The ability to protect software from malicious reverse engineering remains a challenge faced by commercial software companies who invest a large amount of resources in the development of their software product. In order to protect their investment from potential attacks such as illegal copying, tampering, and malicious reverse engineering, most companies utilize some type of protection software, also known as obfuscators, to create variants of their products that are more resilient to adversarial analysis. In this paper, we report on the effectiveness of different commercial obfuscators against traditional man-at-the-end (MATE) attacks where an adversary can utilize tools such as debuggers, disassemblers, and de-compilers as a legitimate end-user of a binary executable. Our case study includes four benchmark programs that have associated adversarial goals categorized as either comprehension or change tasks. We use traditional static and dynamic analysis techniques to identify the adversarial workload and outcomes before and after each program is transformed by a set of three commercial obfuscators. Our results confirm what is typically assumed: an adversary with a reasonable background in the computing disciplines can both comprehend and make changes to any of our completely unprotected programs using standard tools. Additionally, given the same skill set and attack approach, protected programs can still be probed to leak certain information, but none could be successfully altered and saved to create a cracked version. As a contribution, our methodology is unique compared to prior studies on obfuscation effectiveness in that we categorize adversarial skill and delineate program goals into comprehension and change ability, while considering the load time and overhead of obfuscated variants.
[1]
Roger S. Pressman,et al.
Software Engineering: A Practitioner's Approach
,
1982
.
[2]
Steven Furnell,et al.
Man-At-The-End attacks: Analysis, taxonomy, human aspects, motivation and future directions
,
2015,
J. Netw. Comput. Appl..
[3]
Amit Sahai,et al.
On the (im)possibility of obfuscating programs
,
2001,
JACM.
[4]
Mamta Garg,et al.
Reverse Engineering - Roadmap to Effective software Design
,
2009
.
[5]
A. Berztiss,et al.
Requirements Engineering
,
2002,
J. Object Technol..
[6]
Ulf Nilsson,et al.
A Comparative Study of Industrial Static Analysis Tools
,
2008,
SSV.
[7]
Linda M. Head,et al.
A COMPARATIVE STUDY OF JAVA OBFUSCATORS
,
2005
.
[8]
Todd R. Andel,et al.
Probing the Limits of Virtualized Software Protection
,
2014,
PPREW@ACSAC.
[9]
Marco Torchiano,et al.
A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques
,
2013,
Empirical Software Engineering.
[10]
Paolo Falcarin,et al.
Guest Editors' Introduction: Software Protection
,
2011,
IEEE Software.
[11]
Christian S. Collberg,et al.
A Taxonomy of Obfuscating Transformations
,
1997
.
[12]
Bruce McMillin,et al.
Software engineering: What is it?
,
2018,
2018 IEEE Aerospace Conference.
[13]
Christian S. Collberg,et al.
Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection
,
2002,
IEEE Trans. Software Eng..
[14]
Michael Chau,et al.
The classification of hackers by knowledge exchange behaviors
,
2015,
Inf. Syst. Frontiers.
[15]
Christian S. Collberg,et al.
Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection
,
2009,
Addison-Wesley Software Security Series.