| Developers: | Institute of system programming (ISP RAS) |
| Date of the premiere of the system: | 2014 |
| Last Release Date: | 2016 |
| Branches: | Information technologies |
| Technology: | Cybersecurity - Information loss preventions |
2016
In December, 2016 the Institute of system programming of the Russian Academy of Sciences (ISP RAS) published one of the developments – technology of obfuscation (complication) of a program code. It is already implemented in the Russian Foreign Ministry and structures of FSB of Russia.
Worked on the technology of complication of the ISP RAS code since 2002. In parallel with it scientists began development – to write the code and to watch what turns out, the director of ISP RAS Arutyun Avetisyan tells. Then researchers created a ready-made product – ISP Obfuskator in which commercial implementation the partner company "was engaged in MVP "Svemel".
Obfuskator protects the program, prevents to understand how it works, through complication of the code. It is similar to when someone confuses a phrase, adding to it insignificant pieces, as a result instead of one phrase three pages of the text which do not bear semantic loading turn out. It is difficult isolate the initial text in this case, one of developers, the research associate of ISP RAS Shamil Kurmangaleev explains.
ISP Obfuskator is implemented based on two compiler infrastructures – LLVM and GCC. Conversions allow to generate diversified population of executable files of the compiled application. The malefactor, having received one of versions of the file, can create for it a malicious code (exploit), but it will not work for other versions of the file.
 | The idea there very simple – to make so that, setting some parameters, each binary file was unique. So source codes at us the same, and binary files unique. Let's say your coffee maker was cracked, quickly looked, got access to one binary file, and will be able to attack the second coffee maker that it poured the wrong coffee. And if binary files are unique, there is a chance that it will be more difficult to make it, – Arutyun Avetisyan gave simple comparison. |  |
According to him, initially obfuskator are developed that it was impossible to understand and steal, for example, your algorithms, or to prove in court that it is your code.
| | Usually the purpose of such software – to increase attack cost, – Shamil Kurmangaleev says. | |
According to developers, such conversions are lightweight and do not lead to critical falling of performance. Based on measurements, it was no more than several percent.
In ISP RAS say that there are no analogs of this development in Russia. In Europe similar researches on the Open source software were conducted, but more it were exploratory developments.
Unlike them ISP RAS together with Svemel company, one of the largest solution providers for a public sector, implemented a product for protection of software in the Russian Foreign Ministry and structures of FSB of Russia (the border service and in the educational organizations).
The modified compiler GCC (ISP Obfuskator) is used as a part of the entrusted Zircon operating system which has certificates of FSB and FSTEC and can be used for work with a state secret.
According to Arutyun Avetisyan, the first contract with the MFA and FSB was signed in 2014. Then upon transition of these departments to new versions of OS updates were required. This stage of implementation ended with summer of 2016.
The exclusive rights to development belong to ISP RAS. The director of institute does not disclose the cost of already taken place implementations. As for terms, according to him, the team of several people can make it for half a year-year. "But it only thanks to a background in 15 years. These are the knowledge-intensive innovations", – Arutyun Avetisyan notes.
Scopes of ISP Obfuskator:
- complication of understanding of algorithms and data structures
- difficulty of generation of exploits on the basis of the analysis of patches
- arrangement of watermarks
- prevention of operation of the known vulnerability
ISP Obfuskator is implemented based on two compiler infrastructures – LLVM and GCC. The implemented conversions:
- moving of local variables to global scope
- reduction of the graph of a control flow to a flat type
- reproduction of bodies of functions
- interlacing of several functions in one
- concealment of calls of functions
- creation of irreducible sections in the graph of a control flow
- enciphering of the constant lines used by the program
- insert in the code of dummy cycles from one iteration
- splitting integer constants
- insert and pereshivaniye of local variables
- reinstallation of functions in the program module
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |