1 / 5

Computing means Interpreting

Computing means Interpreting. Abstraction. For large/real programs control/data flow is too complex for being understandable by humans: Reverse Engineering needs abstraction! Reverse Engineering needs automated tools!. Interpretation.

zahur
Download Presentation

Computing means Interpreting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computing means Interpreting • Abstraction • For large/real programs control/data flow • is too complex for being understandable by humans: • Reverse Engineering needs abstraction! • Reverse Engineering needs automated tools! • Interpretation • Abstract Interpretation is a general theory for approximating the semantics of dynamic systems • (Cousot & Cousot 1977)

  2. More Concrete • observation Modeling the Adversary: Degrees of abstraction • More Abstract • observation

  3. P Reverse Engineering is Interpreting • Each tool is an Abstract Interpretation • Proof • key • We can quantify the security achieved by looking at proof complexity!

  4. Constrained Adversary • BinHunt • IDA Pro • BinDiff • HexRays • BinJuice • GDB • OllyDbg • Disassembler • O(P) Protecting is obscuring Interpretation • Transform code to make all tools blind • Tracing • Concolic • SMT • Decompiler • Theorem Prover • Slicing • SAT • Profiling • VMware • Emulation • Static Analysis • Dynamic Analysis • Monitoring • Proof • Removing noise means refining abstractions / complicating proofs! (Giacobazzi et al 2000 / 2012)

  5. High Measuring Adversary Strength • Force the attacker to use automated tools (programs of large size and highly interconnected) • Design code transformations making tools blind • Determine lower bounds for proof complexity in obfuscated code • Measure the degree of noise/slowdown induced in obfuscation • Proof complexity • Low • High • Degree of obfuscation • Low • By constraining the adversary within a theorem prover we can quantify the security achieved from obfuscation

More Related