Translingual Obfuscation

Wang, Pei; Wang, Shuai; Jiang, Ming; Jiang, Yufei; Wu, Dinghao

doi:10.1109/eurosp.2016.21

Cited by 17 publications

(6 citation statements)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In contrast, evaluation through empirical experiments always raises concerns about the possibility that the obfuscation can be effectively nullified by some unknown or future deobfuscation methods not considered by the evaluation. Some recent effort has tried to establish standards for assessing the security strength of obfuscation techniques, but it remains unclear how well they can fit the demands of practical software protection.…”

Section: Discussionmentioning

confidence: 99%

“…Domas developed a compiler, which generates a binary employing only the mov family instructions, based on the fact that x86 mov is Turing complete. Wang et al, Lan et al, and Wang et al obfuscated C programs by translating them into declarative languages or abstract computation models, making imperative‐oriented analysis heuristics much less effective. There are also obfuscation methods that are less dependent on special software and hardware features but utilize more general techniques like compression, encryption, and virtualization .…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Field experience with obfuscating million‐user iOS apps in large enterprise mobile development

Wang

Chen³

et al. 2018

Softw Pract Exp

Self Cite

View full text Add to dashboard Cite

Summary In recent years, mobile apps have become the infrastructure of many popular Internet services. It is now common that a mobile app serves millions of users across the globe. By examining the code of these apps, reverse engineers can learn various knowledge about the design and implementation of the apps. Real‐world cases have shown that the disclosed critical information allows malicious parties to abuse or exploit the app‐provided services for unrightful profits, leading to significant financial losses. One of the most viable mitigations against malicious reverse engineering is to obfuscate the apps. Despite that security by obscurity is typically considered to be an unsound protection methodology, software obfuscation can indeed increase the cost of reverse engineering, thus delivering practical merits for protecting mobile apps. In this paper, we share our experience of applying obfuscation to multiple commercial iOS apps, each of which has millions of users. We discuss the necessity of adopting obfuscation for protecting modern mobile business, the challenges of software obfuscation on the iOS platform, and our efforts in overcoming these obstacles. We especially focus on factors that are unique to mobile software development that may affect the design and deployment of obfuscation techniques. We report the outcome of our obfuscation with empirical experiments. We additionally elaborate on the follow‐up case studies about how our obfuscation affected the app publication process and how we responded to the negative impacts. This experience report can benefit mobile developers, security service providers, and Apple as the administrator of the iOS ecosystem.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Field experience with obfuscating million‐user iOS apps in large enterprise mobile development

Wang

Chen³

et al. 2018

Softw Pract Exp

Self Cite

View full text Add to dashboard Cite

show abstract

“…These metrics have been proved to be able to evaluate the complexity of the obfuscated code and have been widely used to evaluate obfuscation techniques in related work. [55], [8], [13].…”

Section: Annotation Dataset Construction 1) Construct Obfuscation Samplesmentioning

confidence: 99%

Semantics-aware obfuscation scheme prediction for binary

Zhao

Tang

et al. 2020

Computers & Security

View full text Add to dashboard Cite

show abstract

“…7, such techniques include code translation, VM(virtual machine)-based obfuscation, decompilation prevention, and diversification. Wang et al (2016) proposed translingual obfuscation, which introduces obscurity by translating the programs written in C into ProLog before compilation. Because ProLog adopts a different program paradigm and execution model from C, the generated binaries should become harder to understand.…”

Section: Software-component-layer Obfuscationmentioning

confidence: 99%

Layered obfuscation: a taxonomy of software obfuscation techniques for layered security

Zhou

Jiang

et al. 2020

Cybersecur

Self Cite

View full text Add to dashboard Cite

Software obfuscation has been developed for over 30 years. A problem always confusing the communities is what security strength the technique can achieve. Nowadays, this problem becomes even harder as the software economy becomes more diversified. Inspired by the classic idea of layered security for risk management, we propose layered obfuscation as a promising way to realize reliable software obfuscation. Our concept is based on the fact that real-world software is usually complicated. Merely applying one or several obfuscation approaches in an ad-hoc way cannot achieve good obscurity. Layered obfuscation, on the other hand, aims to mitigate the risks of reverse software engineering by integrating different obfuscation techniques as a whole solution. In the paper, we conduct a systematic review of existing obfuscation techniques based on the idea of layered obfuscation and develop a novel taxonomy of obfuscation techniques. Following our taxonomy hierarchy, the obfuscation strategies under different branches are orthogonal to each other. In this way, it can assist developers in choosing obfuscation techniques and designing layered obfuscation solutions based on their specific requirements.

show abstract

Translingual Obfuscation

Cited by 17 publications

References 55 publications

Field experience with obfuscating million‐user iOS apps in large enterprise mobile development

Field experience with obfuscating million‐user iOS apps in large enterprise mobile development

Semantics-aware obfuscation scheme prediction for binary

Layered obfuscation: a taxonomy of software obfuscation techniques for layered security

Contact Info

Product

Resources

About