Obfuscation techniques are a general category of software protections widely adopted to prevent malicious tampering of the code by making applications more difficult to understand and thus harder to modify. Obfuscation techniques are divided in code and data obfuscation, depending on the protected asset. While preliminary empirical studies have been conducted to determine the impact of code obfuscation, our work aims at assessing the effectiveness and efficiency in preventing attacks of a specific data obfuscation technique – VarMerge. We conducted an experiment with student participants performing two attack tasks on clear and obfuscated versions of two applications written in C. The experiment showed a significant effect of data obfuscation on both the time required to complete and the successful attack efficiency. An application with VarMerge reduces by six times the number of successful attacks per unit of time. This outcome provides a practical clue that can be used when applying software protections based on data obfuscation.

Assessment of Source Code Obfuscation Techniques / Viticchie', Alessio; Regano, Leonardo; Torchiano, Marco; Basile, Cataldo; Ceccato, Mariano; Tonella, Paolo; Tiella, Roberto. - ELETTRONICO. - (2016), pp. 11-20. ((Intervento presentato al convegno IEEE 16th International Working Conference on Source Code Analysis and Manipulation tenutosi a Raleigh, NC (USA) nel October 2-3, 2016 [10.1109/SCAM.2016.17].

Assessment of Source Code Obfuscation Techniques

VITICCHIE', ALESSIO;REGANO, LEONARDO;TORCHIANO, MARCO;BASILE, CATALDO;
2016

Abstract

Obfuscation techniques are a general category of software protections widely adopted to prevent malicious tampering of the code by making applications more difficult to understand and thus harder to modify. Obfuscation techniques are divided in code and data obfuscation, depending on the protected asset. While preliminary empirical studies have been conducted to determine the impact of code obfuscation, our work aims at assessing the effectiveness and efficiency in preventing attacks of a specific data obfuscation technique – VarMerge. We conducted an experiment with student participants performing two attack tasks on clear and obfuscated versions of two applications written in C. The experiment showed a significant effect of data obfuscation on both the time required to complete and the successful attack efficiency. An application with VarMerge reduces by six times the number of successful attacks per unit of time. This outcome provides a practical clue that can be used when applying software protections based on data obfuscation.
978-1-5090-3848-0
File in questo prodotto:
File Dimensione Formato  
scam2016.pdf

accesso aperto

Descrizione: Articolo
Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 317.16 kB
Formato Adobe PDF
317.16 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

Caricamento pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2651467
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo