Obfuscation is a very common protection against reverse engineering attacks: it modifies a program structure to make it harder for the adversary to analyse and understand it. Conceptually, obfuscation is the opposite of refactoring: the code should be more complex to understand, bloated, and with excessive characteristics from the design point of view. This paper aims at evaluating the code complexity introduced by different obfuscation algorithms by using software engineering metrics. Using structural metrics, this paper illustrates how the various types of obfuscation algorithms perform in terms of OO attributes that should be kept low in refactoring. Results show that the majority of the selected algorithms produce no changes in the structural attributes or the average complexity, but they produce more “dead” code. We argue that this could not represent the optimal way to protect the code: when protecting against reverse engineering attacks, a preference should be given to those algorithms that increase the complexity and alter the structural metrics.

Code Defactoring: Evaluating the Effectiveness of Java Obfuscations

Falcarin P;
2012-01-01

Abstract

Obfuscation is a very common protection against reverse engineering attacks: it modifies a program structure to make it harder for the adversary to analyse and understand it. Conceptually, obfuscation is the opposite of refactoring: the code should be more complex to understand, bloated, and with excessive characteristics from the design point of view. This paper aims at evaluating the code complexity introduced by different obfuscation algorithms by using software engineering metrics. Using structural metrics, this paper illustrates how the various types of obfuscation algorithms perform in terms of OO attributes that should be kept low in refactoring. Results show that the majority of the selected algorithms produce no changes in the structural attributes or the average complexity, but they produce more “dead” code. We argue that this could not represent the optimal way to protect the code: when protecting against reverse engineering attacks, a preference should be given to those algorithms that increase the complexity and alter the structural metrics.
2012
Reverse Engineering (WCRE), 2012 19th Working Conference on
File in questo prodotto:
File Dimensione Formato  
06385103-WCRE2012.pdf

non disponibili

Dimensione 241.47 kB
Formato Adobe PDF
241.47 kB Adobe PDF   Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/3746448
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? ND
social impact