DOC PREVIEW
SJSU CS 265 - Security by Obscurity

This preview shows page 1-2-3 out of 8 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 8 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 8 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 8 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 8 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Security by Obscurity: Code ObfuscationIntroductionGoals of ObfuscationClassification Of ObfuscationOpaque ConstructOpaque Construct (Cont.)What goes wrong?Conclusion/Questions?01/14/19 1Security by Obscurity: Security by Obscurity: Code ObfuscationCode ObfuscationKai-fan Lee01/14/19 2IntroductionIntroductionCurrent state of protecting intellectual property–Legal protection–Server side execution–Code encryption–Code obfuscationa transformation that transforms P to P`, such that P` preserves the same observable behavior as P, but much more difficult to analyze01/14/19 3Goals of ObfuscationGoals of ObfuscationCollberg’s 4 criteria–Potency: adds obscurity to confuse human reader–Stealth: transformation should not look obviousie: isPrime(375823463…71)–Resilience: hard to remove by automatic method–Cost: should not add too much overhead01/14/19 4Classification Of ObfuscationClassification Of ObfuscationLayout TransformationPreventive Transformation–ie: Mocha (decompiler) vs. HoseMocha (obfuscator)Data Transformation–Storage: ex: convert static data to procedure–Encoding: ex: redefine data value–Aggregation–OrderingControl Transformation–Aggregation: ex: inline & outline–Ordering: spaghetti code–Computation: ex: loop transform, dead code insertion01/14/19 5Opaque ConstructOpaque ConstructDead code insertion is most often used, and easiest to implementEx: PT (5>1):predicate always evaluated to be true, PF (1>5):predicate always evaluated to be falseProblem: dead code can be easily removedSolution: Opaque construct in point p of a program is the variable V or a fragment of program P, which has a value that is well known during the time of obfuscation, but is very hard to determine after obfuscation. If (5>1)T {S;} else {Sbug;} If (1>5)F {Sbug;}S; While (E and (5>1)T) {S;}01/14/19 6Opaque Construct (Cont.)Opaque Construct (Cont.)Mathematical truth:((x+x2) mod 2 = 0)T ((28x2-13x-5) mod 9 = 0)T Decent resilience, but not very potent and stealthyPointer alias problem:NP hard to solve(g != h)T(f != h)T01/14/19 7What goes wrong?What goes wrong?Hard to debug May Promote Piracy01/14/19 8Conclusion/Questions?Conclusion/Questions?Will play an important role in the future because of ANDFMicrosoft already planned to ship their visual studio .NET with third party obfuscatorThank


View Full Document

SJSU CS 265 - Security by Obscurity

Documents in this Course
Stem

Stem

9 pages

WinZip

WinZip

6 pages

Rsync

Rsync

7 pages

Hunter

Hunter

11 pages

SSH

SSH

16 pages

RSA

RSA

7 pages

Akenti

Akenti

17 pages

Blunders

Blunders

51 pages

Captcha

Captcha

6 pages

Radius

Radius

8 pages

Firewall

Firewall

10 pages

SAP

SAP

6 pages

SECURITY

SECURITY

19 pages

Rsync

Rsync

18 pages

MDSD

MDSD

9 pages

honeypots

honeypots

15 pages

VPN

VPN

6 pages

Wang

Wang

18 pages

TKIP

TKIP

6 pages

ESP

ESP

6 pages

Dai

Dai

5 pages

Load more
Download Security by Obscurity
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Security by Obscurity and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Security by Obscurity 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?