A Framework for Measuring Software Obfuscation Resilience against Automated Attacks

Bănescu, Sebastian; Ochoa, Martín; Pretschner, Alexander

doi:10.1109/spro.2015.16

Cited by 20 publications

(12 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast, evaluation through empirical experiments always raises concerns about the possibility that the obfuscation can be effectively nullified by some unknown or future deobfuscation methods not considered by the evaluation. Some recent effort has tried to establish standards for assessing the security strength of obfuscation techniques, but it remains unclear how well they can fit the demands of practical software protection.…”

Section: Discussionmentioning

confidence: 99%

“…Practitioners in industry mostly evaluate the resilience of an obfuscation technique through white‐hat penetration tests. Although the procedures of these tests are exceedingly subjected to human intuition and experience, the early steps are fairly standard. Typically, the testers will first use automated reverse engineering tools to transform binary code into a form that is much more convenient for humans to inspect.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Field experience with obfuscating million‐user iOS apps in large enterprise mobile development

Wang

Chen³

et al. 2018

Softw Pract Exp

View full text Add to dashboard Cite

Summary In recent years, mobile apps have become the infrastructure of many popular Internet services. It is now common that a mobile app serves millions of users across the globe. By examining the code of these apps, reverse engineers can learn various knowledge about the design and implementation of the apps. Real‐world cases have shown that the disclosed critical information allows malicious parties to abuse or exploit the app‐provided services for unrightful profits, leading to significant financial losses. One of the most viable mitigations against malicious reverse engineering is to obfuscate the apps. Despite that security by obscurity is typically considered to be an unsound protection methodology, software obfuscation can indeed increase the cost of reverse engineering, thus delivering practical merits for protecting mobile apps. In this paper, we share our experience of applying obfuscation to multiple commercial iOS apps, each of which has millions of users. We discuss the necessity of adopting obfuscation for protecting modern mobile business, the challenges of software obfuscation on the iOS platform, and our efforts in overcoming these obstacles. We especially focus on factors that are unique to mobile software development that may affect the design and deployment of obfuscation techniques. We report the outcome of our obfuscation with empirical experiments. We additionally elaborate on the follow‐up case studies about how our obfuscation affected the app publication process and how we responded to the negative impacts. This experience report can benefit mobile developers, security service providers, and Apple as the administrator of the iOS ecosystem.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Field experience with obfuscating million‐user iOS apps in large enterprise mobile development

Wang

Chen³

et al. 2018

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…and study [52] used two different sub-measures of human efforts to estimate the resilience. Therefore, the total frequency is 84 studies (i.e., greater than the number of primary studies) because of using more than one submeasure by a single author or study.…”

Section: E Measure-based Analysis (Rq5)mentioning

confidence: 99%

Measuring Software Obfuscation Quality–A Systematic Literature Review

2021

View full text Add to dashboard Cite

Software obfuscation techniques are increasingly being used to prevent attackers from exploiting security flaws and launching successful attacks. With research on software obfuscation techniques rapidly growing, many software obfuscation techniques with varying quality and strength have been proposed in the literature. However, the literature on obfuscation techniques has not yet been coherently collated and reviewed. This research paper aims to present an overview of state-of-the-art software obfuscation techniques, focusing on quality and strength. A systematic analysis and synthesis of literature published between 2010 and April 2021 has been performed to identify the common measures to quantify obfuscation and their measures, the publication venue, and the home country of the researchers. We have identified the obfuscation quality attributes, such as potency, resilience, cost, stealth, and similarity, that are the most widely used metrics to evaluate the quality of obfuscation techniques. In addition, different measures have been used to quantify these qualities, such as complexity (to measure potency), human effort (to measure resilience), efficiency (to estimate cost), and multiclass performance metrics, distance measures, and matching method (to quantify similarity). These measures were then categorized into sub-measures. The literature lacks research in the following two areas: empirical research using a case study strategy, i.e., realworld datasets, and measurements of obfuscation stealth. Researchers did not address stealth as clearly as they addressed potency, cost, and similarity.

show abstract

“…We use the obfuscation benchmark provided by Banescu [2] as our benchmark programs. A subset of the benchmark contains source code files that are randomly generated by Tigress.…”

Section: B Benchmark Programsmentioning

confidence: 99%

A Heuristic Approach to Detect Opaque Predicates that Disrupt Static Disassembly

Tung¹,

Harris²

2020

Proceedings 2020 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

Opaque predicates are used to perform code obfuscation by injecting superfluous branches into the program. Superfluous branches are the gateways for junk bytes or unreachable code to inconspicuously mingle with authentic code instructions. In this paper, we focus on the case where opaque predicates introduce junk bytes, thus causing damage to the static disassembly process when junk bytes are also treated as code. Although introduced two decades ago, detecting opaque predicates is still an unsolved problem due to the flexibility in their constructions. Past works on detecting opaque predicates only detect opaque predicates with specific constructions. We propose a novel approach to opaque predicates detection that allows us to generically detect opaque predicates when the damage is the inserted junk bytes. Our proposed approach is the first to detect opaque predicates by identifying their corresponding superfluous branches through the damage caused by the obfuscation. Preliminary experiments show the potential of this novel approach by detecting opaque predicates of varied constructions.

show abstract

A Framework for Measuring Software Obfuscation Resilience against Automated Attacks

Cited by 20 publications

References 16 publications

Field experience with obfuscating million‐user iOS apps in large enterprise mobile development

Field experience with obfuscating million‐user iOS apps in large enterprise mobile development

Measuring Software Obfuscation Quality–A Systematic Literature Review

A Heuristic Approach to Detect Opaque Predicates that Disrupt Static Disassembly

Contact Info

Product

Resources

About