skip to main content
10.1145/3099012.3099018acmotherconferencesArticle/Chapter ViewAbstractPublication PagesshcisConference Proceedingsconference-collections
research-article

Protecting JavaScript Apps from Code Analysis

Published: 19 June 2017 Publication History

Abstract

Apps written in JavaScript are an easy target for reverse engineering attacks, e.g. to steal the intellectual property or to create a clone of an app. Unprotected JavaScript apps even contain high level information such as developer comments, if those were not explicitly stripped. This fact becomes more and more important with the increasing popularity of JavaScript as language of choice for both web development and hybrid mobile apps. In this paper, we present a novel JavaScript obfuscator based on the Google Closure Compiler, which transforms readable JavaScript source code into a representation much harder to analyze for adversaries. We evaluate this obfuscator regarding its performance impact and its semantics-preserving property.

References

[1]
Benoît Bertholon, Sébastien Varrette, and Pascal Bouvry. 2013. Jshadobf: A javascript obfuscator based on multi-objective optimization algorithms. In International Conference on Network and System Security. Springer, 336--349.
[2]
Michael Bolin. 2010. Closure: the definitive guide (1. ed ed.). O'Reilly, Sebastopol, Calif.
[3]
Christian Collberg and Jasvir Nagra. 2010. Surreptitious software: obfuscation, watermarking, and tamperproofing forsoftware protection. Addison-Wesley, Upper Saddle River, NJ.
[4]
Christian Collberg, Clark Thomborson, and Douglas Low. 1997. A taxonomy of obfuscating transformations. Technical Report. Department of Computer Science, The University of Auckland, New Zealand.
[5]
Christian Collberg, Clark Thomborson, and Douglas Low. 1998. Breaking abstractions and unstructuring data structures. In Computer Languages, 1998. Proceedings. 1998 International Conference on. IEEE, 28--38.
[6]
David Flanagan. 2011. JavaScript: the definitive guide (6th ed ed.). O'Reilly, Beijing; Sebastopol, CA.
[7]
Kolisar. 2008. WhiteSpace: A Different Approach to JavaScript Obfuscation. (2008). DEFCON 16.
[8]
Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl. 2015. Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis? Comput. Surveys (2015), 1--40.
[9]
Chenxi Wang, Jonathan Hill, John Knight, and Jack Davidson. 2000. Software tamper resistance: Obstructing static analysis of programs. Technical Report. Technical Report CS-2000-12, University of Virginia, 12 2000.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SHCIS '17: Proceedings of the 4th Workshop on Security in Highly Connected IT Systems
June 2017
53 pages
ISBN:9781450352710
DOI:10.1145/3099012
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 June 2017

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Google Closure Compiler
  2. Hybrid Apps
  3. JavaScript
  4. Obfuscation

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

  • The research leading to these results was supported by the Bavarian State Ministry of Education, Science and the Arts as part of the FORSEC research association.

Conference

SHCIS '17

Acceptance Rates

SHCIS '17 Paper Acceptance Rate 8 of 11 submissions, 73%;
Overall Acceptance Rate 8 of 11 submissions, 73%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 185
    Total Downloads
  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 25 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media