...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal in computer virology >On the possibility of practically obfuscating programs towards a unified perspective of code protection
【24h】

On the possibility of practically obfuscating programs towards a unified perspective of code protection

机译:关于朝着代码保护的统一观点实际混淆程序的可能性

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Barak et al. gave a first formalization of obfuscation, describing an obfuscator ({mathcal{O}}) as an efficient, probabilistic “compiler” that takes in input a program P and produces a new program ({mathcal{O}(P)}) that has the same functionality as P but is unintelligible. This means that any result an obfuscated program can compute is actually computable given only an input/output access (called oracle access) to the program P: we call such results trivial results. On the basis of this informal definition, they suggest a formal definition of obfuscation based on oracle access to programs and show that no obfuscator can exist according to this definition. They also try to relax the definition and show that, even with a restriction to some common classes of programs, there exists no obfuscator. In this work, we show that their definition is too restrictive and lacks a fundamental property, that we formalize by the notion of oracle programs. Oracle programs are an abstract notion which basically refers to perfectly obfuscated programs. We suggest a new definition of obfuscation based on these oracle programs and show that such obfuscators do not exist either. Considering the actual implementations of “obfuscators”, we define a new kind of obfuscators, ({tau}) -obfuscators. These are obfuscators that hide non trivial results at least for time ({tau}) . By restricting the ({tau}) -requirement to deobfuscation (that is outputting an intelligible program when fed with an obfuscated program in input), we show that such obfuscators do exist. Practical ({tau}) -obfuscation methods are presented at the end of this paper: we focus more specifically on code protection techniques in a malware context. Based on the fact that a malware may fulfill its action in an amount of time which may be far larger than the analysis time of any automated detection program, these obfuscation methods can be considered as efficient enough to greatly thwart automated analysis and put check on any antivirus software.
机译:巴拉克等人。给出了混淆的第一个形式化描述,将混淆器({mathcal {O}})描述为一种高效的概率“编译器”,它接受输入的程序P并生成一个新程序({mathcal {O}(P)}),该程序具有与P相同的功能,但难以理解。这意味着,仅对程序P进行输入/输出访问(称为oracle访问),混淆程序可以计算的任何结果实际上都是可计算的:我们称这种结果为琐碎的结果。在此非正式定义的基础上,他们提出了基于对程序的oracle访问的混淆的正式定义,并表明根据该定义不能存在混淆器。他们还尝试放松定义,并表明,即使对某些常见的程序类有所限制,也没有混淆器。在这项工作中,我们证明了它们的定义过于严格并且缺乏基本属性,我们通过oracle程序的概念对其进行了形式化。 Oracle程序是一个抽象概念,基本上是指完全混淆的程序。我们建议基于这些oracle程序的混淆的新定义,并表明这种混淆器也不存在。考虑到“混淆器”的实际实现,我们定义了一种新型的混淆器({tau})-混淆器。这些混淆器至少在一段时间内会隐藏非无关紧要的结果({tau})。通过将({tau})需求限制为去混淆(当在输入中输入混淆程序时输出可理解的程序),我们表明确实存在这种混淆器。本文末尾将介绍实用的(tau)混淆方法:我们将重点放在恶意软件上下文中的代码保护技术上。基于恶意软件可能在比任何自动检测程序的分析时间都长得多的时间内完成其行为的事实,这些混淆方法可以被认为足够有效,可以大大挫败自动分析并进行检查。防毒软件。

著录项

  • 来源
    《Journal in computer virology》 |2007年第1期|3-21|共19页
  • 作者

    Philippe Beaucamps; Eric Filiol;

  • 作者单位

    1.Ecoles des Mines de Nancy Parc de Saurupt CS 14 234 54042 Nancy Cédex France;

    2.Ecole Supérieure et d’Application des Transmissions Laboratoire de virologie et de cryptologie B.P. 18 35998 Rennes Armées France;

  • 收录信息
  • 原文格式 PDF
  • 正文语种 eng
  • 中图分类
  • 关键词

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号