TY - GEN
T1 - A Framework for Measuring Software Obfuscation Resilience against Automated Attacks
AU - Banescu, Sebastian
AU - Ochoa, Martin
AU - Pretschner, Alexander
N1 - Publisher Copyright:
© 2015 IEEE.
PY - 2015/7/31
Y1 - 2015/7/31
N2 - Software obfuscation of programs, with the goal of protecting against attackers having physical access to the machine executing them, is a common practice motivated by the necessity of keeping intellectual property (such as business critical algorithms) and critical data (such as cryptographic keys) secret. However, as of today, it is unclear how secure popular obfuscation operators are relative to each other or to other protection techniques. In this paper we propose a formal framework to characterize attacker models and guarantees, inspired by similar notions from cryptography. We then map prior work in the area of deobfuscation to our formal model to the possible extent. We also perform a case-study about using symbolic execution for deobfuscation, concretely mapped onto our formal model.
AB - Software obfuscation of programs, with the goal of protecting against attackers having physical access to the machine executing them, is a common practice motivated by the necessity of keeping intellectual property (such as business critical algorithms) and critical data (such as cryptographic keys) secret. However, as of today, it is unclear how secure popular obfuscation operators are relative to each other or to other protection techniques. In this paper we propose a formal framework to characterize attacker models and guarantees, inspired by similar notions from cryptography. We then map prior work in the area of deobfuscation to our formal model to the possible extent. We also perform a case-study about using symbolic execution for deobfuscation, concretely mapped onto our formal model.
KW - deobfuscation
KW - obfuscation
KW - symbolic execution
UR - http://www.scopus.com/inward/record.url?scp=84989256962&partnerID=8YFLogxK
U2 - 10.1109/SPRO.2015.16
DO - 10.1109/SPRO.2015.16
M3 - Conference contribution
AN - SCOPUS:84989256962
T3 - Proceedings - International Workshop on Software Protection, SPRO 2015
SP - 45
EP - 51
BT - Proceedings - International Workshop on Software Protection, SPRO 2015
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 1st International Workshop on Software Protection, SPRO 2015
Y2 - 19 May 2015
ER -