Paper 2017/787
When Are Opaque Predicates Useful?
Lukas Zobernig, Steven D. Galbraith, and Giovanni Russello
Abstract
Opaque predicates are a commonly used technique in program obfuscation, intended to add complexity to control flow and to insert dummy code or watermarks. However, there are many attacks known to detect opaque predicates and remove dummy code. We survey these attacks and argue that many types of programs cannot be securely obfuscated using opaque predicates. In particular we explain that most previous works on control flow obfuscation have introduced predicates that are easily distinguished from naturally occurring predicates in code, and hence easily removed by an attacker. We state two conditions that are necessary for a program to be suitable for control flow obfuscation. We give an integrated approach to control flow obfuscation that simultaneously obfuscates real predicates and introduces opaque predicates. The opaque predicates are indistinguishable from the obfuscated real predicates in the program. If an attacker applies the usual approaches (both static and dynamic) to identify and remove opaque predicates then they are likely to remove critical functionality and introduce errors. We have implemented our obfuscator in LLVM. We provide an analysis of the performance of the resulting obfuscated code.
Note: Title changed.
Metadata
- Available format(s)
-
PDF
- Category
- Applications
- Publication info
- Published elsewhere. Major revision. IEEE TrustCom 2019
- Keywords
- program obfuscationindistinguishableopaque predicates
- Contact author(s)
- lukas zobernig @ auckland ac nz
- History
- 2019-05-21: revised
- 2017-08-21: received
- See all versions
- Short URL
- https://ia.cr/2017/787
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/787,
author = {Lukas Zobernig and Steven D. Galbraith and Giovanni Russello},
title = {When Are Opaque Predicates Useful?},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/787},
year = {2017},
url = {https://eprint.iacr.org/2017/787}
}
