Security by Obscurity

Problem
Even when a program is distributed in binary form, it is vulnerable to unauthorized changes. Consider, for instance, a computer game. Although its code is distributed in binary form, it can be disassembled, executed under a debugger, etc. The "attacker's" purpose in this scenario is to find the location of some "interesting" data in the game, like "life", "energy", "gold", etc. The game programmer has very little protection against this kind of attack, as the binary code is available to the attacker. Furthermore, the attacker is not interested in disabling any functionality, but in supplying values that the program would consider valid anyway (e.g., a high value for "energy"). In this case, the only resort of the game programmer seems to be "security by obscurity": the values can be hidden, can be made hard to trace, etc. The purpose of this project is to examine such mechanisms and discuss to which extent they can be automated.

Here is what you need to do.

1. Read this very nice article. The author offers suggestions on how to make sensitive data hard to trace. Consider the possibilities for automation (e.g., compiler support for making sure that data is not reliably accessible by following static pointers).
2. Speculate what the overhead might be for such compiler-based techniques. What would be a good interface (i.e., language extensions) for the programmer to designate "sensitive" data?
3. Search the bibliography for related work.

• Write a 3-5 page report.