Skip to Main content Skip to Navigation
Journal articles

On the possibility of practically obfuscating programs - Towards a unified perspective of code protection

Philippe Beaucamps 1 Eric Filiol 2
1 CARTE - Theoretical adverse computations, and safety
LORIA - FM - Department of Formal Methods , Inria Nancy - Grand Est
Abstract : Barak et al. gave a first formalization of obfuscation, describing an obfuscator $O$ as an efficient, probabilistic "compiler" that takes in input a program $P$ and produces a new program $O(P)$ that has the same functionality as $P$ but is unintelligible. This mean that any result an obfuscated program can compute is actually computable given only an input/output access (called oracle access) to the program $P$: we call such results trivial results. On the basis of this informal definition, they suggest a formal definition of obfuscation based on oracle access to programs and show that no obfuscator can exist according to this definition. They also try to relax the definition and show that, even with a restriction to some common classes of programs, there exists no obfuscator. In this work, we show that their definition is inaccurate and lacks a fundamental property, that we formalize by the notion of oracle programs. Oracle programs are an abstract notion which basically refers to perfectly obfuscated programs. We suggest a new definition of obfuscation based on these oracle programs and show that such obfuscators do not exist either. Considering the actual implementations of "obfuscators", we define a new kind of obfuscators, $τ$-obfuscators. These are obfuscators that hide non trivial results at least for time $τ$. By restricting the $τ$-requirement to deobfuscation (that is outputting an intelligible program when fed with an obfuscated program in input), we show that such obfuscators do exist. Practical $τ$-obfuscation methods are presented at the end of this paper: we focus more specifically on code protection techniques in a malware context. Based on the fact that a malware may fulfill its action in an amount of time which may be far larger than the analysis time of any automated detection program, these obfuscation methods can be considered as efficient enough to greatly thwart automated analysis and put check on any antivirus software.
Document type :
Journal articles
Complete list of metadata

Cited literature [13 references]  Display  Hide  Download

https://hal.inria.fr/inria-00338074
Contributor : Philippe Beaucamps <>
Submitted on : Monday, November 10, 2008 - 9:48:27 PM
Last modification on : Tuesday, December 18, 2018 - 4:48:02 PM
Long-term archiving on: : Monday, June 7, 2010 - 10:51:38 PM

Files

beaucamps-filiol07-obfuscation...
Publisher files allowed on an open archive

Identifiers

Collections

Citation

Philippe Beaucamps, Eric Filiol. On the possibility of practically obfuscating programs - Towards a unified perspective of code protection. Journal in Computer Virology, Springer Verlag, 2007, 3 (1), pp.3-21. ⟨10.1007/s11416-006-0029-6⟩. ⟨inria-00338074⟩

Share

Metrics

Record views

493

Files downloads

667