Program Camouflage: A Systematic Instruction Hiding Method for Protecting Secrets
This paper proposes an easy-to-use instruction hiding
method to protect software from malicious reverse engineering
attacks. Given a source program (original) to be protected, the
proposed method (1) takes its modified version (fake) as an input,
(2) differences in assembly code instructions between original and
fake are analyzed, and, (3) self-modification routines are introduced
so that fake instructions become correct (i.e., original instructions)
before they are executed and that they go back to fake ones after
they are executed. The proposed method can add a certain amount
of security to a program since the fake instructions in the resultant
program confuse attackers and it requires significant effort to discover
and remove all the fake instructions and self-modification routines.
Also, this method is easy to use (with little effort) because all a user
(who uses the proposed method) has to do is to prepare a fake source
code by modifying the original source code.
[1] 4C-Entity, Policy statement on use of content protection for recordable
media, (CPRM) in certain applications, 2001, http://www.4centity.com/
(Available online).
[2] D. W. Aucsmith, Tamper Resistant Software: An Implementation, ser.
Lecture Notes in Computer Science. Springer-Verlag, 1996, vol. 1174,
pp. 317-333.
[3] P. Cervan, Crackproof Your Software. San Francisco: No Starch Press,
2002.
[4] F. Cohen, Operating system protection through program evolution, Computers
and Security, vol. 12, no. 6, pp. 565-584, 1993.
[5] C. Collberg and C. Thomborson, Watermarking, tamper-proofing, and obfuscation
- tools for software protection, IEEE Transactions on Software
Engineering, vol. 28, no. 8, pp. 735-746, June 2002.
[6] D. Grover, Ed., The Protection of Computer Software: Its Technology and
Applications. Cambridge University Press, 1989.
[7] F. Hohl, Time limited blackbox security: Protecting mobile agents from
malicious hosts, ser. Lecture Notes in Computer Science. Springer-
Verlag, 1998, vol. 1419, pp. 92-113.
[8] IA-32 Intel Architecture software developer-s manual vol.1 : Basic Architecture,
Intel Co., http://www.intel.co.jp/ (Available online).
[9] IA-32 Intel Architecture software developer-s manual vol.2 : Instruction
Set Reference, Intel Co., http://www.intel.co.jp/ (Available online).
[10] IA-32 Intel Architecture software developer-s manual vol.3 : System
Programming Guide, Intel Co., http://www.intel.co.jp/ (Available online).
[11] J. Irwin, D. Page, and N. Smart, Instruction stream mutation for nondeterministic
processors, in Proc. ASAP2002, July 2002, pp. 286-295.
[12] Y. Kanzaki, Protecting secret information in software processes and
products, Ph.D. dissertation, Nara Institute of Science and Technology,
Mar. 2006.
[13] Y. Kanzaki, A. Monden, M. Nakamura, and K. Matsumoto, A software
protection method based on instruction camouflage, Wiley Publishers,
Electronics and Communications in Japan, Part 3, vol. 89, no. 1, pp.
47-59, January 2006.
[14] Y. Kanzaki, A. Monden, M. Nakamura, and K. Matsumoto, Exploiting
self-modification mechanism for program protection, in Proc. 27th IEEE
Computer Software and Applications Conference, Dallas, USA, Nov.
2003, pp. 170-179.
[15] M. Mambo, T. Murayama, and E. Okamoto, A tentative approach
to constructing tamper-resistant software, in Proc. 1997 New Security
Paradigm Workshop, Sep. 1997, pp. 23-33.
[16] E. W. Myers, An O(ND) difference algorithm and its variations, Algorithmica,
vol. 1, no. 2, pp. 251-266, 1986.
[17] C. Wang, J. Hill, J. Knight, and J. Davidson, Software tamper resistance:
Obfuscating static analysis of programs, Department of Computer
Science, University of Virginia, Technical Report SC-2000-12, Dec. 2000.
[1] 4C-Entity, Policy statement on use of content protection for recordable
media, (CPRM) in certain applications, 2001, http://www.4centity.com/
(Available online).
[2] D. W. Aucsmith, Tamper Resistant Software: An Implementation, ser.
Lecture Notes in Computer Science. Springer-Verlag, 1996, vol. 1174,
pp. 317-333.
[3] P. Cervan, Crackproof Your Software. San Francisco: No Starch Press,
2002.
[4] F. Cohen, Operating system protection through program evolution, Computers
and Security, vol. 12, no. 6, pp. 565-584, 1993.
[5] C. Collberg and C. Thomborson, Watermarking, tamper-proofing, and obfuscation
- tools for software protection, IEEE Transactions on Software
Engineering, vol. 28, no. 8, pp. 735-746, June 2002.
[6] D. Grover, Ed., The Protection of Computer Software: Its Technology and
Applications. Cambridge University Press, 1989.
[7] F. Hohl, Time limited blackbox security: Protecting mobile agents from
malicious hosts, ser. Lecture Notes in Computer Science. Springer-
Verlag, 1998, vol. 1419, pp. 92-113.
[8] IA-32 Intel Architecture software developer-s manual vol.1 : Basic Architecture,
Intel Co., http://www.intel.co.jp/ (Available online).
[9] IA-32 Intel Architecture software developer-s manual vol.2 : Instruction
Set Reference, Intel Co., http://www.intel.co.jp/ (Available online).
[10] IA-32 Intel Architecture software developer-s manual vol.3 : System
Programming Guide, Intel Co., http://www.intel.co.jp/ (Available online).
[11] J. Irwin, D. Page, and N. Smart, Instruction stream mutation for nondeterministic
processors, in Proc. ASAP2002, July 2002, pp. 286-295.
[12] Y. Kanzaki, Protecting secret information in software processes and
products, Ph.D. dissertation, Nara Institute of Science and Technology,
Mar. 2006.
[13] Y. Kanzaki, A. Monden, M. Nakamura, and K. Matsumoto, A software
protection method based on instruction camouflage, Wiley Publishers,
Electronics and Communications in Japan, Part 3, vol. 89, no. 1, pp.
47-59, January 2006.
[14] Y. Kanzaki, A. Monden, M. Nakamura, and K. Matsumoto, Exploiting
self-modification mechanism for program protection, in Proc. 27th IEEE
Computer Software and Applications Conference, Dallas, USA, Nov.
2003, pp. 170-179.
[15] M. Mambo, T. Murayama, and E. Okamoto, A tentative approach
to constructing tamper-resistant software, in Proc. 1997 New Security
Paradigm Workshop, Sep. 1997, pp. 23-33.
[16] E. W. Myers, An O(ND) difference algorithm and its variations, Algorithmica,
vol. 1, no. 2, pp. 251-266, 1986.
[17] C. Wang, J. Hill, J. Knight, and J. Davidson, Software tamper resistance:
Obfuscating static analysis of programs, Department of Computer
Science, University of Virginia, Technical Report SC-2000-12, Dec. 2000.
@article{"International Journal of Information, Control and Computer Sciences:61672", author = "Yuichiro Kanzaki and Akito Monden and Masahide Nakamura and Ken-ichi Matsumoto", title = "Program Camouflage: A Systematic Instruction Hiding Method for Protecting Secrets", abstract = "This paper proposes an easy-to-use instruction hiding
method to protect software from malicious reverse engineering
attacks. Given a source program (original) to be protected, the
proposed method (1) takes its modified version (fake) as an input,
(2) differences in assembly code instructions between original and
fake are analyzed, and, (3) self-modification routines are introduced
so that fake instructions become correct (i.e., original instructions)
before they are executed and that they go back to fake ones after
they are executed. The proposed method can add a certain amount
of security to a program since the fake instructions in the resultant
program confuse attackers and it requires significant effort to discover
and remove all the fake instructions and self-modification routines.
Also, this method is easy to use (with little effort) because all a user
(who uses the proposed method) has to do is to prepare a fake source
code by modifying the original source code.", keywords = "Copyright protection, program encryption, program
obfuscation, self-modification, software protection.", volume = "2", number = "7", pages = "2525-7", }