PORTO @ Archivio Istituzionale della Ricerca

While many obfuscation schemes proposed, none of them satisfy any strong definition of obfuscation. Furthermore secure general-purpose obfuscation algorithms have been proven to be impossible. Nevertheless, obfuscation schemes which in practice slow down malicious reverse-engineering by obstructing code comprehension for even short periods of time are considered a useful protection against malicious reverse engineering. In previous works, the difficulty of reverse engineering has been mainly estimated by means of code metrics, by the computational complexity of static analysis or by comparing the output of de-obfuscating tools. In this paper we take a different approach and assess the difficulty attackers have in understanding and modifying obfuscated code through controlled experiments involving human subjects.

Towards Experimental Evaluation of Code Obfuscation Techniques / Ceccato, Mariano; DI PENTA, Massimiliano; Nagra, Jasvir; Falcarin, Paolo; Ricca, Filippo; Torchiano, Marco; Tonella, Paolo. - (2008), pp. 39-46. (Intervento presentato al convegno 4th ACM Workshop on Quality of Protection, QoP'08 tenutosi a Alexandria VA, USA nel October. 27) [10.1145/1456362.1456371].

Towards Experimental Evaluation of Code Obfuscation Techniques

FALCARIN, PAOLO;TORCHIANO, MARCO;
2008

Abstract

While many obfuscation schemes proposed, none of them satisfy any strong definition of obfuscation. Furthermore secure general-purpose obfuscation algorithms have been proven to be impossible. Nevertheless, obfuscation schemes which in practice slow down malicious reverse-engineering by obstructing code comprehension for even short periods of time are considered a useful protection against malicious reverse engineering. In previous works, the difficulty of reverse engineering has been mainly estimated by means of code metrics, by the computational complexity of static analysis or by comparing the output of de-obfuscating tools. In this paper we take a different approach and assess the difficulty attackers have in understanding and modifying obfuscated code through controlled experiments involving human subjects.
2008
9781605583211
4.1 Contributo in Atti di convegno
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/1840714
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo