论文信息 - An(other) Exercise in Measuring the Strength of Source Code Obfuscation

An(other) Exercise in Measuring the Strength of Source Code Obfuscation

We experimentally compare the strength of different source code obfuscation techniques by measuring the performance of human analysts. We describe an experimental setup by which it is possible to compare different obfuscation techniques with each other. As techniques, we considered name overloading and opaque predicates, as well as the combination of both. While the results are interesting and show that increased levels of obfuscation decrease the performance of humans, only one result (the use of name overloading) was statistically significant.

Felix C. Freiling | Tilo Müller | Yan Zhuang | Mykola Protsenko

[1] Ran Canetti,et al. Obfuscating Point Functions with Multibit Output , 2008, EUROCRYPT.

[2] Guy N. Rothblum,et al. On Best-Possible Obfuscation , 2007, TCC.

[3] Hoeteck Wee,et al. On obfuscating point functions , 2005, STOC '05.

[4] Clark Thomborson,et al. Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[5] Marco Torchiano,et al. The effectiveness of source code obfuscation: An experimental assessment , 2009, 2009 IEEE 17th International Conference on Program Comprehension.

[6] Fritz Hohl,et al. Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[7] Craig Gentry,et al. Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[8] Marco Torchiano,et al. Towards experimental evaluation of code obfuscation techniques , 2008, QoP '08.

[9] Roberto Giacobazzi,et al. Semantics-based code obfuscation by abstract interpretation , 2009, J. Comput. Secur..