A Framework for Obfuscated Interpretation

Monden, A., Monsifrot, A. and Thomborson, C.

    Software protection via obscurity is now considered fundamental for securing software systems. This paper proposes a framework for obfuscating the program interpretation instead of obfuscating the program itself. The obfuscated interpretation enables us to hide functionality of a given program P unless the interpretation being taken is revealed. The proposed framework employs a finite state machine (FSM) based interpreter to give the context-dependent semantics to each instruction in P; thus, attempts to statically analyze the relation between instructions and their semantics will not succeed. Considering that the instruction stream (execution sequence) of P varies according to the input to P, we give a systematic method to construct P whose instruction stream is always interpreted correctly regardless of its input. Our framework is easily applied to conventional computer systems by adding a FSM unit to virtual machines such as Java Virtual Machine (JVM) and Common Language Runtime (CLR).
Cite as: Monden, A., Monsifrot, A. and Thomborson, C. (2004). A Framework for Obfuscated Interpretation. In Proc. Second Australasian Information Security Workshop (AISW2004), Dunedin, New Zealand. CRPIT, 32. Montague, P. and Steketee, C., Eds. ACS. 7-16.
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS