On the Effectiveness of Source Code Transformations for Binary Obfuscation

Obfuscation is gaining momentum as a protection mechanism for the intellectual property contained within or encapsulated by software. Usually, one of the following three directions is followed: source code obfuscation is achieved through source code transformations, Java bytecode obfuscation through transformations on the bytecode, and binary obfuscation through binary rewriting. In this paper, we study the effectiveness of source code transformations for binary obfuscation. The transformations applied by several existing source code obfuscators are empirically shown to have no impact on the stripped binary after compilation. Subsequently, we study which source code transformations are robust enough to percolate through the compiler into

[1]  Koen De Bosschere,et al.  Software Protection Through Dynamic Code Mutation , 2005, WISA.

[2]  Christian S. Collberg,et al.  Software watermarking via opaque predicates: Implementation, analysis, and attacks , 2006, Electron. Commer. Res..

[3]  James R. Cordy,et al.  TXL: A Rapid Prototyping System for Programming Language Dialects , 1991, Comput. Lang..

[4]  Genevieve Arboit,et al.  A Method for Watermarking Java Programs via Opaque Predicates , 2002 .

[5]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[6]  Saumya K. Debray,et al.  Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[7]  Gregory Wroblewski,et al.  General Method of Program Code Obfuscation , 2002 .

[8]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[9]  Koen De Bosschere,et al.  Steganography for Executables and Code Transformation Signatures , 2004, ICISC.

[10]  John C. Knight,et al.  A security architecture for survivability mechanisms , 2001 .

[11]  Christopher W. Pidgeon,et al.  DMS®: Program Transformations for Practical Scalable Software Evolution , 2002, IWPSE '02.

[12]  Jack W. Davidson,et al.  Protection of software-based survivability mechanisms , 2001, 2001 International Conference on Dependable Systems and Networks.

[13]  Levent Ertaul,et al.  Novel Obfuscation Algorithms for Software Security , 2005, Software Engineering Research and Practice.

[14]  Jens Palsberg,et al.  Experience with software watermarking , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[15]  James R. Cordy,et al.  Source transformation, analysis and generation in TXL , 2006, PEPM '06.

[16]  Clark D. Thomborson,et al.  Securing Mobile Agents Control Flow Using Opaque Predicates , 2005, KES.

[17]  Douglas Low,et al.  Java Control Flow Obfuscation , 1998 .

[18]  Koen De Bosschere,et al.  LOCO: an interactive code (De)obfuscation tool , 2006, PEPM '06.

[19]  Levent Ertaul,et al.  JHide - A tool kit for code obfuscation , 2004, IASTED Conf. on Software Engineering and Applications.

[20]  Christian S. Collberg,et al.  Sandmark--A Tool for Software Protection Research , 2003, IEEE Secur. Priv..