Theory and Practice of Program Obfuscation

Abstract

Software piracy has long been a confusing challenge to the software industry; especially with the popularity of the Internet today, this threat is growing more seriously. As a valuable form of data, software represents significant intellectual property. However, reverse engineering of software code by competitors may reveal important technological secrets, bring great harm to software developers and software providers. Because of this deterministic and self-cleared behaviour, as well as the environmental dependency property, when running under a malicious host, software may be accessed and modified by infinite resources and tools, all useful information would be definitely exposed to the attacker, which brings about great difficulty to software protection. Along with the intensification of software market competition, technology theft poses another threat to the intellectual property rights protection. The competitors may analyze and collect the key technology or algorithm in the software through reverse engineering, which will quickly narrow the technology gap. They can also adjust their strategy according to the weakness or leakage explored from the software, and then they can use them to carry on some attacks, resulting in malicious competition. In some cases, the competitors may even do not need to understand the software internal working principle, they can directly extract the key code and integrated it into their own software to effectively enhance their competitiveness, thus seize the market share. Clearly, there is a strong need for developing more efficient and effective mechanisms to protect software from becoming the victim of reverse engineering. Among those major approaches developed by different researchers, program obfuscation seems to be one of the most promising techniques. The concept of obfuscation was first mentioned by Diffie and Hellman (1976). When introducing the public-key cryptosystem, they claimed that, given any means for obscuring data structures in a private-key encryption scheme, one could convert this algorithm into a public-key encryption scheme. Informally, obfuscation is a kind of special translation process. It translates a “readable” program into a function equivalent one, but which is more “unreadable” or harder to understand relatively. This kind of translation has the widespread potential applications both in cryptography and software protection, such as designing homomorphic public-key cryptosystems, removing random oracles from cryptographic protocols and converting private-key encryption schemes into public-key ones etc. in cryptography, or preventing reverse engineering (Collberg et al. (1997, 1998a, 1998b)), defending against computer viruses (Cohen (1993), Josse (2006)), protecting software watermarks and fingerprints Source: Convergence and Hybrid Information Technologies, Book edited by: Marius Crisan, ISBN 978-953-307-068-1, pp. 426, March 2010, INTECH, Croatia, downloaded from SCIYO.COM