Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Protecting software through obfuscation: Can it keep pace with progress in code analysis?
Schrittwieser S., Katzenbeisser S., Kinder J., Merzdovnik G., Weippl E. ACM Computing Surveys49 (1):1-37,2016.Type:Article
Date Reviewed: Jun 22 2016

Software obfuscation is an attempt to hide the real intent of a piece of software. The first obfuscated malware appeared in 1986, and sophistication has steadily increased since then. Commercial vendors obfuscate their software to block reverse engineering and thereby protect intellectual property. Good guys and bad guys sit on both sides of this aisle, implementing and analyzing obfuscation techniques. Despite decades of practice, though, the effectiveness of obfuscation is still a controversial subject. It’s the intent of this paper to quantify the state of obfuscation and analysis, to measure the arms race and replace opinions with numbers.

The paper is formatted as a survey. It opens with a concise history of code obfuscation followed by a review of prominent research papers. The authors then make their own contribution to the field by categorizing techniques of obfuscation and analysis and building a matrix of obfuscation technique versus analysis technique in order to rank the relative resistance/effectiveness of each method. Where possible, the ranking is based on results reported in the literature; where no results are available, the authors argue their case for a particular ranking.

Their results show that obfuscation can slow down or even block analysis in some cases. As professed by the authors, this is just a beginning, not the last word. The rank is currently only on a scale of 1 to 3; rankings from literature are spotty; and the authors’ rankings are fairly subjective. Most obfuscation analysis has been performed in isolation and with limited resources. Perhaps now that the authors have framed the competition and have built the “March Madness” rankings, additional investigators can examine each match-up in detail and contribute more precise evaluations and weightings for each category.

Even though this paper is not the final word (in fact, the authors fell somewhat short of a definitive answer on the effectiveness of software obfuscation), the material and organization are both valuable for anyone practicing or considering obfuscation. The field has been improved by the authors’ contribution.
Reviewer:  Bayard Kohlhepp Review #: CR144519 (1609-0670)
Bookmark and Share
  Featured Reviewer  
 
Protection Mechanisms (D.2.0 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Protection Mechanisms": Date
Building secure software: how to avoid security problems the right way
Viega J. (ed), McGraw G., Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2002.  493, Type: Book (9780201721522)		 Apr 22 2002
Pluggable verification modules: an extensible protection mechanism for the JVM
Fong P.  Object-oriented programming, systems, languages, and applications (Proceedings of the 19th Annual ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications, Vancouver, BC, Canada, Oct 24-28, 2004)404-418, 2004. Type: Proceedings		 Jul 21 2005
 Traducement: a model for record security
Walcott T., Bishop M. ACM Transactions on Information and System Security 7(4): 576-590, 2004. Type: Article		 May 24 2005
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy