2. Optimized software protection
WHY OBFUSCATING CODE ?
THE I.P GROWING CONCERN
COMPETITIVE EDGE MOVING FROM HARDWARE TO SOFTWARE (SOFTWARIZATION
TREND)
SOFTWARE PATENTABILITY IS VERY QUESTIONABLE
ZERO INVESTMENT FOR THE ATTACKER - TWO CLICKS I.P VIOLATION
PARADOXICAL SITUATION
NEW CORPORATE STRATEGIC TOPIC
THE PARADOX OF SOFTWARE
PROTECTIONE)
3. Optimized software protection
WHY OBFUSCATING CODE ?
THE CYBER GROWING CONCERN
OBFUSCATION IS THE NEXT TOPIC IN CYBER
JUST BECAUSE SOFTWARE IS CORE EVERYWHERE
4. Optimized software protection
YOUR OBFUSCATION OBJECTIVES MAY BE PART OF:
A. LEVERAGE ATTACKER EFFORT HIGHER THAN DEVELOPMENT
COSTS
B. PREVENT HIGHLY SENSITIVE CODE FROM BEING ANALYSED
C. PROTECT CODE THAT DEAL WITH SENSITIVE DATA
D. HIDE YOUR USE OF LIBRARIES OR THIRD PARTY CODE
POTENTIALLY KNOWN TO BE VULNERABLE.
ACCURACY (GRANULARITY) , ANY CODE
INCLUDING 3RD PARTY
5. Optimized software protection
ATTACKER CODE ANALYSIS READS
STATIC
ALL CODE
BEING UNDER
SCRUTINY
DYNAMIC
STEP BY STEP CODE
TRACING
EXPANDING THE CODE COMPLEXITY: TWO DIMENSIONS:
HORIZONTAL AND VERTICAL AXIS
6. Optimized software protection
Original Obfuscated code graph
(SOLIDSHIELD)
OBFUSCATION IMPACT
verticalextent
Horizontal extent
Artificial complexity of the
graph (horizontal extent)
does NOT bring much if
attack is aimed at
intelligence collecting.
Code expansion (vertical
extent) if not reducible
generate the extra effort
7. Optimized software protection
BEST DEFENSE TACTICS
DELAY THE DYNAMIC ANALYSIS WITH NON
REDUCIBLE COMPLEX CODE LAYER
<>
CODE EXPANSION MADE OF
VARIABLE CODE PATTERNS
BLOCK STATIC ANALYSIS
8. Optimized software protection
The attacker will collect an execution trace and will try to
find out repetitions to shorten her code analysis work.
>BREAK PROGRESS
9. Optimized software protection
OPTIMIZED CONVERTER OF YOUR
BUDGET* INTO ATTACKER's EFFORT
(Budget*=acceptable software performance degradation)
VARIABILITY/ NO REPETITIONS
10. Optimized software protection
LOOPS AND ESPECIALLY
NESTED LOOPS ARE ALWAYS
CRITICAL WHEN APPLYING
OBFUSCATION
CONTROL ON PERFORMANCE
DEGRADATION IS TOTALLY
UNDER YOUR BUDGET
GRANULAR SETTING
INSTRUCTION LEVEL
12. Optimized software protection
FONCTION A
VIRTUALISER
(CODE)
BYTECODE
SYNTAXE GENEREE
DYNAMIQUEMENT
(=DONNÉES)
ENSEMBLE
D'EXECUTEURS
(MACHINE VIRTUELLE)
(CODE)
CODE VIRTUALIZATION
Principle: It transforms your code into a
project-specific-syntax-bytecode totally
opaque for the reverser (and the machine).
The bytecode is decoded line by line with a set
of executors at runtime. The same instruction
of the bytecode can be decoded by very
different executors, which generates no
repetition on the executed trace, thus no short
cut for the reverser
13. Optimized software protection
CODE VIRTUALIZATION AAA FEATURES:
A. IT GENERATES INFINITE VARIABILITY AT THE LOWEST GRAIN (EACH
INSTRUCTION CAN BE VERY DIFFERENTLY EMULATED)
A. EACH INSTRUCTION EMULATION CAN BE SWITCHED OFF, HENCE
DELIVERING TOTAL CONTROL ON PERFORMANCE AT THE LOWEST
GRAIN
A. EACH INSTRUCTION EMULATION CAN BE INVERSED (BY US) AND
TESTED FOR SAFETY CHECKS AT THE LOWEST GRAIN.
VIRTUALIZATION JOKER CARD:
CODE VIRTUALIZATION IS APPLIED ON ANY CODE
WITHOUT ACCESS TO ITS SOURCES OR DEVELOPER.
IT CAN BE SETTUP BY ANY PARTY WITHOUT
PROGRAMING, FOR THE EASIEST WORKFLOW.