Measurement of data structure complexity
Journal of Systems and Software - Special issue on the Oregon Metric Workshop
Elements of Software Science (Operating and programming systems series)
Elements of Software Science (Operating and programming systems series)
A Metrics Suite for Object Oriented Design
IEEE Transactions on Software Engineering
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
A complexity measure based on nesting level
ACM SIGPLAN Notices
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Software piracy prevention through diversity
Proceedings of the 4th ACM workshop on Digital rights management
On obfuscating point functions
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Hybrid static-dynamic attacks against software protection mechanisms
Proceedings of the 5th ACM workshop on Digital rights management
IEEE Transactions on Software Engineering
Software Structure Metrics Based on Information Flow
IEEE Transactions on Software Engineering
Mechanism for software tamper resistance: an application of white-box cryptography
Proceedings of the 2007 ACM workshop on Digital Rights Management
Jakstab: A Static Analysis Platform for Binaries
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Instruction Set Limitation in Support of Software Diversity
Information Security and Cryptology --- ICISC 2008
Cryptanalysis of white-box DES implementations with arbitrary external encodings
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Gross product simulation with pooling of linear and nonlinear regression models
Proceedings of the 6th International Workshop on Enterprise & Organizational Modeling and Simulation
E unibus pluram: massive-scale software diversity as a defense mechanism
Proceedings of the 2010 workshop on New security paradigms
Cryptanalysis of a white box AES implementation
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
An Approach to Data Confidentiality Protection in Cloud Environments
International Journal of Web Services Research
| Hi-index | 0.00 |
The process of reverse engineering allows attackers to understand the behavior of software and extract proprietary algorithms and data structures (e.g. cryptographic keys) from it. Code obfuscation is frequently employed to mitigate this risk. However, while most of today's obfuscation methods are targeted against static reverse engineering, where the attacker analyzes the code without actually executing it, they are still insecure against dynamic analysis techniques, where the behavior of the software is inspected at runtime. In this paper, we introduce a novel code obfuscation scheme that applies the concept of software diversification to the control flow graph of the software to enhance its complexity. Our approach aims at making dynamic reverse engineering considerably harder as the information an attacker can retrieve from the analysis of a single run of the program with a certain input, is useless for understanding the program behavior on other inputs. Based on a prototype implementation we show that our approach improves resistance against both static disassembling tools and dynamic reverse engineering at a reasonable performance penalty.