caml-list - the Caml user's mailing list
 help / color / mirror / Atom feed
* Re: Reverse-Engineering Bytecode: A Possible Commercial Objection To O'Caml
@ 2000-06-07 21:41 Michael Donat
  2000-06-09 17:17 ` Signatures (was: Reverse-Engineering Bytecode) Thorsten Ohl
  0 siblings, 1 reply; 6+ messages in thread
From: Michael Donat @ 2000-06-07 21:41 UTC (permalink / raw)
  To: caml-list

>How can companies protect their bytecode, at least their modules, from
reverse
>engineering?


I believe that if someone has the desire to reverse engineer OCaml bytecode
someone will also have these other capabilities:

1) Be able to reverse engineer native code.
2) Be able to run the OCaml bytecode system in a debugger, stop after your
bytecode was decrypted, and reverse engineer it from there.

I don't see a benefit in having an OCaml module encryption system.

If you want to encrypt important portions of your app, you might consider
producing your own bytecode system. The main benefit of this approach is
that your bytecode is private, thus dramatically intensifying the effort
required to reverse engineer. I think this would be a much more effective
use of time than implementing an OCaml module encryption system.

Michael Donat





^ permalink raw reply	[flat|nested] 6+ messages in thread

* Signatures (was: Reverse-Engineering Bytecode)
  2000-06-07 21:41 Reverse-Engineering Bytecode: A Possible Commercial Objection To O'Caml Michael Donat
@ 2000-06-09 17:17 ` Thorsten Ohl
  2000-06-09 21:56   ` Vitaly Lugovsky
  0 siblings, 1 reply; 6+ messages in thread
From: Thorsten Ohl @ 2000-06-09 17:17 UTC (permalink / raw)
  To: caml-list

Michael Donat <donat@intergate.bc.ca> writes:

> I don't see a benefit in having an OCaml module encryption system.

But a cryptographic O'Caml module _signature_ system could be useful
for checking the integrity of applications.  I always distribute my
work as source, but it would be useful if there was a way to check
that the sources have not been modified if someone sends in a bug
report.

Even better would be a fixed point condition that would allow to print
a warning message: ``The sources have been modified, you can do
anything you want, but don't blame me or the results.''

Cheers,
-Thorsten
-- 
Thorsten Ohl, Physics Department, TU Darmstadt -- ohl@hep.tu-darmstadt.de
http://heplix.ikp.physik.tu-darmstadt.de/~ohl/ [<=== PGP public key here]




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Signatures (was: Reverse-Engineering Bytecode)
  2000-06-09 17:17 ` Signatures (was: Reverse-Engineering Bytecode) Thorsten Ohl
@ 2000-06-09 21:56   ` Vitaly Lugovsky
  2000-06-12 14:23     ` Markus Mottl
  0 siblings, 1 reply; 6+ messages in thread
From: Vitaly Lugovsky @ 2000-06-09 21:56 UTC (permalink / raw)
  To: Thorsten Ohl; +Cc: caml-list

On Fri, 9 Jun 2000, Thorsten Ohl wrote:

> > I don't see a benefit in having an OCaml module encryption system.
> 
> But a cryptographic O'Caml module _signature_ system could be useful
> for checking the integrity of applications.  I always distribute my
> work as source, but it would be useful if there was a way to check
> that the sources have not been modified if someone sends in a bug
> report.
> 
> Even better would be a fixed point condition that would allow to print
> a warning message: ``The sources have been modified, you can do
> anything you want, but don't blame me or the results.''

 But it don't need a core support from OCaml - you just can use MD5 checksum
or something like this....

--

   V.S.Lugovsky aka Mauhuur (http://ontil.ihep.su/~vsl) (UIN=45482254)





^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Signatures (was: Reverse-Engineering Bytecode)
  2000-06-09 21:56   ` Vitaly Lugovsky
@ 2000-06-12 14:23     ` Markus Mottl
  2000-06-13 12:54       ` Thorsten Ohl
  0 siblings, 1 reply; 6+ messages in thread
From: Markus Mottl @ 2000-06-12 14:23 UTC (permalink / raw)
  To: Vitaly Lugovsky; +Cc: Thorsten Ohl, caml-list

On Sat, 10 Jun 2000, Vitaly Lugovsky wrote:
> On Fri, 9 Jun 2000, Thorsten Ohl wrote:
> > Even better would be a fixed point condition that would allow to print
> > a warning message: ``The sources have been modified, you can do
> > anything you want, but don't blame me or the results.''
> 
>  But it don't need a core support from OCaml - you just can use MD5 checksum
> or something like this....

Which is already available under OCaml, anyway:

  let md5 = Digest.file "foo" in ...

Regards,
Markus Mottl

-- 
Markus Mottl, mottl@miss.wu-wien.ac.at, http://miss.wu-wien.ac.at/~mottl




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Signatures (was: Reverse-Engineering Bytecode)
  2000-06-12 14:23     ` Markus Mottl
@ 2000-06-13 12:54       ` Thorsten Ohl
  2000-06-13 13:02         ` Vitaly Lugovsky
  0 siblings, 1 reply; 6+ messages in thread
From: Thorsten Ohl @ 2000-06-13 12:54 UTC (permalink / raw)
  To: caml-list; +Cc: Markus Mottl, Vitaly Lugovsky

> Even better would be a fixed point condition that would allow to
> print a warning message: ``The sources have been modified, you can
> do anything you want, but don't blame me or the results.''

Vitaly Lugovsky wrote:

> But it don't need a core support from OCaml - you just can use MD5
> checksum or something like this....

I'm not so sure.  I woudl liek to access a checksum of the actual
sources that have been used to compile the module implementations in
the currently running program, just like Dynlink does for module
types.

One can play games with MD5 and a `Signatures' module in the Makefile,
but this is not 100%ly secure, because the code could be compiled by
hand, without updating the checksums.

Or am I missing something here?

Cheers,
-Thorsten
-- 
Thorsten Ohl, Physics Department, TU Darmstadt -- ohl@hep.tu-darmstadt.de
http://heplix.ikp.physik.tu-darmstadt.de/~ohl/ [<=== PGP public key here]




^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Signatures (was: Reverse-Engineering Bytecode)
  2000-06-13 12:54       ` Thorsten Ohl
@ 2000-06-13 13:02         ` Vitaly Lugovsky
  0 siblings, 0 replies; 6+ messages in thread
From: Vitaly Lugovsky @ 2000-06-13 13:02 UTC (permalink / raw)
  To: Thorsten Ohl; +Cc: caml-list, Markus Mottl

On Tue, 13 Jun 2000, Thorsten Ohl wrote:

> One can play games with MD5 and a `Signatures' module in the Makefile,
> but this is not 100%ly secure, because the code could be compiled by
> hand, without updating the checksums.
> 
> Or am I missing something here?

 We can use a script wrapper to compiler itself, like it does ocamlfind.
And so, we don't need to change the compiler code...

--

   V.S.Lugovsky aka Mauhuur (http://ontil.ihep.su/~vsl) (UIN=45482254)





^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2000-06-13 16:50 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2000-06-07 21:41 Reverse-Engineering Bytecode: A Possible Commercial Objection To O'Caml Michael Donat
2000-06-09 17:17 ` Signatures (was: Reverse-Engineering Bytecode) Thorsten Ohl
2000-06-09 21:56   ` Vitaly Lugovsky
2000-06-12 14:23     ` Markus Mottl
2000-06-13 12:54       ` Thorsten Ohl
2000-06-13 13:02         ` Vitaly Lugovsky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).