Code Obfuscation - A Hacking view on program analysis and understanding.
The tutorial is intended to present the most recent achievements in code protecting methods and technologies, ranging from code obfuscation to tamper proofing technique, in a programming languages way. The battle scenario involves attackers intended to extract information by reverse engineering the code, and protecting code transformations modelled as distorted compilers devoted to inhibit these attacks. Attacks are inhibited by maximising imprecision in all attempts made by the attacker to exploit control and data- flow of the obscured code. After a brief survey on the state of the art in the field, we introduce a model for code obfuscation which is general enough to include generic automated static and dynamic attacks. Protecting transformations are then systematically and formally derived as distorted compilers, obtained by specialising a suitably distorted interpreter for the given programming language with respect to the source code to protect. Interestingly this distortion corresponds precisely to defeat the potency of the expected attacker, which is itself an interpreter and whose potency consists in its ability to extract a complete and precise view of program’s execution.
Roberto Giacobazzi received the Laurea degree in Computer Science in 1988 from the University of Pisa, and in 1993 he received the Ph.D. in Computer Science from the same university, with a Ph.D. thesis on Semantic aspects of logic program analysis, under the supervision of Prof. Giorgio Levi. From 1993 to 1995 he had a Post Doctoral Research position at Laboratoire d’Informatique (LIX), Ecole Polytechnique (Paris) in the equipe Cousot. From 1995 to 1998 he was (tenured) Assistant Professor in Computer Science at the University of Pisa. From May 2000 until now he is Full Professor in Computer Science at the University of Verona. The research interests of Roberto Giacobazzi include abstract interpretation, static program analysis, semantics of programming languages, program verification, abstract model-checking, program transformation and optimization, digital asset protection, code obfuscation, malware detection, software watermarking and lattice theory. He has been Program Chair of SAS, VMCAI, of workshops in programming languages and language based security, and General Chair of ACM POPL2013. He is currently in the Steering committee of SAS and ACM POPL. From 2006 to 2012 he has been Dean of the College of Science of the University of Verona. He is now in his sabbatical year at IMDEA Software Institute.
Mon 8 Jan
|09:00 - 10:30|
|11:00 - 12:00|