Archivio Istituzionale della RicercaObfuscation techniques are a general category of software protections widely adopted to prevent malicious tampering of the code by making applications more difficult to understand and thus harder to modify. Obfuscation techniques are divided in code and data obfuscation, depending on the protected asset. While preliminary empirical studies have been conducted to determine the impact of code obfuscation, our work aims at assessing the effectiveness and efficiency in preventing attacks of a specific data obfuscation technique – VarMerge. We conducted an experiment with student participants performing two attack tasks on clear and obfuscated versions of two applications written in C. The experiment showed a significant effect of data obfuscation on both the time required to complete and the successful attack efficiency. An application with VarMerge reduces by six times the number of successful attacks per unit of time. This outcome provides a practical clue that can be used when applying software protections based on data obfuscation.
Assessment of Source Code Obfuscation Techniques / Viticchie', Alessio; Regano, Leonardo; Torchiano, Marco; Basile, Cataldo; Ceccato, Mariano; Tonella, Paolo; Tiella, Roberto. - ELETTRONICO. - (2016), pp. 11-20. (Intervento presentato al convegno IEEE 16th International Working Conference on Source Code Analysis and Manipulation tenutosi a Raleigh, NC (USA) nel October 2-3, 2016) [10.1109/SCAM.2016.17].
Assessment of Source Code Obfuscation Techniques
VITICCHIE', ALESSIO;REGANO, LEONARDO;TORCHIANO, MARCO;BASILE, CATALDO;
2016
Abstract
Obfuscation techniques are a general category of software protections widely adopted to prevent malicious tampering of the code by making applications more difficult to understand and thus harder to modify. Obfuscation techniques are divided in code and data obfuscation, depending on the protected asset. While preliminary empirical studies have been conducted to determine the impact of code obfuscation, our work aims at assessing the effectiveness and efficiency in preventing attacks of a specific data obfuscation technique – VarMerge. We conducted an experiment with student participants performing two attack tasks on clear and obfuscated versions of two applications written in C. The experiment showed a significant effect of data obfuscation on both the time required to complete and the successful attack efficiency. An application with VarMerge reduces by six times the number of successful attacks per unit of time. This outcome provides a practical clue that can be used when applying software protections based on data obfuscation.
| File | Dimensione | Formato | |
|---|---|---|---|
|
scam2016.pdf
accesso aperto
Descrizione: Articolo
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
317.16 kB
Formato
Adobe PDF
|
317.16 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2651467
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo