X hits on this document





51 / 120

of a program through tracing or stepping through instructions, we can employ control

flow obfuscations, which introduce confusing, randomized, benign logic that serves to

make live and static analysis (debugging and tracing) difficult. The often randomized

and recursive nature of effective control flow obfuscations can make traces more difficult

to understand and interactive debugging sessions less helpful: randomization makes the

execution of the program appear different each time it's run, while recursion makes

stepping through code more difficult because of deeply nested procedure calls.

In [5], three types of control flow transformations are introduced: computation,

aggregation, and ordering. Computation transformations reduce the readability of

machine code and, in the case of opaque predicates, can make it difficult for a decompiler

to generate equivalent high-level language source code. Aggregation transformations

destroy the high-level language structure of a program. For example, if a programmer

used the structured programming technique of functional decomposition, inlining the

code of many functions into a single function in the machine code would make it

impossible to recover the original program structure. Ordering transformations

randomize the order of operations in a program to make it more difficult to follow the

logic of a program during live or static analysis (debugging or tracing). To provide an

example of how control flow obfuscations can be applied to protect a non-trivial

program, we'll apply both a computation and ordering control flow obfuscation to the

trial limitation check in the Password Vault application, and analyze their potential

effectiveness, by gathering some statistics during execution of the obfuscated code.


Document info
Document views487
Page views488
Page last viewedFri Jan 20 07:59:32 UTC 2017