Obfuscation of Abstract Data-Types - Rowan
Obfuscation of Abstract Data-Types - Rowan
Obfuscation of Abstract Data-Types - Rowan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Obfuscation</strong> <strong>of</strong> <strong>Abstract</strong> <strong>Data</strong> <strong>Types</strong><br />
Stephen Drape<br />
St John’s College<br />
University <strong>of</strong> Oxford<br />
Thesis submitted for the degree <strong>of</strong> Doctor <strong>of</strong> Philosophy<br />
Trinity Term 2004<br />
<strong>Abstract</strong><br />
An obfuscation is a behaviour-preserving program transformation whose aim<br />
is to make a program “harder to understand”. <strong>Obfuscation</strong>s are applied to<br />
make reverse engineering <strong>of</strong> a program more difficult. Two concerns about an<br />
obfuscation are whether it preserves behaviour (i.e. it is correct) and the degree<br />
to which it maintains efficiency. <strong>Obfuscation</strong>s are applied mainly to objectoriented<br />
programs but constructing pro<strong>of</strong>s <strong>of</strong> correctness for such obfuscations<br />
is a challenging task. It is desirable to have a workable definition <strong>of</strong> obfuscation<br />
which is more rigorous than the metric-based definition <strong>of</strong> Collberg et al. and<br />
overcomes the impossibility result <strong>of</strong> Barak et al. for their strong cryptographic<br />
definition.<br />
We present a fresh approach to obfuscation by obfuscating abstract datatypes<br />
allowing us to develop structure-dependent obfuscations that would otherwise<br />
(traditionally) not be available. We regard obfuscation as data refinement<br />
enabling us to produce equations for proving correctness and we model the datatype<br />
operations as functional programs making our pro<strong>of</strong>s easy to construct.<br />
For case studies, we examine different data-types exploring different areas <strong>of</strong><br />
computer science. We consider lists letting us to capture array-based obfuscations,<br />
sets reflecting specification based s<strong>of</strong>tware engineering, trees demonstrating<br />
standard programming techniques and as an example <strong>of</strong> numerical methods<br />
we consider matrices.<br />
Our approach has the following benefits: obfuscations can be proved correct;<br />
obfuscations for some operations can be derived and random obfuscations can<br />
be produced (so that different program executions give rise to different obfuscations).<br />
Accompanying the approach is a new definition <strong>of</strong> obfuscation based on<br />
measuring the effectiveness <strong>of</strong> an obfuscation. Furthermore in our case studies<br />
the computational complexity <strong>of</strong> each obfuscated operations is comparable with<br />
the complexity <strong>of</strong> the unobfuscated version. Also, we give an example <strong>of</strong> how<br />
our approach can be applied to implement imperative obfuscations.<br />
1