Hi All,

I ran across some interesting reading, and wanted to share the result. The results have been known for quite some time, but I finally found references for the opinion.

"... there do not exist any techniques for preventing attacks by
reverse engineering stronger than by what is afforded by obscuring the
purpose of the code" [1].

And

"even under very weak formalizations [sic: the formal mathematical
construction of obfuscation], obfuscation is impossible" [2].

Jeff

[1] C. Collberg and C. Thomborson, Watermarking, Tamper-Proofing, and
Obfuscation - Tools for Software Protection, p. 5, IEEE Transactions
On Software Engineering, Volume 28, No. 8, August 2002.

[2] B. Barak, et. al., On the (Im)possibility of Obfuscating Programs,
http://www.eecs.harvard.edu/~salil/papers/obfuscate.ps, August 15,
2001.

The military employs this stuff extensively in almost every aspect of their computing nowadays, for obvious reasons. Would be interesting to see something become public, but so far what I have read doesn't sound interesting at all. A multiple VMs are much more effective (and space consuming).

Also see

http://www.woodmann.com/forum/blog.php?b=15#comments

Hi rendari,



You are correct - I should have qualified the statement by stating software RE on commodity systems (x86 PCs).

There are papers which address this also. Notably, architectures which employ a Security Coprocessor [1]. Additionally, Trusted Operating systems employ an additional method: the file exists on disk encrypted. It is transferred securely to the processor and executed. When the process is preempted, program state is again encrypted [2]. Lie ports IRIX 6.5 using XOM to achieve this. He named the port XOMOS.

Obviously, these are a bit beyond commodity hardware.

Jeff

[1] Ruby B. Lee, et.al., Architecture for Protecting Critical Secrets in Microprocessors, Department of Electrical Engineering, Princeton University, NJ 08544

[2] D. Lie, Architectural Support for Copy and Tamper-Resistant Software, 2003