Tools & Methods of Program Analysis (TMPA-2013)
Vladimir A. Zakharov, Associate Professor of Mathematical Cybernetics Department, Head of Laboratory of Mathematical Problems of Computer Security, Faculty of Computational Mathematics and Cybernetics, Moscow State University (MSU)
Mathematical Aspects of Program Obfuscation
7. ÄÂÀ ÍÀÏÐÀÂËÅÍÈß ÈÑÑËÅÄÎÂÀÍÈÉ
Îáôóñêàöèÿ äëÿ îáåñïå÷åíèÿ êîìïüþòåðíîé
áåçîïàñíîñòè
Collberg C., Thomborson C., Low D. A taxonomy of obfuscating
transformations, Tech. Report, N 148, Dept. of Computer Science,
University of Auckland, 1997.
Îáôóñêèðóþùèå ïðåîáðàçîâàíèÿ ìîæíî èñïîëüçîâàòü äëÿ
çàùèòû èíòåëëåêòóàëüíîé ñîáñòâåííîñòè íà ïðîãðàììíîå
îáåñïå÷åíèå,
èíôîðìàöèîííîé çàùèòû ìîáèëüíûõ àãåíòîâ è
ìèêðîýëåêòðîííûõ ñõåì íà ýòàïå ïðîåêòèðîâàíèÿ,
à òàêæå äëÿ
8. ÄÂÀ ÍÀÏÐÀÂËÅÍÈß ÈÑÑËÅÄÎÂÀÍÈÉ
Îáôóñêàöèÿ äëÿ îáåñïå÷åíèÿ êîìïüþòåðíîé
áåçîïàñíîñòè
Collberg C., Thomborson C., Low D. A taxonomy of obfuscating
transformations, Tech. Report, N 148, Dept. of Computer Science,
University of Auckland, 1997.
Îáôóñêèðóþùèå ïðåîáðàçîâàíèÿ ìîæíî èñïîëüçîâàòü äëÿ
çàùèòû èíòåëëåêòóàëüíîé ñîáñòâåííîñòè íà ïðîãðàììíîå
îáåñïå÷åíèå,
èíôîðìàöèîííîé çàùèòû ìîáèëüíûõ àãåíòîâ è
ìèêðîýëåêòðîííûõ ñõåì íà ýòàïå ïðîåêòèðîâàíèÿ,
à òàêæå äëÿ
ñîêðûòèÿ èñêóññòâåííûõ óÿçâèìîñòåé â ïðîãðàììàõ ,
ìàñêèðîâêè êîìïüþòåðíûõ ¾âèðóñîâ¿ ,
óäàëåíèÿ ¾âîäÿíûõ çíàêîâ¿ èç ïðîãðàìì .
9. ÄÂÀ ÍÀÏÐÀÂËÅÍÈß ÈÑÑËÅÄÎÂÀÍÈÉ
Îáôóñêàöèÿ äëÿ îáåñïå÷åíèÿ êîìïüþòåðíîé
áåçîïàñíîñòè
Öåëü îáôóñêàöèè îêàçàòü ïðîòèâîäåéñòâèå ìåòîäàì
îáðàòíîé èíæåíåðèè è àëãîðèòìàì ñòàòè÷åñêîãî è
äèíàìè÷åñêîãî àíàëèçà ïðîãðàìì.
Ñîâðåìåííîå ñîñòîÿíèå äåë â ýòîì íàïðàâëåíèè
èññëåäîâàíèé òàêîâî:
ìíîãî ¾ýâðèñòè÷åñêèõ¿ ìåòîäîâ îáôóñêàöèè,
è íèêàêèõ îöåíîê èõ ñòîéêîñòè.
10. ÄÂÀ ÍÀÏÐÀÂËÅÍÈß ÈÑÑËÅÄÎÂÀÍÈÉ
Îáôóñêàöèÿ äëÿ îáåñïå÷åíèÿ êîìïüþòåðíîé
áåçîïàñíîñòè
C. Wang, ¾A Security Architecture for survivability Mechanisms¿,
PhD thesis, Dep. of Computer Science, University of Virginia, 2000.
G. Wroblewski, ¾General Method of Program Code Obfuscation¿,
PhD thesis, Wroclaw University, 2002.
À.Â. ×åðíîâ, ¾Èññëåäîâàíèå è ðàçðàáîòêà ìåòîäîëîãèè
ìàñêèðîâêè ïðîãðàìì¿, Äèññ. íà ñîèñêàíèå ó÷. ñò. ê.ô.-ì.í,
ÂÌÊ ÌÃÓ, 2003.
Y. T. Kalai, ¾Attacks on the Fiat-Shamir Paradigm and Program
Obfuscation¿, PhD thesis, MIT, 2006
11. ÄÂÀ ÍÀÏÐÀÂËÅÍÈß ÈÑÑËÅÄÎÂÀÍÈÉ
Îáôóñêàöèÿ äëÿ îáåñïå÷åíèÿ êîìïüþòåðíîé
áåçîïàñíîñòè
S. Drape, ¾Obfuscation of Abstract Data-Types¿, PhD thesis,
University of Oxford, 2004.
Ä.À. Ùåëêóíîâ, ¾Ðàçðàáîòêà ìåòîäèê çàùèòû ïðîãðàìì îò
àíàëèçà è ìîäèôèêàöèè íà îñíîâå çàïóòûâàíèÿ êîäà è
äàííûõ¿, Äèññ. íà ñîèñêàíèå ó÷. ñò. ê.ò.íàóê, ÌÃÒÓ èì. Í.Ý.
Áàóìàíà, 2009.
Mila Dalla Preda, ¾Code Obfuscation and Malware Detection by
Abstract Interpretation¿, Ph.D. Thesis. Universita degli Studi di
Verona, 2007.
12. ÄÂÀ ÍÀÏÐÀÂËÅÍÈß ÈÑÑËÅÄÎÂÀÍÈÉ
Îáôóñêàöèÿ äëÿ îáåñïå÷åíèÿ êîìïüþòåðíîé
áåçîïàñíîñòè
Í.À. Êîíîíîâ, ¾Ñòðóêòóðíàÿ îïòèìèçàöèÿ è îáôóñêàöèÿ
êîìáèíàöèîííûõ öèôðîâûõ ñõåì â áàçèñå ÏËÈÑ/ÑÁÌÊ¿,
Äèññ. íà ñîèñêàíèå ó÷. ñò. ê.ò.í., ÌÈÝÒ, 2011.
J. Cappaert, ¾Code Obfuscation Techniques for Software
Protection¿, PhD thesis, Katholieke Universiteit Leuven, B. Preneel
(promotor), 112+14 pages, 2012.
C. Collberg, J. Nagra. ¾Surreptitious Software: Obfuscation,
Watermarking, and Tamperproong for Program Protection.¿
Addison-Wesley Professional, 2009.
18. ÎÁÔÓÑÊÀÖÈß ×ÀÑÒÈ×ÍÎ ÇÀÙÈÙÅÍÍÛÕ
ÏÐÎÃÐÀÌÌ
R. Ostrovsky, Ecient computation on oblivious RAM, Proc. of
22nd ACM Symposium on Theory of Computing (STOC-90)
Çàùèùåííûé ïðîöåññîð P èìååò îòêðûòóþ ïàìÿòü M :
M ⇐⇒ P
19. ÎÁÔÓÑÊÀÖÈß ×ÀÑÒÈ×ÍÎ ÇÀÙÈÙÅÍÍÛÕ
ÏÐÎÃÐÀÌÌ
R. Ostrovsky, Ecient computation on oblivious RAM, Proc. of
22nd ACM Symposium on Theory of Computing (STOC-90)
Çàùèùåííûé ïðîöåññîð P èìååò îòêðûòóþ ïàìÿòü M :
Òåîðåìà
M ⇐⇒ P
Åñëè ñóùåñòâóþò îäíîñòîðîííèå ôóíêöèè, òî ëþáóþ
ïðîãðàììó π ìîæíî ïðåîáðàçîâàòü â ýêâèâàëåíòíóþ ïðîãðàììó
O(π) òàê, ÷òî:
1. Time(O(π)) = Time(π) × log3(Time(π));
2. Ïðè âûïîëíåíèè O(π) íà âû÷èñëèòåëüíîì óñòðîéñòâå ñ
çàêðûòûì ïðîöåññîðîì P è îòêðûòîé ïàìÿòüþ M íèêàêîé
ïðîòèâíèê, îãðàíè÷åííûé ïîëèíîìèàëüíûì âðåìåíåì, íå
ñïîñîáåí ðàñïîçíàòü ïðîãðàììó O(π) ïî
ïîñëåäîâàòåëüíîñòè åå îáðàùåíèé ê ïàìÿòè.
20. ÑÒÎÉÊÎÑÒÜ ÎÁÔÓÑÊÀÖÈÈ Â ÌÎÄÅËÈ
ÂÈÐÒÓÀËÜÍÎÃÎ ¾×ÅÐÍÎÃÎ ßÙÈÊÀ¿
[Barak B., Goldreich O., Impagliazzo R., et al., 2001]
Âåðîÿòíîñòíûé àëãîðèòì O íàçûâàåòñÿ îáôóñêàòîðîì,
ñòîéêèì â ìîäåëè ¾÷åðíîãî ÿùèêà¿, åñëè îí
óäîâëåòâîðÿåò ñëåäóþùèì òðåáîâàíèÿì:
1. (ôóíêöèîíàëüíîñòü) äëÿ ëþáîé ìàøèíû Òüþðèíãà M
M ≈ O(M).
2. (ïîëèíîìèàëüíîå çàìåäëåíèå) Ñóùåñòâóåò òàêîé ïîëèíîì
p(·), ÷òî äëÿ ëþáîé ìàøèíû Òüþðèíãà M
size(O(M)) ≤ p(size(M)), time(O(M)) ≤ p(time(M)).
A
S
ν
3. (ñòîéêîñòü) Äëÿ ëþáîé PPT (ïðîòèâíèêà ) ñóùåñòâóåò
PPT (ñèìóëÿòîð ) è ïðåíåáðåæèìî ìàëàÿ ôóíêöèÿ ,
òàêèå ÷òî íåðàâåíñòâî
|Pr{A(O(M)) = 1} − Pr{SM (1size(M) ) = 1}| ≤ ν(size(M))
âûïîëíÿåòñÿ äëÿ ëþáîé ìàøèíû Òüþðèíãà M .
21. ÑÒÎÉÊÎÑÒÜ ÎÁÔÓÑÊÀÖÈÈ Â ÌÎÄÅËÈ
ÂÈÐÒÓÀËÜÍÎÃÎ ¾×ÅÐÍÎÃÎ ßÙÈÊÀ¿
Òåîðåìà [Barak B., Goldreich O.,
Impagliazzo R., et al., 2001]
Îáôóñêàòîðîâ, ñòîéêèõ â ìîäåëè
¾÷åðíîãî ÿùèêà¿, íå ñóùåñòâóåò .
38. ÎÁÔÓÑÊÀÖÈß, ÑÊÐÛÂÀÞÙÀß
ÊÎÍÑÒÀÍÒÓ
Ïóñòü M ýòî ïðîãðàììà ñ ïàðàìåòðîì (ïåðåìåííîé) x .
Îáîçíà÷èì Mc ïðèìåð ïðîãðàììû M , â êîòîðîé âìåñòî
ïàðàìåòðà x ïîäñòàâëåíà êîíñòàíòà c ∈ {0, 1}n .
Âåðîÿòíîñòíûé àëãîðèòì O íàçûâàåòñÿ îáôóñêàòîðîì,
ñêðûâàþùèì êîíñòàíòó, äëÿ ïàðàìåòðèçîâàííîãî ñåìåéñòâà
ïðîãðàìì F = {Mc : c ∈ {0, 1}n , n ≥ 1}, åñëè îí
óäîâëåòâîðÿåò ñëåäóþùèì òðåáîâàíèÿì:
1. (ôóíêöèîíàëüíîñòü)
2. (ïîëèíîìèàëüíîå çàìåäëåíèå)
3. (ñòîéêîñòü) Äëÿ ëþáîé PPT A (ïðîòèâíèêà) ñóùåñòâóåò
PPT S (ñèìóëÿòîð) è ïðåíåáðåæèìî ìàëàÿ ôóíêöèÿ ν ,
òàêèå ÷òî íåðàâåíñòâî
|Pr{A[O(Mc0 ), Mc ] = 1} − Pr{SMc0 [1size(Mc0 ) , Mc ] = 1} ≤ ν(n)
âåðíî äëÿ ëþáîé ïàðû êîíñòàíò c0 ∈ {0, 1}n è c ∈R {0, 1}n .
39. ÎÁÔÓÑÊÀÖÈß, ÑÊÐÛÂÀÞÙÀß
ÊÎÍÑÒÀÍÒÓ
ÃÈÏÎÒÅÇÀ
Ñòîéêàÿ îáôóñêàöèÿ, ñêðûâàþùàÿ
êîíñòàíòó,
íåâîçìîæíà , åñëè M ýòî
óíèâåðñàëüíàÿ ìàøèíà Òüþðèíãà;
âîçìîæíà , åñëè M = E (key (x), m)
ýòî ïðîãðàììà øèôðîâàíèÿ ñòîéêîé
êðèïòîñèñòåìû ñ îòêðûòûì êëþ÷îì
key (x) è ñåêðåòíûì êëþ÷îì x.
x
x
40. ÎÁÔÓÑÊÀÖÈß ÏÐÅÄÈÊÀÒÎÂ
Âåðîÿòíîñòíûé àëãîðèòì O íàçûâàåòñÿ îáôóñêàòîðîì
ïðåäèêàòà π, çàäàííîãî íà ñåìåéñòâå ìàøèí Òüþðèíãà F ,
åñëè îí óäîâëåòâîðÿåò ñëåäóþùèì òðåáîâàíèÿì:
1. (ôóíêöèîíàëüíîñòü)
2. (ïîëèíîìèàëüíîå çàìåäëåíèå)
3. (ñòîéêîñòü) Äëÿ ëþáîé PPT A (ïðîòèâíèêà) ñóùåñòâóåò
PPT S (ñèìóëÿòîð) è ïðåíåáðåæèìî ìàëàÿ ôóíêöèÿ ν ,
òàêèå ÷òî íåðàâåíñòâî
|Pr{A[O(M)] = π(M)} − Pr{SM [1size(M) ] = π(M)}| ≤ neg(size(M))
âåðíî äëÿ êàæäîé ÌÒ M èç F è åå îáôóñêàöèè O(M).
41. ÎÁÔÓÑÊÀÖÈß ÏÐÅÄÈÊÀÒÎÂ
Òî÷å÷íîé íàçûâàåòñÿ ôóíêöèÿ fa : {0, 1}n → {0, 1}, a ∈ {0, 1}n ,
óäîâëåòâîðÿþùàÿ óñëîâèþ
1, åñëè x = a,
fa (x) =
0, åñëè x = a.
Ðàññìîòðèì ñåìåéñòâî Fn , ñîñòîÿùåå èç òî÷å÷íûõ ôóíêöèé
{fu : u ∈ {0, 1}n } è ôóíêöèè, òîæäåñòâåííî ðàâíîé 0. Íà ýòîì
ñåìåéñòâå îïðåäåëåí ïðåäèêàò P(f ) = (f ≡ 0).
Òåîðåìà [Çàõàðîâ Â.À., Âàðíîâñêèé Í.Ï., 2003]
Åñëè ñóùåñòâóþò îäíîñòîðîííèå ïåðåñòàíîâêè, òî
ïðåäèêàò P , îïðåäåëåííûé íà ñåìåéñòâå ïðîãðàìì,
âû÷èñëÿþùèõ ôóíêöèè ñåìåéñòâà Fn , èìååò ñòîéêóþ
îáôóñêàöèþ.
42. ÎÁÔÓÑÊÀÖÈß ÏÐÅÄÈÊÀÒÎÂ
Äîêàçàòåëüñòâî
Íóæíî ñäåëàòü íåîòëè÷èìûìè äðóã îò äðóãà äâå ïðîãðàììû
prog π0 ;
prog πa ;
var x : string y : bit;
var x : string y : bit;
input (x) ;
const a : string;
y = 0; output (y);
input (x) ;
end of prog
if x==a then y=1 else y=0;
output (y);
end of prog
43. ÎÁÔÓÑÊÀÖÈß ÏÐÅÄÈÊÀÒÎÂ
Äîêàçàòåëüñòâî
Íóæíî ñäåëàòü íåîòëè÷èìûìè äðóã îò äðóãà äâå ïðîãðàììû
prog π0 ;
prog πa ;
var x : string y : bit;
var x : string y : bit;
input (x) ;
const a : string;
y = 0; output (y);
input (x) ;
end of prog
if x==a then y=1 else y=0;
output (y);
end of prog
Íàì ïîíàäîáèòñÿ îäíîñòîðîííÿÿ ïåðåñòàíîâêà ϕ íà ìíîæåñòâå
ñòðîê {0, 1}n è ãåíåðàòîð ñëó÷àéíûõ ñòðîê, êîòîðûé ìîæíî
ïîñòðîèòü íà îñíîâå îäíîñòðîííåé ïåðåñòàíîâêè.
45. ÎÁÔÓÑÊÀÖÈß ÏÐÅÄÈÊÀÒÎÂ
Äëÿ ïðîãðàììû π0 : 1) âûáðàòün äâå ñëó÷àéíûå ñòðîêè w , u,
2) âû÷èñëèòü v = ϕ(w ) è σ = wi ui mod 2.
i=1
Äëÿ ïðîãðàììû πa : 1) âûáðàòü ñëó÷àéíóþ ñòðîêó u,
n
2) âû÷èñëèòü v = ϕ(a) è σ = 1 + ai ui mod 2.
i=1
46. ÎÁÔÓÑÊÀÖÈß ÏÐÅÄÈÊÀÒÎÂ
Äëÿ ïðîãðàììû π0 : 1) âûáðàòün äâå ñëó÷àéíûå ñòðîêè w , u,
2) âû÷èñëèòü v = ϕ(w ) è σ = wi ui mod 2.
i=1
Äëÿ ïðîãðàììû πa : 1) âûáðàòü ñëó÷àéíóþ ñòðîêó u,
n
2) âû÷èñëèòü v = ϕ(a) è σ = 1 + ai ui mod 2.
i=1
Òîãäà êàæäàÿ èç ïðîãðàìì π0 , πa , ãäå a ∈ {0, 1}n ïðèìåò âèä:
prog O(π);
var x : string y : bit;
const u,v : string, σ : bit;
input (x) ;
if ϕ(x)==v then
n
if σ == xi ∗ ui mod 2 then y=0 else y=1
i=1
else y=0;
output (y);
end of prog
47. ÎÁÔÓÑÊÀÖÈß ÏÐÅÄÈÊÀÒÎÂ
Òåîðåìà
Ïóñòü O1, O2 îáôóñêàòîðû ôóíêöèîíàëüíûõ ñâîéñòâ
π1 , π2 ñîîòâåòñòâåííî, è ïðè ýòîì îáëàñòü çíà÷åíèé
îáôóñêàòîðà O2 ñîäåðæèòñÿ â îáëàñòè îïðåäåëåíèÿ
îáôóñêàòîðà O1.
Òîãäà êîìïîçèöèÿ O = O1O2 ÿâëÿåòñÿ îáôóñêàòîðîì
îáîèõ ïðåäèêàòîâ π1 è π2.
50. ÄÎÑÒÈÆÅÍÈß ÏÎÑËÅÄÍÈÕ ËÅÒ
 èþëå 2013 ã. áûëà îïóáëèêîâàíà ñòàòüÿ
Candidate Indistinguishability Obfuscation and Functional
Encryption for All Circuits
S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters
â êîòîðîé àâòîðû ïîêàçàëè, ÷òî âåðíà
Òåîðåìà [S. Carg, C. Gentry, et al, 2013]
Íåîòëè÷èìàÿ îáôóñêàöèÿ âîçìîæíà äëÿ
ïðîèçâîëüíûõ ïðîãðàìì
(ïðè íåêîòîðûõ ïðåäïîëîæåíèÿõ î òðóäíîñòè
ðåøåíèÿ çàäà÷ òåîðèè ãðóïï)
51. ÄÎÑÒÈÆÅÍÈß ÏÎÑËÅÄÍÈÕ ËÅÒ
30 ñåíòÿáðÿ 2013 ã. áûëà îïóáëèêîâàíà ñòàòüÿ
Virtual Black-Box Obfuscation for All Circuits via Generic
Graded Encoding.
Zvika Brakerski, Guy N. Rothblum
We present a new general-purpose obfuscator for all polynomial-size
circuits. The obfuscator uses graded encoding schemes, a
generalization of multilinear maps. We prove that the obfuscator
exposes no more information than the program's black-box
functionality, and achieves virtual black-box security, in the generic
graded encoded scheme model.