
The Tigress Diversifying C Virtualizer - lelf
http://tigress.cs.arizona.edu/
======
marktangotango
TIL (today I learned): It appears a 'diversifying C virtualizer' is an
application that takes C source code, compiles it to an AST and transforms it
to bytecode, and inserts a bytecode interpreter in place of the function. It
can generate many different such bytecode/interpreter representations of a
function, thus making it more of a challenge for crackers.

~~~
tptacek
That same approach, obviously, works for lots of different languages. Not just
C. You can even do it at the level of raw algorithms, transforming (for
instance) a block cipher implementation that accepts a key as a parameter into
one specialized on a specific key and from which the key is (H)ard to extract.

~~~
v0i0-0
Could you maybe point me to such one tool, i.e. one that specializes routines
for given parameters. Will these tools also perform optimizations that might
be possible if the specialization took place?

------
userbinator
The most prominent application of this can be summed up in one acronym: DRM.

~~~
azakai
I'm not sure why DRM would be more prominent than other applications? Software
diversification is a big topic right now, in the hopes it can make all
software more secure. That could help virtual machines, network stacks, and
really anything from web browsers to entire OSes.

~~~
comex
Tigress is labeled as an "obfuscator" that forces people to "crack, and re-
crack, the code", for "software protection" from the owner of an "untrusted
remote site" [i.e. you on your computer] - its main purpose is to prevent
people who already have full access to the binaries from understanding them.
This is somewhat related to the type of benign diversification that mitigates
exploitation - preventing code that has limited access to the system from
pumping the weird machine correctly - but, I think, not much.

Many techniques required for the first are useless for the second: if
everything is open source, or even if it's not and the attacker is smart
enough (unlike most protection measures which are supposed to be independent
of intelligence...), then measures implemented by this tool like
'virtualization' (i.e. indirecting execution through an interpreter), branch
obfuscation, etc. can be undone easily by an attacker with full access to
memory; if the attacker doesn't have full access, there are much simpler and
more performant types of randomization that are equally good at defeating
them. And measures useful for the second (generally, anything that involves
multiple variations of the same version of a program, to force exploiters to
learn which one is in use) are no good against the first (since the attacker
can just pick one to extract secrets from).

