Obfuscation of Abstract Data-Types - Rowan

More documents

Recommendations

Info

CHAPTER 3. TECHNIQUES FOR OBFUSCATION 53 Definition 1 (Assertion Obfuscation). Let g be an operation and A be an assertion that g satisfies. We obfuscate g to obtain g O and let A O be the assertion corresponding to A which g O satisfies. The obfuscation O is said to be an assertion obfuscation if the proof that g O satisfies A O is more complicated than the proof that g satisfies A. Note that A O is well-defined as we have restricted ourselves to functional refinements. How can we compare proofs and decide whether one is more complicated than another? One way to have a fair comparison is to ensure that our proofs are minimal. This is not practical as we can never be certain if we have a minimal proof. Instead we should ensure that we prove assertions consistently. We will split the proof of an assertion into different cases (often determined by the guards in a definition). For example, for induction proofs, the base steps and the induction steps all constitute cases. We will prove each case using the derivational style [18, Chapter 4]: LHS = {result} . . . = {result} RHS We can replace “=” by other connectives such as “⇒” or “⇐”. Each stage of the derivation should use one result, where we consider a result to be • the definition of an operation • an arithmetic or Boolean law • a property of an operation If we want to use a property of an operation then we also need to also prove this property. We will take standard results from set theory and logic (such as natural number arithmetic and predicate calculus) as our laws. How do we measure whether one proof is more complicated than another? One way could be to count the total number of results (including multiplicities) for all the cases of a proof. If an obfuscation increases the number of guards in the definition of an operation then a proof for this obfuscation may be longer as we will have more cases to prove. Therefore, to ensure that an operation is an assertion obfuscation we can just add in extra guards. So, if the definition of a operation f :: α → β is f x = g then by using a predicate p :: α → B, we could define f O x ∣ p(x) = g otherwise = g
CHAPTER 3. TECHNIQUES FOR OBFUSCATION 54 The proof of an assertion for f O will require two cases (one for p(x) and one for ¬p(x)) and so to make an assertion obfuscation, we just have to insert a predicate. To prevent this, we require that each case in a definition gives rise to a different expression. At each stage of a proof, we aim to use definitions and properties associated with the innermost operation. For instance, if we had an assertion f (g (h x)) Then we first deal with h before we deal with g. This method will not always produce a minimal length proof but will help in making our proofs consistent. Where possible, we aim to use only one result at each stage so that we do not make proofs shorter by using many results in the same stage. We should also ensure that at each stage, we make progress towards our goal. In particular, we should not have any cycles in our proofs and so we insist that at each stage we do not have an expression that we have seen before (although we may use the same result many times). For our definition of obfuscation, we will not be concerned with syntactic properties such as the name of operations, the layout of operations and whether a definition uses standard operations (for example, head or foldr). For example, we do not make distinctions between guarded equations and (nested) conditionals. So we consider the following two expressions to be equivalent: f x ∣∣∣∣∣∣∣∣ g 1 = s 1 g 2 = s 2 . . . otherwise= s n ≡ f x = if g 1 then s 1 else (if g 2 then s 2 · · · else s n · · ·) The total number of results that a proof takes may not be a detailed enough measure. For instance, suppose we have two proofs: the first has one case and uses n results and the second has n cases each of which uses one result. Both of these proofs use n results in total but is one proof more complicated than the other? We propose that the first is more complicated as we claim that it is harder to do one long proof than many short proofs. Thus the number of results used is not a satisfactory measure — we need to consider the “shape” of a proof. 3.4 Proof Trees How do we measure the shape of a proof? We will compare proofs by drawing proof trees — using trees gives an indication of the “shape” of a proof. Note that our style of proof lends itself to producing proof trees. From the last section, we consider a proof to be a series of cases. Each case is proved using the derivational style where each stage is either a definition, a law or a property of an operation. This gives us a way of defining a grammar for proof trees: Proof = Case = Result = Seq Case Stage Case (Seq Result) | End Definition | Law | Proof
Page 1 and 2:
Obfuscation of Abstract Data-Types
Page 3 and 4: Contents I The Current View of Obfu
Page 5 and 6: 5.4.3 Third Definition . . . . . .
Page 7 and 8: List of Figures 1 An example of obf
Page 9 and 10: 8 public class c { d t1 = new d();
Page 11 and 12: 10 • Obfuscations can be proved c
Page 13 and 14: Chapter 1 Obfuscation Scully: “No
Page 15 and 16: CHAPTER 1. OBFUSCATION 14 These thr
Page 17 and 18: CHAPTER 1. OBFUSCATION 16 by changi
Page 19 and 20: CHAPTER 1. OBFUSCATION 18 We could
Page 21 and 22: CHAPTER 1. OBFUSCATION 20 B 1 [0] =
Page 23 and 24: Chapter 2 Obfuscations for Intermed
Page 25 and 26: CHAPTER 2. OBFUSCATIONS FOR INTERME
Page 45 and 46: Chapter 3 Techniques for Obfuscatio
Page 47 and 48: CHAPTER 3. TECHNIQUES FOR OBFUSCATI
Page 53: CHAPTER 3. TECHNIQUES FOR OBFUSCATI
Page 63 and 64: Part III Data-Type Case Studies 62
Page 65 and 66: CHAPTER 4. SPLITTING HEADACHES 64 (
Page 67 and 68: CHAPTER 4. SPLITTING HEADACHES 66 a
Page 69 and 70: CHAPTER 4. SPLITTING HEADACHES 68 T
Page 71 and 72: CHAPTER 4. SPLITTING HEADACHES 70 L
Page 73 and 74: CHAPTER 4. SPLITTING HEADACHES 72 S
Page 75 and 76: CHAPTER 4. SPLITTING HEADACHES 74 C
Page 77 and 78: CHAPTER 4. SPLITTING HEADACHES 76 L
Page 79 and 80: CHAPTER 4. SPLITTING HEADACHES 78 t
Page 81 and 82: CHAPTER 4. SPLITTING HEADACHES 80 C
Page 83 and 84: CHAPTER 4. SPLITTING HEADACHES 82 4
Page 85 and 86: CHAPTER 4. SPLITTING HEADACHES 84 E
Page 87 and 88: CHAPTER 4. SPLITTING HEADACHES 86 b
Page 89 and 90: CHAPTER 4. SPLITTING HEADACHES 88 W
Page 91 and 92: CHAPTER 4. SPLITTING HEADACHES 90 T
Page 93 and 94: Chapter 5 Sets and the Splitting Bu
Page 95 and 96: CHAPTER 5. SETS AND THE SPLITTING 9
Page 105 and 106:
CHAPTER 5. SETS AND THE SPLITTING 1
Page 107 and 108:
CHAPTER 5. SETS AND THE SPLITTING 1
Page 109 and 110:
CHAPTER 6. THE MATRIX OBFUSCATED 10
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
CHAPTER 7. CULTIVATING TREE OBFUSCA
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Chapter 8 Conclusions and Further W
Page 137 and 138:
CHAPTER 8. CONCLUSIONS AND FURTHER
Page 139 and 140:
CHAPTER 8. CONCLUSIONS AND FURTHER
Page 141 and 142:
BIBLIOGRAPHY 140 [13] Thomas H. Cor
Page 143 and 144:
BIBLIOGRAPHY 142 [43] Simon Peyton
Page 145 and 146:
Appendix A List assertion We want t
Page 147 and 148:
APPENDIX A. LIST ASSERTION 146 Case
Page 149 and 150:
APPENDIX A. LIST ASSERTION 148 For
Page 151 and 152:
APPENDIX A. LIST ASSERTION 150 Case
Page 153 and 154:
APPENDIX A. LIST ASSERTION 152 1 +
Page 155 and 156:
APPENDIX A. LIST ASSERTION 154 0 +
Page 157 and 158:
APPENDIX A. LIST ASSERTION 156 The
Page 159 and 160:
APPENDIX A. LIST ASSERTION 158 The
Page 161 and 162:
APPENDIX B. SET OPERATIONS 160 Now
Page 163 and 164:
APPENDIX B. SET OPERATIONS 162 Proo
Page 165 and 166:
APPENDIX B. SET OPERATIONS 164 B.2
Page 167 and 168:
Appendix C Matrices We prove the as
Page 169 and 170:
APPENDIX C. MATRICES 168 Base Case
Page 171 and 172:
APPENDIX D. PROVING A TREE ASSERTIO
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187:
APPENDIX E. OBFUSCATION EXAMPLE 186
show all

Obfuscation of Abstract Data-Types - Rowan

Create successful ePaper yourself

Delete template?

Save as template?