Code Obfuscation:
A Hacking view on program analysis and understanding
Course outline (~24h)
- Obfuscation: informal definition, the battleground in the large, code protection technologies, examples in malware & IP/key protection. The market: economic & sociological impact. (2h) [slides]
- Theory of Compilers: Ordered structures, complete lattices, fix-points, Semantics, Interpreters, Specialisers. Futamura projections. Examples in Scheme/Imp. (4h) [slides1 and slides2]
- Theory of code obfuscation: PTM, one-way functions, point functions, VBB, possibility and impossibility results (2h) [slides]
- Abstract interpretation based program analysis: Soundness. (4h) [slides]
- Constraining attackers in an abstract interpreter: Completeness. (4h) [slides]
- Obscuring code: hacking an abstract interpreter: A method and with some examples on code flattening, anti program slicing & anti monitoring. (2h) [slides]
- Hands-on: Imp and Interproc. (2h) [slides]
- Dynamic protection, Tamper proofing, challenges & open problems (4h) [slides]
All material is protected by password. You can have the password by contacting me.
Exam
The exam will be a contest in making code obscure for some static analysers. The benchmark analyser/attacker is Interproc. A hands on session will show how it works.