Speaker:         Clark Thomborson

Topic:              A Frame work for Obfuscated Interpretation                

Date:               November 6, 2003

Time:              11:00 AM

Place:              Gould-Simpson Bldg., Room 701        

Refreshments will be served in the 7th floor lobby at 10:45 AM.



We propose a framework for obfuscating the interpretation of programs expressed in a low-level language such as Java bytecode or x86 machine code.  Our framework employs a finite state machine (FSM) in the interpreter, to define context-dependent semantics for each instruction in an obfuscated program.  This dynamic mapping of semantics onto opcodes will frustrate any non-cryptographic static analysis.  Traditional cryptographic analyses will be frustrated by the dynamically-defined execution order of the bytecode or machine code.

Our framework is similar to the randomized instruction-set approach of  Barrantes et al., however we gain additional security by continuously changing the mapping of opcodes onto semantics.  This greatly increases the codespace that a cryptographically-skilled attacker must explore.  Our preliminary security analysis indicates that a highly skilled attacker would take months or even years to "crack" one of our obfuscated interpreters, if this attacker has a somewhat limited ability to observe and control the interpretive

process.  A "crack" of a single FSM does not reveal very much about other FSMs

chosen randomly from the same codespace.  We believe that our interpretive process can be effectively hidden, and efficiently implemented, in CPU hardware that is personalized for each computer.


This research is being conducted jointly with Dr Akito Monden and Dr Antoine