Cloud Protection by Obfuscation: Techniques and Metrics

This paper presents a survey of software protection based on the concept of security by obscurity, code obfuscation is now a hot topic in the field of digital right management, protecting against reverse engineering and tampering. Obfuscation comes in handy in situations where depending on cryptographic techniques is not enough, this is typical in remote execution situations where the software is executed on an unforeseen exposed hostile environment, such as the new computing platforms: cloud-computing paradigm and smartphones. Obfuscation is popular among malware and virus developers but also game developers and industrials who need to protect their intellectual property. They use it to conceal the operation of their code while executing in an uncontrolled environment. In this paper, we discuss the same concepts but for the different purpose of cloud security. We explore the state-of-the art in techniques and algorithms for software obfuscation. We also address how to assess the strength of these techniques via a concrete set of metrics.

[1]  Koen De Bosschere,et al.  Program obfuscation: a quantitative approach , 2007, QoP '07.

[2]  Matthew T. Karnick,et al.  A QUALITATIVE ANALYSIS OF JAVA OBFUSCATION , 2006 .

[3]  Thomas H. Karas,et al.  Metaphors for cyber security. , 2008 .

[4]  Samantha Jenkins,et al.  Information theory-based software metrics and obfuscation , 2004, J. Syst. Softw..

[5]  Robert J. Aumann,et al.  Chapter 43 Incomplete information , 2002 .

[6]  Markus G. Kuhn,et al.  Information hiding-a survey , 1999, Proc. IEEE.

[7]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[8]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[9]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[10]  R. Jithin,et al.  Virtual Machine Isolation - A Survey on the Security of Virtual Machines , 2014, SNDS.

[11]  Gregory Wroblewski,et al.  General Method of Program Code Obfuscation , 2002 .

[12]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[13]  Michael Mateas,et al.  A Box, Darkly: Obfuscation, Weird Languages, and Code Aesthetics , 2005 .

[14]  Dusko Pavlovic,et al.  Gaming security by obscurity , 2011, NSPW '11.

[15]  Gösta Grahne Incomplete Information , 2009, Encyclopedia of Database Systems.

[16]  Arini Balakrishnan,et al.  Code Obfuscation Literature Survey , 2005 .