Obfuscation with Mixed Boolean-Arithmetic Expressions : reconstruction, analysis and simplification tools

Abstract : Software obfuscation is a software protection technique thattransforms code in order to make its analysis more difficult. MixedBoolean-Arithmetic (MBA) expressions are presented as a strongobfuscation in the context of data flow obfuscation. As the domainaround MBA obfuscation is quite young, there is little literatureon the conception and analysis of such obfuscated expressions.Therefore many interesting subjects arise during its study, both around theobfuscation and deobfuscation (or simplification) of MBA expressions.During our work, we structured the subject of MBA obfuscation, linkingit to other topics like cryptography or rewriting. We also reconstructedan MBA obfuscation technique from public samples. We studied themeaning of simplifying an obfuscated expression, and definedour own simplicity metrics for MBA expressions. The study of MBAsimplification yielded the implementation of two deobfuscation toolsthat successfully simplified several public examples of obfuscatedexpressions. Finally, we assessed the resilience of the MBAobfuscation with regard to our simplification algorithms (as well asother deobfuscation techniques), concluding that this obfuscationtechnique offers little resilience as it is, and we proposed a few ideasto help improve this type of obfuscation.
Document type :
Theses
Complete list of metadatas

Cited literature [78 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01623849
Contributor : Abes Star <>
Submitted on : Wednesday, October 25, 2017 - 5:15:18 PM
Last modification on : Tuesday, April 16, 2019 - 9:35:38 AM
Long-term archiving on : Friday, January 26, 2018 - 2:44:13 PM

File

75068_EYROLLES_2017_archivage....
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01623849, version 1

Citation

Ninon Eyrolles. Obfuscation with Mixed Boolean-Arithmetic Expressions : reconstruction, analysis and simplification tools. Cryptography and Security [cs.CR]. Université Paris-Saclay, 2017. English. ⟨NNT : 2017SACLV031⟩. ⟨tel-01623849⟩

Share

Metrics

Record views

755

Files downloads

1945