Tigress Diversifying C Virtualizer

The Tigress Diversifying C Virtualizer supports against various novel defenses, static and dynamic alike, against well-known de-virtualization attacks. Furthermore, Tigress contains a collection of traditional obfuscating transformations such as control-flow flattening, opaque predicate insertion, and function merging and splitting. As a result, the generated interpreters are stealthier, more diverse, and more resilient to attacks.

Advantages:

• Tigress supports all of the C99 language, including gcc extensions
• The transformed code can be easily examined, which is useful in a pedagogical setting
• Tigress' output, once compiled and stripped of symbols, becomes a good target for reverse engineering and de-virtualization exercises
• Tigress' design is similar to that of commercial tools, such as Cloakware/IRDETO's C/C++ Transcoder, although the set of transformations we support is, obviously, much more limited

Applications:

• Tigress was originally designed as the backend of a system for distributed applications tamper detection via continuous software updates. The idea is to force rapid updates to the code running on an untrusted remote site in order to increase the workload of the attacker who has to crack, and re-crack, the code as it is constantly updated.
• Tigress is currently used for studies into diversity
• Tigress is planned to be used to generate collections of software protection benchmark programs that will provide the community with much needed attack targets
• May devise uniform and generally accepted evaluation procedures for software protection algorithms
• De-virtualization research projects will use Tigress-generated interpreters as one of their attack targets, allowing us to further explore the virtualizer/de-virtualizer cat-and-mouse game