Protecting JavaScript Apps from Code Analysis
Authors: 
Tobias Groß, Tilo MüllerAuthors Info & Claims
Tobias Groß, Tilo MüllerAuthors Info & ClaimsPages 1 - 6
Abstract
Apps written in JavaScript are an easy target for reverse engineering attacks, e.g. to steal the intellectual property or to create a clone of an app. Unprotected JavaScript apps even contain high level information such as developer comments, if those were not explicitly stripped. This fact becomes more and more important with the increasing popularity of JavaScript as language of choice for both web development and hybrid mobile apps. In this paper, we present a novel JavaScript obfuscator based on the Google Closure Compiler, which transforms readable JavaScript source code into a representation much harder to analyze for adversaries. We evaluate this obfuscator regarding its performance impact and its semantics-preserving property.
References
[1]
Benoît Bertholon, Sébastien Varrette, and Pascal Bouvry. 2013. Jshadobf: A javascript obfuscator based on multi-objective optimization algorithms. In International Conference on Network and System Security. Springer, 336--349.
[2]
Michael Bolin. 2010. Closure: the definitive guide (1. ed ed.). O'Reilly, Sebastopol, Calif.
[3]
Christian Collberg and Jasvir Nagra. 2010. Surreptitious software: obfuscation, watermarking, and tamperproofing forsoftware protection. Addison-Wesley, Upper Saddle River, NJ.
[4]
Christian Collberg, Clark Thomborson, and Douglas Low. 1997. A taxonomy of obfuscating transformations. Technical Report. Department of Computer Science, The University of Auckland, New Zealand.
[5]
Christian Collberg, Clark Thomborson, and Douglas Low. 1998. Breaking abstractions and unstructuring data structures. In Computer Languages, 1998. Proceedings. 1998 International Conference on. IEEE, 28--38.
[6]
David Flanagan. 2011. JavaScript: the definitive guide (6th ed ed.). O'Reilly, Beijing; Sebastopol, CA.
[7]
Kolisar. 2008. WhiteSpace: A Different Approach to JavaScript Obfuscation. (2008). DEFCON 16.
[8]
Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. 2015. Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis? Comput. Surveys (2015), 1--40.
[9]
Chenxi Wang, Jonathan Hill, John Knight, and Jack Davidson. 2000. Software tamper resistance: Obstructing static analysis of programs. Technical Report. Technical Report CS-2000-12, University of Virginia, 12 2000.
Index Terms
- Protecting JavaScript Apps from Code Analysis
Recommendations
End Users' Perception of Hybrid Mobile Apps in the Google Play Store
MS '15: Proceedings of the 2015 IEEE International Conference on Mobile ServicesToday millions of mobile apps are downloaded and used all over the world. Mobile apps are distributed via different app stores, such as the Google Play Store, the Apple App Store, the Windows Phone Store. One of the most intriguing challenges in mobile ...
Comments
Information & Contributors
Information
Published In
June 2017
53 pages
ISBN:9781450352710
DOI:10.1145/3099012
Copyright © 2017 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 June 2017
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- The research leading to these results was supported by the Bavarian State Ministry of Education, Science and the Arts as part of the FORSEC research association.
Conference
SHCIS '17
SHCIS '17: Workshop on Security in Highly Connected IT Systems
June 19 - 22, 2017
Neuchâtel, Switzerland
Acceptance Rates
SHCIS '17 Paper Acceptance Rate 8 of 11 submissions, 73%;
Overall Acceptance Rate 8 of 11 submissions, 73%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 185Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 25 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in