A Framework for Measuring Software Obfuscation Resilience against Automated Attacks

Sebastian Banescu, Martin Ochoa, Alexander Pretschner

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

30 Scopus citations

Abstract

Software obfuscation of programs, with the goal of protecting against attackers having physical access to the machine executing them, is a common practice motivated by the necessity of keeping intellectual property (such as business critical algorithms) and critical data (such as cryptographic keys) secret. However, as of today, it is unclear how secure popular obfuscation operators are relative to each other or to other protection techniques. In this paper we propose a formal framework to characterize attacker models and guarantees, inspired by similar notions from cryptography. We then map prior work in the area of deobfuscation to our formal model to the possible extent. We also perform a case-study about using symbolic execution for deobfuscation, concretely mapped onto our formal model.

Original languageEnglish
Title of host publicationProceedings - International Workshop on Software Protection, SPRO 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages45-51
Number of pages7
ISBN (Electronic)9781467370943
DOIs
StatePublished - 31 Jul 2015
Event1st International Workshop on Software Protection, SPRO 2015 - Florence, Italy
Duration: 19 May 2015 → …

Publication series

NameProceedings - International Workshop on Software Protection, SPRO 2015

Conference

Conference1st International Workshop on Software Protection, SPRO 2015
Country/TerritoryItaly
CityFlorence
Period19/05/15 → …

Keywords

  • deobfuscation
  • obfuscation
  • symbolic execution

Fingerprint

Dive into the research topics of 'A Framework for Measuring Software Obfuscation Resilience against Automated Attacks'. Together they form a unique fingerprint.

Cite this