 CHAPTER 5 DEVELOPMENT their long tails back and forth. They are produced daily in a man's testes and are carried in a fluid called semen. over the course Of a man's life hiS testes produce billions of sperms. Ova and sperms are collectively referred tO as gametes (from the Greek g ロ川 , meamng "mar- riage"). They are produced by the division ofspecial cells in the ovarles and testes. This division IS special because it results ⅲ cells that have 0 Ⅱ ly half the normal number Of chromosomes. lnstead Of having twenty-three 24 耘 Of chromosomes, sperms and ova contaln twenty-three 豆れ g chromosomes ーー one member Of each pair. FERTILIZATION AND DIFFERENTIATION once a ejaculates semen 1ntO a woman's the sperms begin theirjourney intO the uterus and up the fallopian tubes. Fertilization occurs if a sperm meets and unites With an OVt11 れ traveling downward through one of the fallopian tubes. (See 重 5.2. ) AS we saw, sperms and ova contaln twenty—three single chromosomes ーー one member Of each pair. when an ovum is fertilized, the palrs are reconsti- tuted in a single cell called a zygote, with one mem- ber ofeach new palr coming from each parent. ln this way, each parent contributes half 0f a child's genetic material. (See 5.3. ) A fertilized human egg is nothing more than a very large cell containing the twenty-three pairs 0f FIGURE 5.2 Path taken by an ovum. After ovulation, the ovum is swept int0 a fallopian tube by the fimbria and travels toward the uterus. げ fertilization occurs, it takes place in the fallopian tube. Vagina lnterior Of uterus human chromosomes. This cell divides and redi- vides, with each division doubling the previous number of cells. Just before a cell divides, it dupli- cates a11 Of its parts; it produces a duplicate set Of chromosomes, with one set going tO each ofthe tWO new cells. At first, the exact same cell is replicated, creating a mass Of identical cells. Then, according tO a special internal mechanism, the cells produced in this sequence Of divisions undergo differentiation in which the varlous cells "specialize" by acqmrmg certain distinctive features. Thus, a single cell de- velops intO a complex organlsm consisting Of thou- sands イ尾厩 kinds of cells. Differentiation is accomplished by a process that deactivates most Of the genes in a particular type Of cell. Just as a COOk keeps 1 れ ore recipes on flle than are necessary for the preparation Of a given meal, chro- 1 osomes contaln more sets Of instructlons than any one cell " i11 use in its lifetime. For example, a neuron contains the instructions for producing the enzymes that construct the enamel that covers teeth instructions that it will never f0110W. Different types of cells use different sets of recipes in their daily activlties. As the fertilized egg divides and redivides, some process, which we dO not yet understand, de- actlvates some Of the genes Of the newly formed cells. various sets Of genes become deactivated in specific types of cells at certain stages of develop- ment, and thus, the cells take on different func- tlons. ligament Ovarian Ovary Fimbria FaIIopiantube

0 Science Genes What are chromosomes? Chromosomes are tiny threads that are present in all cells 叩 art from red 00d cells. They contain all the information for an entire person to develop. There are 46 chromosomes in each cell. They come in 22 palrs, plus another special pair that deternunes a person's sex. Chromosomes are found in the cell nucleus but they are not normally visible under the microscope except when a cell is dividing. What are genes? 1 . Parent cell 2. TWin chromosomes become visible 3. TWin chromosomes line up X く く 4. TWin chromosomes split apart and move 5. Cell divides in two 6. Offspring cell 250

62 Moving Code Around algorithm builds up a network Of protected routines, each one checking one or more of the others, in such a way that to be successful an adversary must disable several checkers at once. will explore this idea in the tamperproofing chapter when we discuss Algorithm TPCA (Section 7.2. い 414 ). TO get the basic flavor of this algorithm, consider the following function f that has been split into six pieces, which we'll call cells: 567 ス日》 O 尸 f: The cells are divided into two regions in memory, upper and lower. Execution proceeds in rounds, such that during each round every cell in upper memory is xored with a cell in lower memory. Each time, a new cell becomes ⅲ the clear and execution Jumps there. During even rounds, the cells in upper memory are xored intO the cells in lower memory; during odd rounds, lower cells are xored into upper memory cells. After a certain number of rounds, the function returns to its initial configuration. This is important, because it means that every time a function is called, its code is ⅲ the same, initial, state. M() is the initial, obfuscated configuration of the function: E F (D B ( ) ロ 9

136 find in certarn places in the Daphnia body, whole heaps 0f these plasmodia, which are especially striking because of the grains which they contmn. I believe that the changes which take place in the spore are the results of the action of the b100d cells. This belief is based on the following obser- vatlOns. When a spore remains for a long time with half 0f it in the in- testinal wall and only half ingested bv the blood cell, only this latter part undcrgoes the regressive changes and becomes definitely decomposed, while 日 portion lying in the wall maintams completely its normal appearance. :such cxamples are tOO frequent tO one doubt 0f their generality. From what has been said above, it is cvident that spores which reach the body cavity are attacked by blood cells, and—probably through some sort of secretion—are killed and destroyed. ln other words, the blood corpuscles have the role Of protecting the or- ganism from infectious materials. 、 hiS does not always occur. ln cases which a large number of spores reach the body cavity, or for some other reason one or more spores remaln unaffected by the blood cells, the disease may break out. Because the process described here can be observed much more favorably 山 an the battle of phagocytes against bacteria, I will make 2 few additional comments on the observatlons. ln or- tO ()btain certarn results, one must ()bscrve one oroanism fOt• manv hours. Thcn one can see that the blood cells rcallv ingcst the spores. Sometimes this process occurs very quicklv, but Othcr times lt IS a very SIOW process. The number of spores which one bl()0d cell can ingest varies; ordinarily one finds 0 司 y two spores in each cell, but occasionally one can find three, four, or more spores. The b100d cell which ingests a par- IMMUNOLOGY asitlc spore still retains itS ability tO ()ccasionally spore-con- move. taining cells unite together intO a small plasmodium, which then harbors more parasites than usual. The blood cells are able to attack living fungus cells as well as thc spores. Although it is true that the fungus cells are destroyed by the b100d cells, on the Other hand, it can not be denied that the b100d cells can so be af- fected by the parasites. Several times I observed a blood cell full of para- sites rupture before my eyes, setting the fungus cells free again. Also I could see a number of times that blood cells in the neighborhood of a large number of fungus cells would gradu- ally dissolve and completel disappear ・ This indicates that the ungus cells produce a substance which iS deleteri- ous to blood cells. The farther along the disease has progressed, the more blood cells that are dissolved, SO that at the time when the Daphnia contains a significant number Of ripe spores, it reveals only a few or no b100d cells. Aside from the blood cells, onlv the iSOlated connective tlssue cells play a similar ro 厄 as phagocytes (eating cells). Thev behave in the same way as the b100d cells in the ingestion of fungus cells. ln the same way, they are dissolved by the fungus cells, so that in the later stages Of the disease, of the phagocvtes of the animal body disappear. Other tissue elements dO not suffer such a remarkable change. One mav see a large number of fungus cells develop on the heart muscle, but the heart continues tO con- tract regularly. When the Daphnia has once become sick and has produced fungus cells ln it, it generally dies without a chance of recovery. ln the last period of the disease, SO many spores have been

NETWORKTECHNOLOGY 8 セルスイッチ ATM セルはヘッダ処理部で VP レ VCI 値を変換し、出 カボートに関する情報を得たあと、セルスイッチに入力さ れます。セルスイッチは出力ポートに関する情報を利用し てセルを出力ポートに転送します。 セルスイッチにかぎらす、スイッチには一般にプロッキン グ・スイッチ (blocking switch) とノンプロッキング・スイ ッチ (non-blocking switch) の 2 種類があります。プロ ッキング・スイッチとは、複数の入力があった場合にその すべてを同時に出力ポートに転送することができない ( い くっかの入力は待たされる ) スイッチです。これに対して ノンプロッキング・スイッチは、つねにすべての入力を同 図 7 ASX-200WG/BX のスイッチの構成 ↓↓↓↓↓ NetMod NetMod 1 2 lnput lnput MUX MUX 図 6 TDM スイッチの原理 入力ポート セル・マルチプレクサ セルバス 制御バス 出力ポート NetMod 3 lnput MUX NetMod 4 lnput MUX CELL MULTIPLEXER CELL PAYLOAD CELL HEADER BANDWIDTH V 曰Ⅳ 0 TRANSLATION PO 凵 CING → nput PO →・ Output PO 2.5Gbps SHMEM CONTROL SHMEM CONTROL 9 0 13K Cells で Shared Memory PHY SHMEM CONTROL 0 13K Cells Shared Memory PHY SHMEM ち CONTROL 9 13K Cells 名 Shared Memory PHY 0. 13K Cells て Shared Memory PHY 34 UNIX MAG AZINE 1998.5

68 Dynamic Obfuscauon The top cell, the light gray Co, is ⅲ cleartext—this is where execution will start. Cells 1 , 4 , and 5 are 引 SO ⅲ the clear, but some Of them are not in the same location as in the unobfuscated COde. C2 and C3, however, are 〃 0 / in cleartext; they are the xored verslon Of tWO cells. This is why they are striped in the example above' tO indicate they are a mixture 0f the two cells 0f the corresponding shading. Keep ⅲ mind that because Ofthe nature Ofthe xor operation, if you xor a "striped dark gray¯ medium gray" cell with a cleartext dark gray cell' you get the cleartext dark gray E F EOF Have a 100k at this ex ample execuuon Of the fun ction above: Ⅷ①ロ = ロ E F cell! Or, in general: ロ E F [lln ロ ロ ロ EOF Ⅷ ロ ロ C D Ⅷ 国 ロ Ⅷ ロ C D Ⅷ ロ ロ ロ E F ロ C の D ロ ロ ロ EGF ロ ロ ロ C D Ⅷ EOF M6 = ・ When the function is called, execution starts at the cleartext cell 0, C()•When C() has finished executing, び e 〃加″々戸 e 0 な XO 尾ノル it る″ e 化〃加あル e 0 , leading tO configuration MI. ln this case' CO is xored intO C3 , CI is xored intO C4 , and C2 is xored intO C5 , but a different schedule Of course' possible. Execution next Jumps tO C3 , and after it has finished executing' the cells in lower memory are xored intO the corresponding cells ⅲ upper memory: C3 intO C()' C4 1ntO CI , C5 intO C2. cell CI is now in the clear, and execution contlnues there. NOtice that after six rounds you're back tO where you started, i. e. configuration イ 6