Linkedin SOLIDSHIELD

Optimized software protection
EFFICIENT CODE OBFUSCATOR
DESIGN CRITERIA

WHY OBFUSCATING CODE ?
THE I.P GROWING CONCERN
 COMPETITIVE EDGE MOVING FROM HARDWARE TO SOFTWARE (SOFTWARIZATION
TREND)
 SOFTWARE PATENTABILITY IS VERY QUESTIONABLE
 ZERO INVESTMENT FOR THE ATTACKER - TWO CLICKS I.P VIOLATION
PARADOXICAL SITUATION
NEW CORPORATE STRATEGIC TOPIC
THE PARADOX OF SOFTWARE
PROTECTIONE)

WHY OBFUSCATING CODE ?
THE CYBER GROWING CONCERN
OBFUSCATION IS THE NEXT TOPIC IN CYBER
JUST BECAUSE SOFTWARE IS CORE EVERYWHERE

YOUR OBFUSCATION OBJECTIVES MAY BE PART OF:
A.  LEVERAGE ATTACKER EFFORT HIGHER THAN DEVELOPMENT
COSTS
B.  PREVENT HIGHLY SENSITIVE CODE FROM BEING ANALYSED
C.  PROTECT CODE THAT DEAL WITH SENSITIVE DATA
D.  HIDE YOUR USE OF LIBRARIES OR THIRD PARTY CODE
POTENTIALLY KNOWN TO BE VULNERABLE.
ACCURACY (GRANULARITY) , ANY CODE
INCLUDING 3RD PARTY

ATTACKER CODE ANALYSIS READS
STATIC
ALL CODE
BEING UNDER
SCRUTINY
DYNAMIC
STEP BY STEP CODE
TRACING
EXPANDING THE CODE COMPLEXITY: TWO DIMENSIONS:
HORIZONTAL AND VERTICAL AXIS

Original Obfuscated code graph
(SOLIDSHIELD)
OBFUSCATION IMPACT
verticalextent
Horizontal extent
Artificial complexity of the
graph (horizontal extent)
does NOT bring much if
attack is aimed at
intelligence collecting.
Code expansion (vertical
extent) if not reducible
generate the extra effort

BEST DEFENSE TACTICS
DELAY THE DYNAMIC ANALYSIS WITH NON
REDUCIBLE COMPLEX CODE LAYER
<>
CODE EXPANSION MADE OF
VARIABLE CODE PATTERNS
BLOCK STATIC ANALYSIS

The attacker will collect an execution trace and will try to
find out repetitions to shorten her code analysis work.
>BREAK PROGRESS

OPTIMIZED CONVERTER OF YOUR
BUDGET* INTO ATTACKER's EFFORT
(Budget*=acceptable software performance degradation)
VARIABILITY/ NO REPETITIONS

LOOPS AND ESPECIALLY
NESTED LOOPS ARE ALWAYS
CRITICAL WHEN APPLYING
OBFUSCATION
CONTROL ON PERFORMANCE
DEGRADATION IS TOTALLY
UNDER YOUR BUDGET
GRANULAR SETTING
INSTRUCTION LEVEL

POWER
OPPOSING FORCES
POWER MEANS
CODE
EXPANSION
AND
VARIABILITY

FONCTION A
VIRTUALISER
(CODE)
BYTECODE
SYNTAXE GENEREE
DYNAMIQUEMENT
(=DONNÉES)
ENSEMBLE
D'EXECUTEURS
(MACHINE VIRTUELLE)
(CODE)
CODE VIRTUALIZATION
Principle: It transforms your code into a
project-specific-syntax-bytecode totally
opaque for the reverser (and the machine).
The bytecode is decoded line by line with a set
of executors at runtime. The same instruction
of the bytecode can be decoded by very
different executors, which generates no
repetition on the executed trace, thus no short
cut for the reverser

CODE VIRTUALIZATION AAA FEATURES:
A. IT GENERATES INFINITE VARIABILITY AT THE LOWEST GRAIN (EACH
INSTRUCTION CAN BE VERY DIFFERENTLY EMULATED)
A. EACH INSTRUCTION EMULATION CAN BE SWITCHED OFF, HENCE
DELIVERING TOTAL CONTROL ON PERFORMANCE AT THE LOWEST
GRAIN
A. EACH INSTRUCTION EMULATION CAN BE INVERSED (BY US) AND
TESTED FOR SAFETY CHECKS AT THE LOWEST GRAIN.
VIRTUALIZATION JOKER CARD:
CODE VIRTUALIZATION IS APPLIED ON ANY CODE
WITHOUT ACCESS TO ITS SOURCES OR DEVELOPER.
IT CAN BE SETTUP BY ANY PARTY WITHOUT
PROGRAMING, FOR THE EASIEST WORKFLOW.

SOLIDSHIELD
VIRTUALIZATION SOLUTION
MAKES THE BEST USE OF
ENERGY
(i.e, the code expansion)
TO GENERATE THE HIGHEST
LEVEL OF EFFORTS
(in your budget of performance degradation).

Linkedin SOLIDSHIELD

Recommended

Recommended

More Related Content

Similar to Linkedin SOLIDSHIELD

Similar to Linkedin SOLIDSHIELD (20)

Linkedin SOLIDSHIELD