3 research outputs found
Evaluation Methodologies in Software Protection Research
Man-at-the-end (MATE) attackers have full control over the system on which
the attacked software runs, and try to break the confidentiality or integrity
of assets embedded in the software. Both companies and malware authors want to
prevent such attacks. This has driven an arms race between attackers and
defenders, resulting in a plethora of different protection and analysis
methods. However, it remains difficult to measure the strength of protections
because MATE attackers can reach their goals in many different ways and a
universally accepted evaluation methodology does not exist. This survey
systematically reviews the evaluation methodologies of papers on obfuscation, a
major class of protections against MATE attacks. For 572 papers, we collected
113 aspects of their evaluation methodologies, ranging from sample set types
and sizes, over sample treatment, to performed measurements. We provide
detailed insights into how the academic state of the art evaluates both the
protections and analyses thereon. In summary, there is a clear need for better
evaluation methodologies. We identify nine challenges for software protection
evaluations, which represent threats to the validity, reproducibility, and
interpretation of research results in the context of MATE attacks
Automatic generation of opaque constants based on the k-clique problem for resilient data obfuscation
Data obfuscations are program transformations used to complicate program understanding and conceal actual values of program variables. The possibility to hide constant values is a basic building block of several obfuscation techniques. For example, in XOR Masking a constant mask is used to encode data, but this mask must be hidden too, in order to keep the obfuscation resilient to attacks. In this paper, we present a novel technique based on the k-clique problem, which is known to be NP-complete, to generate opaque constants, i.e. values that are difficult to guess by static analysis. In our experimental assessment we show that our opaque constants are computationally cheap to generate, both at obfuscation time and at runtime. Moreover, due to the NP-completeness of the k-clique problem, our opaque constants can be proven to be hard to attack with state-of-the-art static analysis tools
Experimental assessment of XOR-Masking data obfuscation based on K-Clique opaque constants
Data obfuscations are program transformations used to complicate program understanding and conceal actual values of program variables. The possibility to hide constant values is a basic building block of several obfuscation techniques. In XOR-Masking, a constant mask is used to obfuscate data, but this mask must be hidden too, in order to keep the obfuscation resilient to attacks.In this paper, we present a novel extension of XOR-Masking where the mask is an opaque constant, i.e. a value that is difficult to guess by static analysis. In fact, opaque constants are constructed such that static analysis should solve the k-clique problem, which is known to be NP-complete, to identify the mask value.In our experimental assessment we apply obfuscation to 12 real Java applications. We observe that obfuscation does not alter the program correctness and we record performance overhead due to obfuscation, in terms of execution time and memory consumption. (C) 2019 Elsevier Inc. All rights reserved