Probabilistic Obfuscation through Covert Channels
Jon Stephens
Babak Yadegari
Christian Collberg
Saumya Debray
Carlos Scheidegger
Department of Computer Science
University of Arizona
Tucson, AZ 85721, U.S.A.
Abstract
This paper presents a program obfuscation framework that uses
covert channels through the program's execution environment to obfuscate
information flow through the program. Unlike prior works on obfuscation,
the use of covert channels removes visible information flows
from the computation of the program and reroutes them through the
program's runtime system and/or the operating system. This renders these
information flows, and the corresponding control and data dependencies,
invisible to program analysis tools such as symbolic execution engines.
Additionally, we present the idea of probabilistic obfuscation which uses
imperfect covert channels to leak information with some probabilistic guarantees.
Experimental evaluation of our approach against state of the art detection
and analysis techniques show the engines are not well-equipped to handle
these obfuscations, particularly those of the probabilistic variety.