computing means interpreting
DESCRIPTION
Computing means Interpreting. Abstraction. For large/real programs control/data flow is too complex for being understandable by humans: Reverse Engineering needs abstraction! Reverse Engineering needs automated tools!. Interpretation. - PowerPoint PPT PresentationTRANSCRIPT
Abstraction
Interpretation
Abstract Interpretation is a general theory for approximating the semantics of dynamic systems (Cousot & Cousot 1977)
Computing means Interpreting
For large/real programs control/data flowis too complex for being understandable by humans:
Reverse Engineering needs abstraction!Reverse Engineering needs automated tools!
More Concrete
observation
More Abstractobservation
Modeling the Adversary: Degrees of abstraction
P
We can quantify the security achieved by looking at proof complexity!
key
Proof
Reverse Engineering is Interpreting
Each tool is an Abstract Interpretation
O(P)
Removing noise means refining abstractions / complicating proofs! (Giacobazzi et al 2000 / 2012)
Proof
Tracing
Monitoring
Slicing
Profiling
Decompiler
Disassembler
Static Analysis
Dynamic Analysis
SAT
VMware
SMT
BinDiffBinHunt
BinJuice
HexRays
GDB OllyDbg
IDA Pro
Th
eore
m P
rover
Constrained Adversary
Concolic
Emulation
Protecting is obscuring Interpretation
Transform code to make all tools blind
Pro
of
com
ple
xit
y
Low
High
High Degree of obfuscation Low
Measuring Adversary Strength
By constraining the adversary within a theorem prover we can quantify the security achieved from obfuscation
Force the attacker to use automated tools (programs of large size and highly interconnected)Design code transformations making tools blindDetermine lower bounds for proof complexity in obfuscated codeMeasure the degree of noise/slowdown induced in obfuscation