Affiliation:
1. School of Cybersecurity, Korea University, Seoul 02841, Republic of Korea
Abstract
Malicious reverse engineering of software has served as a valuable technique for attackers to infringe upon and steal intellectual property. We can employ obfuscation techniques to protect against such attackers as useful tools to safeguard software. Applying obfuscation techniques to source code can prevent malicious attackers from reverse engineering a program. However, the ambiguity surrounding the protective efficacy of these source code obfuscation tools and techniques presents challenges for users in evaluating and comparing the varying degrees of protection provided. This paper addresses these issues and presents a methodology to quantify the effect of source code obfuscation. Our proposed method is based on three main types of data: (1) the control flow graph, (2) the program path, and (3) the performance overhead added to the process—all of which are derived from a program analysis conducted by human experts and automated tools. For the first time, we have implemented a tool that can quantitatively evaluate the quality of obfuscation techniques. Then, to validate the effectiveness of the implemented framework, we conducted experiments using four widely recognized commercial and open-source obfuscation tools. Our experimental findings, based on quantitative values related to obfuscation techniques, demonstrate that our proposed framework effectively assesses obfuscation quality.
Funder
Agency for Defense Development
Reference62 articles.
1. Banescu, S., Ochoa, M., and Pretschner, A. (2015, January 16–24). A framework for measuring software obfuscation resilience against automated attacks. Proceedings of the 2015 IEEE/ACM 1st International Workshop on Software Protection, Florence, Italy.
2. Man-At-The-End attacks: Analysis, taxonomy, human aspects, motivation and future directions;Akhunzada;J. Netw. Comput. Appl.,2015
3. Watermarking, tamper-proofing, and obfuscation-tools for software protection;Collberg;IEEE Trans. Softw. Eng.,2002
4. Bhansali, S., Aris, A., Acar, A., Oz, H., and Uluagac, A.S. (2022, January 16–19). A first look at code obfuscation for webassembly. Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks, San Antonio, TX, USA.
5. Collberg, C., Thomborson, C., and Low, D. (1997). A Taxonomy of Obfuscating Transformations, Department of Computer Science, The University of Auckland. Technical Report.