Obfuscation of abstract data-types

An obfuscation is a behaviour-preserving program transformation whose aim is to make a program “harder to understand”. Obfuscations are applied to make reverse engineering of a program more difficult. Two concerns about an obfuscation are whether it preserves behaviour (i.e. it is correct) and the degree to which it maintains efficiency. Obfuscations are applied mainly to objectoriented programs but constructing proofs of correctness for such obfuscations is a challenging task. It is desirable to have a workable definition of obfuscation which is more rigorous than the metric-based definition of Collberg et al. and overcomes the impossibility result of Barak et al. for their strong cryptographic definition. We present a fresh approach to obfuscation by obfuscating abstract datatypes allowing us to develop structure-dependent obfuscations that would otherwise (traditionally) not be available. We regard obfuscation as data refinement enabling us to produce equations for proving correctness and we model the datatype operations as functional programs making our proofs easy to construct. For case studies, we examine different data-types exploring different areas of computer science. We consider lists letting us to capture array-based obfuscations, sets reflecting specification based software engineering, trees demonstrating standard programming techniques and as an example of numerical methods we consider matrices. Our approach has the following benefits: obfuscations can be proved correct; obfuscations for some operations can be derived and random obfuscations can be produced (so that different program executions give rise to different obfuscations). Accompanying the approach is a new definition of obfuscation based on measuring the effectiveness of an obfuscation. Furthermore in our case studies the computational complexity of each obfuscated operations is comparable with the complexity of the unobfuscated version. Also, we give an example of how our approach can be applied to implement imperative obfuscations.