Assessment of Source Code Obfuscation Techniques

Viticchié, Alessio; Regano, Leonardo; Torchiano, Marco; Basile, Cataldo; Ceccato, Mariano; Tonella, Paolo; Tiella, Roberto

doi:10.1109/scam.2016.17

Cited by 25 publications

(11 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Alessio Viticchi et al [12] Obfuscation technique is normally used in software protection for hiding the software development codes. Dividing it into two major parts -code obfuscation and data obfuscation.…”

Section: Related Workmentioning

confidence: 99%

GLObfus: An Enhanced Data Security Method to Protect Numerical Data in Public Cloud Storage

Amalarethinam¹,

George²

2020

IJCTE

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

GLObfus: An Enhanced Data Security Method to Protect Numerical Data in Public Cloud Storage

Amalarethinam¹,

George²

2020

IJCTE

View full text Add to dashboard Cite

“…Other properties of translated/obfuscated code, such us how harder it is to understand and to attack, are out of the scope of the present paper. To investigate these properties, human studies and controlled experiment are required, and we are planning and conducting them as part of our research activity [5], [24], [6] A. Case Studies…”

Section: Empirical Validationmentioning

confidence: 99%

[Research Paper] Obfuscating Java Programs by Translating Selected Portions of Bytecode to Native Libraries

Pizzolotto

Ceccato

2018

2018 IEEE 18th International Working Conference on Source Code Analysis and Manipulation (SCAM)

Self Cite

View full text Add to dashboard Cite

Code obfuscation is a popular approach to turn program comprehension and analysis harder, with the aim of mitigating threats related to malicious reverse engineering and code tampering. However, programming languages that compile to high level bytecode (e.g., Java) can be obfuscated only to a limited extent. In fact, high level bytecode still contains high level relevant information that an attacker might exploit.In order to enable more resilient obfuscations, part of these programs might be implemented with programming languages (e.g., C) that compile to low level machine-dependent code. In fact, machine code contains and leaks less high level information and it enables more resilient obfuscations.In this paper, we present an approach to automatically translate critical sections of high level Java bytecode to C code, so that more effective obfuscations can be resorted to. Moreover, a developer can still work with a single programming language, i.e., Java.

show abstract

“…There are two main research approaches for the assessment of obfuscation protection techniques, respectively based on internal software metrics [18], [19], [20], [21], [22], [23] and on experiments involving human subjects [24], [25], [26], [27].…”

Section: B Empirical Studies On the Effectiveness Of Code Protectionmentioning

confidence: 99%

“…Ceccato et al [25] measured the correctness and effectiveness achieved by subjects while understanding and modifying decompiled obfuscated Java code, in comparison with decompiled clear code. This work has been extended with a larger set of experiments and additional obfuscation techniques in successive works [26], [27].…”

Section: B Empirical Studies On the Effectiveness Of Code Protectionmentioning

confidence: 99%

How Professional Hackers Understand Protected Code while Performing Attack Tasks

Ceccato

Tonella

Basile

et al. 2017

2017 IEEE/ACM 25th International Conference on Program Comprehension (ICPC)

View full text Add to dashboard Cite

Code protections aim at blocking (or at least delaying) reverse engineering and tampering attacks to critical assets within programs. Knowing the way hackers understand protected code and perform attacks is important to achieve a stronger protection of the software assets, based on realistic assumptions about the hackers' behaviour. However, building such knowledge is difficult because hackers can hardly be involved in controlled experiments and empirical studies.The FP7 European project Aspire has given the authors of this paper the unique opportunity to have access to the professional penetration testers employed by the three industrial partners. In particular, we have been able to perform a qualitative analysis of three reports of professional penetration test performed on protected industrial code.Our qualitative analysis of the reports consists of open coding, carried out by 7 annotators and resulting in 459 annotations, followed by concept extraction and model inference. We identified the main activities: understanding, building attack, choosing and customizing tools, and working around or defeating protections. We built a model of how such activities take place. We used such models to identify a set of research directions for the creation of stronger code protections.2 https://aspire-fp7.eu

show abstract

Assessment of Source Code Obfuscation Techniques

Cited by 25 publications

References 13 publications

GLObfus: An Enhanced Data Security Method to Protect Numerical Data in Public Cloud Storage

GLObfus: An Enhanced Data Security Method to Protect Numerical Data in Public Cloud Storage

[Research Paper] Obfuscating Java Programs by Translating Selected Portions of Bytecode to Native Libraries

How Professional Hackers Understand Protected Code while Performing Attack Tasks

Contact Info

Product

Resources

About