Three control flow obfuscation methods for Java software

Hou, Ting‐Wei; Chen, Hsiang-Yang; Tsai, Ming‐Hsiu

doi:10.1049/ip-sen:20050010

Cited by 33 publications

(21 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, the combination of biometric-secured obfuscated interpretation with other software protection techniques, e.g. control flow obfuscation [23] or opaque constructs [24], will be investigated. It is expected, that these techniques can be easily used together and that a combination will not negatively affect the obfuscated interpretation.…”

Section: Future Workmentioning

confidence: 99%

BossPro: a biometrics-based obfuscation scheme for software protection

2013

View full text Add to dashboard Cite

This paper proposes to integrate biometric-based key generation into an obfuscated interpretation algorithm to protect authentication application software from illegitimate use or reverse-engineering. This is especially necessary for mCommerce because application programmes on mobile devices, such as Smartphones and Tablet-PCs are typically open for misuse by hackers. Therefore, the scheme proposed in this paper ensures that a correct interpretation / execution of the obfuscated program code of the authentication application requires a valid biometric generated key of the actual person to be authenticated, in real-time. Without this key, the real semantics of the program cannot be understood by an attacker even if he/she gains access to this application code. Furthermore, the security provided by this scheme can be a vital aspect in protecting any application running on mobile devices that are increasingly used to perform business/financial or other security related applications, but are easily lost or stolen. The scheme starts by creating a personalised copy of any application based on the biometric key generated during an enrolment process with the authenticator as well as a nuance created at the time of communication between the client and the authenticator. The obfuscated code is then shipped to the client's mobile devise and integrated with real-time biometric extracted data of the client to form the unlocking key during execution. The novelty of this scheme is achieved by the close binding of this application program to the biometric key of the client, thus making this application unusable for others. Trials and experimental results on biometric key generation, based on client's faces, and an implemented scheme prototype, based on the Android emulator, prove the concept and novelty of this proposed scheme.

show abstract

Section: Future Workmentioning

confidence: 99%

BossPro: a biometrics-based obfuscation scheme for software protection

2013

View full text Add to dashboard Cite

show abstract

“…[5] presents a framework for quantitative analysis of control-flow obfuscating trans-formations by expressing several existing control-flow obfuscation techniques as a sequence of basic transformations of the control-flow graph. [6] describes three control-flow obfuscation methods to protect Java class files, namely basic block fission, intersecting loop and replacing goto. [7] describes a control-flow obfuscation paradigm based on a two-process model where a permutation of static blocks removes control-flow information from the process and stores it in a concurrent process.…”

Section: Related Workmentioning

confidence: 99%

An Obfuscation-Based Approach against Injection Attacks

Baiardi

Sgandurra²

2011

2011 Sixth International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Abstract-We present an obfuscation strategy to protect a program against injection attacks. The strategy represents the program as a set of code fragments in-between two consecutive system calls (the system blocks) and a graph that represents the execution order of the fragment (the system block graph). The system blocks and the system block graph are partitioned between two virtual machines (VMs). The Blocks-VM stores and executes the system blocks but does not store any information on how control flows across the system blocks. This information is represented only by the system block graph stored in the Graph-VM, which correctly sequentializes the system blocks by analyzing the system block graph and accessing the Blocks-VM. At run-time, each time a system block ends, i.e. the program issues a system call, the execution of the Blocks-VM is frozen and control is transferred to the Graph-VM. After deducing the next system block to be executed from the system block graph, the current system block and the current system call, the Graph-VM updates the return address in the Blocks-VM so that the correct system block is executed and then resumes the Blocks-VM. To protect code integrity, the Graph-VM also stores a hash of each block. The overall strategy results in a clean separation between the program and its control-flow and this is important whenever the Graph-VM is in full control of the user whereas the Blocks-VM may be attacked through code injection. The Graph-VM can discover these attacks because either the current system call is not present in the original program or the hash of the current block is invalid. In all these cases, the Graph-VM halts the execution of the program.We present the algorithm that maps the program source code into the system blocks and the system block graph and discuss a first implementation of the run-time architecture along with some performance results.

show abstract

“…The aim of obfuscation is to avoiding MA code analyzed and understood by destination host. Here, control flow obfuscation is used [9]. Control computation Obfuscations hide the real control flow in a program, it is the process of taking a sequence of instructions and forming an equivalent complicated description.…”

Section: Obfuscated Control Flowmentioning

confidence: 99%

A Scheme for Protecting Mobile Agents Based on Combining Obfuscated Control Flow and Time Checking Technology

Tang¹,

Pei²,

Yao³

2007

2007 International Conference on Computational Intelligence and Security (CIS 2007)

View full text Add to dashboard Cite

Mobile agents are programs that travel autonomously through a computer network in order to perform some computation or gather information on behalf of a human user or an application. In most applications, the security of mobile agents is of the utmost importance. Obfuscation is a technique in which the mobile code producer enforces the security policy by applying a behavior transformation to the code before sending it to run on different platforms. This paper presents a protection scheme of mobile agent in network management application, which combining obfuscated control flow and time checking technology to verify the security of node. How to obtain important data in time checking is given also. The protection scheme is tested in actual network management environment, which can effectively identify the malicious node.

show abstract

Three control flow obfuscation methods for Java software

Cited by 33 publications

References 6 publications

BossPro: a biometrics-based obfuscation scheme for software protection

BossPro: a biometrics-based obfuscation scheme for software protection

An Obfuscation-Based Approach against Injection Attacks

A Scheme for Protecting Mobile Agents Based on Combining Obfuscated Control Flow and Time Checking Technology

Contact Info

Product

Resources

About