Program obfuscation by distorted interpreter specialization

Neil D. Jones ( University of Copenhagen )

How to construct a general program obfuscator? We present a novel approach to automatically generating obfuscated code P′ from a program P with source clear code. Start with a (program-executing) interpreter interp for the language in which P is written. Then “distort” interp so it is still correct, but its specialization P′ with respect to P is transformed code that is equivalent to the original program, but harder to understand or analyze.

A systematic approach to deformation is to make program P obscure by transforming it to P′ on which (abstract) interpretation is incomplete.

Interpreter distortion can be done by making residual in the specialization process sufficiently many interpreter operations to defeat an attacker in extracting sensible information from transformed code. Potency of the obfuscator is proved with respect to a general model of the attacker, modeled as an approximate (abstract) interpreter. Our method is applied to: code flattening, data-type obfuscation, and opaque predicate insertion. The technique is language independent and can be exploited for designing obfuscating compilers.