Abstract
Obfuscation is a popular software transformation to protect intellectual property and avoid reverse engineering. It relies on introducing additional instructions and changing control-flow without affecting program semantics. This introduces overheads in terms of memory, execution time and energy consumption for resource-constrained embedded devices. In this work, we show that these overheads are dependent on three factors: the transformations and their combinations selected, the tool used to effect these transformations and the program workload. In addition, there exists a need for measuring the security of obfuscated code. In this work, we develop a framework for evaluating software obfuscation tools potentially highlighting costs and benefits associated with obfuscation and analyze energy-performance-security trade offs for embedded devices. Our experiments using two popular obfuscation tools, Obfuscation Low-Level Virtual Machine (OLLVM) and Tigress, show that obfuscation could potentially lead to a 5-fold increase in execution time and energy consumption depending on these factors. In addition, Tigress provides more security and simultaneously incurs significant energy consumption compared to OLLVM. Our cost-benefit analysis with respect to energy, performance and security can be used to determine the optimal choice of security measures for resource-constrained environments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
OLLVM Github. https://github.com/obfuscator-llvm/obfuscator
Lattner, C., Adve, V.: The LLVM compiler framework and infrastructure tutorial. In: Eigenmann, R., Li, Z., Midkiff, S.P. (eds.) LCPC 2004. LNCS, vol. 3602, pp. 15–16. Springer, Heidelberg (2005). https://doi.org/10.1007/11532378_2
Banescu, S., et al.: Code obfuscation against symbolic execution attacks. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, Los Angeles, CA, USA, 5–9 December 2016, pp. 189–200 (2016). http://dl.acm.org/citation.cfm?id=2991114
Behera, C.K., Bhaskari, D.L.: Different obfuscation techniques for code protection. Procedia Comput. Sci. 70, 757–763 (2015)
Balakrishnan, A., Schulze, C.: Code obfuscation literature survey. CS701 Construction of compilers, 19 (2005)
Dong, S., et al.: Understanding android obfuscation techniques: a large-scale investigation in the wild. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICST, vol. 254, pp. 172–192. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01701-9_10
Junod, P., et al.: Obfuscator-LLVM - software protection for the masses. In: Wyseur, B. (ed.) Proceedings of the IEEE/ACM 1st International Workshop on Software Protection, SPRO 2015, Firenze, Italy, 19 May 2015, pp. 3–9. IEEE. https://doi.org/10.1109/SPRO.2015.10
Piao, Y., Jung, J., Yi, J.H.: Structural and functional analyses of ProGuard obfuscation tool. J. Korean Inst. Commun. Inf. Sci. 38(8), 654–662 (2013)
Allatori Java obfuscator. http://www.allatori.com/
Dasho - preemptive solutions. http://www.preemptive.com/products/dasho
Zelix klassmaster. http://www.zelix.com/klassmaster/
Joshi, H.P., Dhanasekaran, A., Dutta, R.: Trading off a vulnerability: does software obfuscation increase the risk of ROP attacks. J. Cyber Secur. Mobil. 4(4), 305–324 (2015)
Scrinzi, F.: Behavioral analysis of obfuscated code. Master’s thesis, University of Twente (2015)
Khan, S., et al.: Using predictive modeling for cross-program design space exploration in multicore systems. In: 16th International Conference on Parallel Architecture and Compilation Techniques (PACT 2007), pp. 327–338. IEEE (2007)
Sankaran, S.: Predictive modeling based power estimation for embedded multicore systems. In: Proceedings of the ACM International Conference on Computing Frontiers, pp. 370–375 (2016)
Sankaran, S., Sridhar, R.: Energy modeling for mobile devices using performance counters. In: 2013 IEEE 56th International Midwest Symposium on Circuits and Systems (MWSCAS), pp. 441–444. IEEE (2013)
Grech, N., et al.: Static energy consumption analysis of LLVM IR programs. Comput. Res. Repos., 1–12 (2014)
Đuković, M., Varga, E.: Load profile-based efficiency metrics for code obfuscators. Acta Polytechnica Hungarica 12(5) (2015)
Sankaran, S., Gupta, M.: Game theoretic modeling of power-performance trade-offs for mobile devices. In: 2018 8th International Symposium on Embedded Computing and System Design (ISED), pp. 220–224. IEEE (2018)
Sahin, C., et al.: How does code obfuscation impact energy usage? J. Softw. Evol. Process. 28(7), 565–588 (2016)
Raj, A., Jithish, J., Sankaran, S.: Modelling the impact of code obfuscation on energy usage. In: DIAS/EDUDM@ ISEC (2017)
Viticchié, A., et al.: Assessment of source code obfuscation techniques. In: 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 11–20. IEEE (2016)
Banescu, S., Collberg, C., Pretschner, A.: Predicting the resilience of obfuscated code against symbolic execution attacks via machine learning. In: 26th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 17), pp. 661–678 (2017)
Wu, Y., et al.: A framework for measuring the security of obfuscated software. In: Proceedings of 2010 International Conference on Test and Measurement (2010)
Powerstat. http://manpages.ubuntu.com/manpages/xenial/man8/powerstat.8.html
Guthaus, M.R., et al.: MiBench: a free, commercially representative embedded benchmark suite. In: Proceedings of the Fourth Annual IEEE International Workshop on Workload Characterization. WWC-4 (Cat. No. 01EX538), pp. 3–14. IEEE (2001)
Heffner, K., Collberg, C.: The obfuscation executive. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 428–440. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30144-8_36
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Suresh, A.J., Sankaran, S. (2020). A Framework for Evaluation of Software Obfuscation Tools for Embedded Devices. In: Batina, L., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2020. Communications in Computer and Information Science, vol 1338. Springer, Singapore. https://doi.org/10.1007/978-981-33-4706-9_1
Download citation
DOI: https://doi.org/10.1007/978-981-33-4706-9_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-33-4705-2
Online ISBN: 978-981-33-4706-9
eBook Packages: Computer ScienceComputer Science (R0)