System and Method for Aggressive Self-Modification in Dynamic Function Call Systems
First Claim
1. A method of transforming a software program from an original form to a more secure form by changing the control flow structure of the program to protect the program against static and dynamic attacks, comprising:
- a) analyzing the original function-call structure and function-call layout of the program;
b) transforming the original function-call layout to a new function-call layout;
c) transforming the original function-call structure to a new function-call structure that is able to perform dynamic self modifications;
d) producing a transformed program having a transformed control flow structure, but which is semantically equivalent to the original program;
said transformed program configured to transform the original function-call graph to a new function-call graph upon execution.
2 Assignments
0 Petitions
Accused Products
Abstract
Provided are a system and method for software obfuscation for transforming a program from a first form to more secure form that is resistant to static and dynamic attacks. The method utilizes a sophisticated pre-analysis step to comprehend the function-call structure, the function-call layout, and the entire function call graph of the program, in order to determine strategic points in the program for changing the program. This provides resistance to static attacks by transforming the original function-call layout to a new layout. Changing the layout may include changing the function boundaries. The method also provides resistance to static attacks by transforming the original function-call structure to a new structure to be able to self modify as the transformed program executes in memory. Changing the function-call structure may include modifying when and how functions are called, and/or choosing random paths of execution that lead to the same result.
33 Citations
26 Claims
-
1. A method of transforming a software program from an original form to a more secure form by changing the control flow structure of the program to protect the program against static and dynamic attacks, comprising:
-
a) analyzing the original function-call structure and function-call layout of the program; b) transforming the original function-call layout to a new function-call layout; c) transforming the original function-call structure to a new function-call structure that is able to perform dynamic self modifications; d) producing a transformed program having a transformed control flow structure, but which is semantically equivalent to the original program;
said transformed program configured to transform the original function-call graph to a new function-call graph upon execution. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of transforming a software program from an original form to a more secure form by changing the control flow structure of the program to protect the program against static and dynamic attacks, said method including a build time phase and a run time phase, said build time phase comprising the steps of:
-
a) analyzing original function-call structure and function-call layout of the program; b) transforming the original function-call layout of the program to a new function-call layout; c) transforming the function-call structure to a new function-call structure that is able to perform dynamic modifications; and d) producing a transformed program having a transformed control flow structure, but which is semantically equivalent to the original program; said run time phase comprising; e) transforming the original function-call graph of the program to a new function-call graph upon execution of the program; wherein the dynamic modifications performed at run time are complementary to the changes performed at build time to produce a transformed program that is semantically equivalent to the original program.
-
-
26. A computer readable memory having recorded thereon statements and instructions for transforming a software program from an original form to a more secure form by changing the control flow structure of the program to protect the program against static and dynamic attacks, said statements and instructions when executed by a processor, cause the processor to perform the steps of:
-
a) analyzing original function-call structure, and function-call layout of the program; b) transforming the original function-call layout to a new layout; c) transforming the original function-call structure to a new structure that is able to perform dynamic self modifications; d) producing a transformed program having a transformed control flow structure, but which is semantically equivalent to the original program;
said transformed program configured to transform the original function-call graph to a new function-call graph upon execution.
-
Specification