Surreptitious software : obfuscation, watermarking, and tamperproofing for software protection

"This book gives thorough, scholarly coverage of an area of growing importance in computer security and is a 'must have' for every researcher, student, and practicing professional in software protection." -Mikhail Atallah, Distinguished Professor of Computer Science at Purdue University Theory, Techniques, and Tools for Fighting Software Piracy, Tampering, and Malicious Reverse Engineering The last decade has seen significant progress in the development of techniques for resisting software piracy and tampering. These techniques are indispensable for software developers seeking to protect vital intellectual property. Surreptitious Software is the first authoritative, comprehensive resource for researchers, developers, and students who want to understand these approaches, the level of security they afford, and the performance penalty they incur. Christian Collberg and Jasvir Nagra bring together techniques drawn from related areas of computer science, including cryptography, steganography, watermarking, software metrics, reverse engineering, and compiler optimization. Using extensive sample code, they show readers how to implement protection schemes ranging from code obfuscation and software fingerprinting to tamperproofing and birthmarking, and discuss the theoretical and practical limitations of these techniques. Coverage includes Mastering techniques that both attackers and defenders use to analyze programs Using code obfuscation to make software harder to analyze and understand Fingerprinting software to identify its author and to trace software pirates Tamperproofing software using guards that detect and respond to illegal modifications of code and data Strengthening content protection through dynamic watermarking and dynamic obfuscation Detecting code theft via software similarity analysis and birthmarking algorithms Using hardware techniques to defend software and media against piracy and tampering Detecting software tampering in distributed system Understanding the theoretical limits of code obfuscation

Preface xv About the Authors xxv Acknowledgments xxvii Chapter 1: What Is Surreptitious Software? 1 1.1 Setting the Scene 1 1.2 Attack and Defense 6 1.3 Program Analysis 7 1.4 Code Obfuscation 13 1.5 Tamperproofing 32 1.6 Software Watermarking 36 1.7 Software Similarity 43 1.8 Hardware-Based Protection Techniques 49 1.9 Discussion 55 1.10 Notation 58 Chapter 2: Methods of Attack and Defense 59 2.1 Attack Strategies 60 2.2 Defense Strategies 86 2.3 Discussion 114 Chapter 3: Program Analysis 117 3.1 Static Analysis 118 3.2 Dynamic Analysis 145 3.3 Reconstituting Source 170 3.4 Pragmatic Analysis 190 3.5 Discussion 198 Chapter 4: Code Obfuscation 201 4.1 Semantics-Preserving Obfuscating Transformations 202 4.2 Definitions 217 4.3 Complicating Control Flow 225 4.4 Opaque Predicates 246 4.5 Data Encodings 258 4.6 Breaking Abstractions 277 4.7 Discussion 298 Chapter 5: Obfuscation Theory 301 5.1 Definitions 304 5.2 Provably Secure Obfuscation: Possible or Impossible? 307 5.3 Provably Secure Obfuscation: It's Possible (Sometimes)! 313 5.4 Provably Secure Obfuscation: It's Impossible (Sometimes)! 335 5.5 Provably Secure Obfuscation: Can It Be Saved? 344 5.6 Discussion 354 Chapter 6: Dynamic Obfuscation 357 6.1 Definitions 360 6.2 Moving Code Around 362 6.3 Encryption 383 6.4 Discussion 398 Chapter 7: Software Tamperproofing 401 7.1 Definitions 405 7.2 Introspection 412 7.3 Algorithm TPTCJ: Response Mechanisms 440 7.4 State Inspection 444 7.5 Remote Tamperproofing 453 7.6 Discussion 464 Chapter 8: Software Watermarking 467 8.1 History and Applications 468 8.2 Watermarking Software 478 8.3 Definitions 480 8.4 Watermarking by Permutation 486 8.5 TamperproofingWatermarks 494 8.6 Improving Resilience 498 8.7 Improving Stealth 505 8.8 Steganographic Embeddings 522 8.9 SplittingWatermark Integers 526 8.10 Graph Codecs 533 8.11 Discussion 537 Chapter 9: Dynamic Watermarking 541 9.1 Algorithm WMCT: Exploiting Aliasing 546 9.2 Algorithm WMNT: Exploiting Parallelism 565 9.3 Algorithm WMCCDKHLS paths: Expanding Execution Paths 583 9.4 Algorithm WMCCDKHLS bf : Tamperproofing Execution Paths 592 9.5 Discussion 598 Chapter 10: Software Similarity Analysis 601 10.1 Applications 602 10.2 Definitions 611 10.3 k-gram-Based Analysis 616 10.4 API-Based Analysis 625 10.5 Tree-Based Analysis 631 10.6 Graph-Based Analysis 635 10.7 Metrics-Based Analysis 644 10.8 Discussion 652 Chapter 11: Hardware for Protecting Software 655 11.1 Anti-Piracy by Physical Distribution 657 11.2 Authenticated Boot Using a Trusted Platform Module 670 11.3 Encrypted Execution 683 11.4 Attacks on Tamperproof Devices 695 11.5 Discussion 711 Bibliography 713 Index 737