Abstraction

Interpretation

Abstract Interpretation is a general theory for approximating the semantics of dynamic systems (Cousot & Cousot 1977)

Computing means Interpreting

For large/real programs control/data flowis too complex for being understandable by humans:

Reverse Engineering needs abstraction!Reverse Engineering needs automated tools!

More Concrete

observation

More Abstractobservation

Modeling the Adversary: Degrees of abstraction

P

We can quantify the security achieved by looking at proof complexity!

key

Proof

Reverse Engineering is Interpreting

Each tool is an Abstract Interpretation

O(P)

Removing noise means refining abstractions / complicating proofs! (Giacobazzi et al 2000 / 2012)

Proof

Tracing

Monitoring

Slicing

Profiling

Decompiler

Disassembler

Static Analysis

Dynamic Analysis

SAT

VMware

SMT

BinDiffBinHunt

BinJuice

HexRays

GDB OllyDbg

IDA Pro

Th

eore

m P

rover

Constrained Adversary

Concolic

Emulation

Protecting is obscuring Interpretation

Transform code to make all tools blind

Pro

of

com

ple

xit

y

Low

High

High Degree of obfuscation Low

Measuring Adversary Strength

By constraining the adversary within a theorem prover we can quantify the security achieved from obfuscation

Force the attacker to use automated tools (programs of large size and highly interconnected)Design code transformations making tools blindDetermine lower bounds for proof complexity in obfuscated codeMeasure the degree of noise/slowdown induced in obfuscation