Article

Program obfuscation: a quantitative approach

Authors:

Bertrand Anckaert,

Bjorn De Sutter,

Koen De Bosschere,

Bart PreneelAuthors Info & Claims

QoP '07: Proceedings of the 2007 ACM workshop on Quality of protection

Pages 15 - 20

https://doi.org/10.1145/1314257.1314263

Published: 29 October 2007 Publication History

Abstract

Despite the recent advances in the theory underlying obfuscation, there still is a need to evaluate the quality of practical obfuscating transformations more quickly and easily. This paper presents the first steps toward a comprehensive evaluation suite consisting of a number of deobfuscating transformations and complexity metrics that can be readily applied on existing and future transformations in the domain of binary obfuscation. In particular, a framework based on software complexity metrics measuring four program properties: code, control flow, data and data flow is suggested. A number of well-known obfuscating and deobfuscating transformations are evaluated based upon their impact on a set of complexity metrics. This enables us to quantitatively evaluate the potency of the (de)obfuscating transformations.

References

[1]

A. Appel. Deobfuscation is in np, August 2002.

[2]

G. Arboit. A method for watermarking java programs via opaque predicates. In The Fifth International Conference on Electronic Commerce Research (ICECR-5), 2002.

[3]

D. Aucsmith. Tamper resistant software: an implementation. Information Hiding, Lecture Notes in Computer Science, 1174:317--333, 1996.

Digital Library

[4]

G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 executables. In Proc. Int. Conf. on Compiler Construction, pages 5--23, 2004.

[5]

B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang. On the (im)possibility of obfuscating programs. Advances in cryptology, LNCS, 2139:1--18, 2001.

Digital Library

[6]

P. Biondi and F. Desclaux. Silver needle in the skype. In BlackHat Europe, 2006.

[7]

B. De Bus, B. De Sutter, L. Van Put, D. Chanet, and K. De Bosschere. Link-time optimization of ARM binaries. In Proc. LCTES, pages 211--220, 2004.

Digital Library

[8]

R. Canetti. Towards realizing random oracles: Hash functions that hide all partial information. CRYPTO 1997.

Digital Library

[9]

Cloakware Corp: S. Chow, H. Johnson, and Y. Gu. Tamper Resistant Software - Control Flow Encoding, Patent US 6,779,114, Filed 1999, Granted 2004.

[10]

F. Cohen. Operating system evolution through program evolution. Computers and Security, 12(6):565--584, 1993.

Digital Library

[11]

C. Collberg, E. Carter, S. Debray, A. Huntwork, C. Linn, and M. Stepp. Dynamic path-based software watermarking. In Proc. PLDI, 2004.

Digital Library

[12]

C. Collberg, C. Thomborson, and D. Low. A taxonomy of obfuscating transformations. Technical Report 148, University of Auckland, 1997.

[13]

C. Collberg, C. Thomborson, and D. Low. Manufacturing cheap, resilient, and stealthy opaque constructs. In Conf. POPL, pages 184--196, 1998.

Digital Library

[14]

C. Cook. Information theory metric for assembly language. Software Engineering Strategies, pages 52--60, 1993.

[15]

M. Dalla Preda, M. Madou, K. De Bosschere, and R. Giacobazzi. Opaque predicates detection by abstract interpretation. Algebraic Methodology and Software Technology, LNCS 4019:81--95, 2006.

Digital Library

[16]

O. Goldreich. The foundations of cryptography. 2004.

Digital Library

[17]

H. Goto, M. Mambo, K. Matsumura, and H. Shizuya. An approach to the objective and quantitative evaluation of tamper-resistant software. ISW, LNCS, 1975:82--96, 2000.

Digital Library

[18]

M. Halstead. Elements of Software Science. Elsevier, 1977.

Digital Library

[19]

W. Harrison and K. Magel. A complexity measure based on nesting level. SIGPLAN Not., 16(3):63--74, 1981.

Digital Library

[20]

K. Heffner and C. Collberg. The obfuscation executive. Information Security Conference (ISC04), 2004.

[21]

S. Henry and D. Kafura. Software structure metrics based on information ow. IEEE Transactions on Software Engineering, 7(5):510--518, 9 1981.

Digital Library

[22]

C. Kruegel, W. Robertson, F. Valeur, and G. Vigna. Static disassembly of obfuscated binaries. In Proc. of the 13the USENIX Security Symposium, pages 255--270, 2004.

Digital Library

[23]

C. Linn and S. Debray. Obfuscation of executable code to improve resistance to static disassembly. Proc. CCS 03.

Digital Library

[24]

B. Lynn, M. Prabhakaran, and A. Sahai. Positive results and techniques for obfuscation. In EUROCRYPT, 2004.

[25]

M. Madou, B. Anckaert, B. De Sutter, and K. De Bosschere. Hybrid static-dynamic attacks against software protection mechanisms. In Proc. DRM 2005

Digital Library

[26]

J. Maebe, M. Ronsse, and K. De Bosschere. DIOTA: Dynamic Instrumentation, Optimization and Transformation of Applications. In Proc. Int. Conf. on Parallel Architectures and Compilation Techniques (PACT), september 2002.

[27]

T. McCabe. A complexity measure. IEEE Transactions on Software Engineering, SE-2(4):308--320, 1976.

Digital Library

[28]

J. Munson and T. Khoshgoftaar. Measurement of data structure complexity. J. Syst. Softw., 1993.

Digital Library

[29]

G. Myles and C. Collberg. Software watermarking via opaque predicates: Implementation, analysis, and attacks, 2004.

[30]

N. Naeem, M. Batchelder, and L. Hendren. Metrics for measuring the effectiveness of decompilers and obfuscators. Technical Report 2006-4, McGill University, School of Computer Science: Sable Research Group, June 2006.

[31]

P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. LNCS, 1592:223--238, 1999.

[32]

F. Petitcolas, R. Anderson, and M. Kuhn. Attacks on copyright marking systems. In Information Hiding, pages 218--238, 1998. citeseer.nj.nec.com/petitcolas98attacks.html.

Digital Library

[33]

B. Schwarz, S. Debray, and G. Andrews. Disassembly of executable code revisited. In Proc. WCRE 2002.

Digital Library

[34]

K. Tai. A program complexity metric based on data ow information in control graphs. In Proc. of the 7th International Conference on Software Engineering (ICSE), pages 239--248, 1984.

Digital Library

[35]

S. Udupa, S. Debray, and M. Madou. Deobfuscation: Reverse engineering obfuscated code. In Proc. WCRE 2005.

Digital Library

[36]

C. Wang. A Security Architecture for Survivability Mechanisms. PhD thesis, Department of Computer Science, University of Virginia, October 2000.

Digital Library

[37]

C. Wang, J. Hill, J. Knight, and J. Davidson. Software tamper resistance: Obstructing static analysis of programs. Technical Report CS-2000-12, University of Virginia, 12 2000.

Digital Library

[38]

M. Woodward, M. Hennel, and D. Hedley. A measure of control ow complexity in program text. IEEE Transactions on Software Engineering, 1979.

Digital Library

Cited By

De Sutter BSchrittwieser SCoppens BKochberger P(2024)Evaluation Methodologies in Software Protection ResearchACM Computing Surveys10.1145/3702314Online publication date: 2-Nov-2024
https://dl.acm.org/doi/10.1145/3702314
Li YKang FShu HXiong XSha ZSui Z(2022)COOPS: A Code Obfuscation Method Based on Obscuring Program SemanticsSecurity and Communication Networks10.1155/2022/69033702022(1-15)Online publication date: 25-Sep-2022
https://doi.org/10.1155/2022/6903370
Singhal VPillai ASaumya CKulkarni MMachiry A(2022)Cornucopia : A Framework for Feedback Guided Generation of BinariesProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3561152(1-13)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3561152
Show More Cited By

Index Terms

Program obfuscation: a quantitative approach

Recommendations

Analysis of Program Obfuscation Schemes with Variable Encoding Technique

Program analysis techniques have improved steadily over the past several decades, and software obfuscation schemes have come to be used in many commercial programs. A software obfuscation scheme transforms an original program or a binary file into an ...
Obfuscation: The Hidden Malware

A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of ...
Are Slice-Based Cohesion Metrics Actually Useful in Effort-Aware Post-Release Fault-Proneness Prediction? An Empirical Study
Background. Slice-based cohesion metrics leverage program slices with respect to the output variables of a module to quantify the strength of functional relatedness of the elements within the module. Although slice-based cohesion metrics have been ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

QoP '07: Proceedings of the 2007 ACM workshop on Quality of protection

October 2007

64 pages

ISBN:9781595938855

DOI:10.1145/1314257

Program Chairs:
Günter Karjoth
IBM Research, CH
,
Ketil Stølen
SINTEF, NO

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS07

Sponsor:

CCS07: 14th ACM Conference on Computer and Communications Security 2007

October 29, 2007

Virginia, Alexandria, USA

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

58
Total Citations
View Citations
1,131
Total Downloads

Downloads (Last 12 months)63
Downloads (Last 6 weeks)8

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

De Sutter BSchrittwieser SCoppens BKochberger P(2024)Evaluation Methodologies in Software Protection ResearchACM Computing Surveys10.1145/3702314Online publication date: 2-Nov-2024
https://dl.acm.org/doi/10.1145/3702314
Li YKang FShu HXiong XSha ZSui Z(2022)COOPS: A Code Obfuscation Method Based on Obscuring Program SemanticsSecurity and Communication Networks10.1155/2022/69033702022(1-15)Online publication date: 25-Sep-2022
https://doi.org/10.1155/2022/6903370
Singhal VPillai ASaumya CKulkarni MMachiry A(2022)Cornucopia : A Framework for Feedback Guided Generation of BinariesProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3561152(1-13)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3561152
Gautam PAnsari MSharma S(2021)Enhanced Security for Electronic Health Care Information Using Obfuscation and RSA Algorithm in Cloud ComputingResearch Anthology on Architectures, Frameworks, and Integration Strategies for Distributed and Cloud Computing10.4018/978-1-7998-5339-8.ch044(944-956)Online publication date: 2021
https://doi.org/10.4018/978-1-7998-5339-8.ch044
Kurtukova ARomanov AShelupanov A(2020)Source Code Authorship Identification Using Deep Neural NetworksSymmetry10.3390/sym1212204412:12(2044)Online publication date: 10-Dec-2020
https://doi.org/10.3390/sym12122044
Asghar MGalbraith SLanzi ARussello GZobernig L(2020)Towards a Theory of Special-Purpose Program Obfuscation2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom50675.2020.00061(394-401)Online publication date: Dec-2020
https://doi.org/10.1109/TrustCom50675.2020.00061
Chakraborty AJayasankaran NLiu YRajendran JSinanoglu OSrivastava AXie YYasin MZuzak M(2020)Keynote: A Disquisition on Logic LockingIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2019.294458639:10(1952-1972)Online publication date: Oct-2020
https://doi.org/10.1109/TCAD.2019.2944586
Gautam PAnsari MSharma S(2019)Enhanced Security for Electronic Health Care Information Using Obfuscation and RSA Algorithm in Cloud ComputingInternational Journal of Information Security and Privacy10.4018/IJISP.201901010513:1(59-69)Online publication date: Jan-2019
https://doi.org/10.4018/IJISP.2019010105
Viticchié ARegano LBasile CTorchiano MCeccato MTonella P(2019)Empirical assessment of the effort needed to attack programs protected with client/server code splittingEmpirical Software Engineering10.1007/s10664-019-09738-1Online publication date: 25-Jul-2019
https://doi.org/10.1007/s10664-019-09738-1
Ceccato MTonella PBasile CFalcarin PTorchiano MCoppens BDe Sutter B(2019)Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challengeEmpirical Software Engineering10.1007/s10664-018-9625-624:1(240-286)Online publication date: 1-Feb-2019
https://dl.acm.org/doi/10.1007/s10664-018-9625-6
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten