Article

A code obfuscation framework using code clones

Authors:

Aniket Kulkarni,

Ravindra MettaAuthors Info & Claims

ICPC 2014: Proceedings of the 22nd International Conference on Program Comprehension

Pages 295 - 299

https://doi.org/10.1145/2597008.2597807

Published: 02 June 2014 Publication History

Abstract

IT industry loses tens of billions of dollars annually from security attacks such as malicious reverse engineering. To protect sensitive parts of software from such attacks, we designed a code obfuscation scheme based on nontrivial code clones. While implementing this scheme, we realized that currently there is no framework to assist implementation of such advanced obfuscation techniques. Therefore, we have developed a framework to support code obfuscation using code clones. We could successfully implement our obfuscation technique using this framework in Java. In this paper, we present our framework and illustrate it with an example.

References

[1]

C. Collberg, C. Thomborson, and D. Low, "A taxonomy of obfuscating transformations", Technical report 148, Department of computer science, the University of Auckland, New Zealand, 1997.

[2]

M. Ceccato, M. DiPenta, J. Nagra, P. Falcarin, F.Ricca, M. Torchiano, and P. Tonella. "The effectiveness of source code obfuscation: an experimental assessment", In IEEE International Conference on Program Comprehension (ICPC 2009). IEEE CS Press, 2009

[3]

F. Cohen. Computer viruses: theory and experiments. Comput. Secur. 6, 1 (February 1987), 22-35. http://dx.doi.org/10.1016/0167-4048(87)90122-2

Digital Library

[4]

C. Collberg, C. Thomborson, and D. Low. "Manufacturing cheap, resilient, and stealthy opaque constructs", In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL98, San Diego, January 1998.

Digital Library

[5]

Low, D. (1998). "Java Control Flow Obfuscation", Master’s thesis. University of Auckland.

[6]

Wang, C., Hill, J., Knight, J.C., and Davidson, J.W.: "Protection of software-based survivability mechanisms", In Proceedings of the 2001 conference on Dependable Systems and Networks. IEEE Computer Society. Pages 193-202. 2001.

Digital Library

[7]

Chow, S., Gu, Y., Johnson, H., and Zakharov, V.A.: "An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs", In the proceedings of 4th International Conference on Information Security, LNCS Volume 2200. Pages 144-155. Springer-Verlag. Malaga, Spain. 2001.

Digital Library

[8]

Palsberg, J., Krishnaswamy, S., Kwon, M., Ma, D., Shao, Q., and Zhang, Y.: "Experience with software watermarking", In Proceedings of 16th IEEE Annual Computer Security Applications Conference. IEEE Press. p308. New Orleans, LA, USA. 2000.

Digital Library

[9]

T. J. McCabe. "A complexity measure", IEEE Transactions on Software Engineering, 2(4):308-320, December 1976.

Digital Library

[10]

B. Anckaert, M. Madou, B. D. Sutter, B. D. Bus, K. D. Bosschere, and B. Preneel. "Program obfuscation: a quantitative approach", In QoP ’07: Proc. of the 2007 ACM Workshop on Quality of protection, pages 15-20, New York, NY, USA,2007. ACM.

Digital Library

[11]

M. Madou, B. Anckaert, B. D. Sutter, and D. B. Koen. "Hybrid static-dynamic attacks against software protection mechanisms", In Proceedings of the 5th ACM Workshop on Digital Rights Management. ACM, 2005.

Digital Library

[12]

I. Baxter, A. Yahin, L. Moura, M. S. Anna, and L. Bier. Clone Detection Using Abstract Syntax Trees. In Proceedings of ICSM. IEEE, 1998.

Digital Library

[13]

S. Schrittwieser and S. Katzenbeisser, "Code Obfuscation against Static and Dynamic Reverse Engineering", Vienna University of Technology, Austria, Darmstadt University of Technology, Germany

[14]

Business Software Alliance (May 2011), Eighth Annual BSA and IDC Global Software Piracy Study.

[15]

A. Balakrishnan and C. Schulze,"Code Obfuscation: Literature Survey", Technical report, Computer Science Department, University of Wisconsin, Madison, USA, 2005.

[16]

DashO - PreEmptive Solutions. http://www.preemptive.com/products/dasho

[17]

ProGuard: Java obfuscator. http://proguard.sourceforge.net

[18]

R. Pucella and F. B. Schneider. 2010. Independence from obfuscation: A semantic framework for diversity. J. Comput. Secur. 18, 5 (September 2010), 701-749.

Digital Library

[19]

M. D. Preda and R. Giacobazzi. Semantics-based code obfuscation by abstract interpretation. J. Comput. Secur. 17, 6 (December 2009), 855-908.

Digital Library

[20]

Dotfuscator - PreEmptive Solutions. http://www. preemptive.com/products/dotfuscator

[21]

yGuard - Java Bytecode Obfuscator and Shrinker. http://www.yworks.com/en/products_ yguard_about.htm

[22]

Cloakware Security - Irdeto. http://irdeto.com/ documents/so_core_technology_en.pdf

[23]

SandMark: A Tool for the Study of Software Protection Algorithms http://sandmark.cs.arizona.edu

[24]

Zelix KlassMaster http://www.zelix.com/klassmaster

[25]

A. Kulkarni and R. Metta. A New Code Obfuscation Scheme for Software Protection. Proceedings of the 3rd International Workshop on Cyberpatterns. Oxford, UK, 7-11 April, 2014. (to appear)

Digital Library

Cited By

Sha ZShu HXiong XKang F(2022)Model of Execution Trace Obfuscation Between ThreadsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.312315919:6(4156-4171)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3123159
Sheneamer ARoy SKalita J(2021)An Effective Semantic Code Clone Detection Framework Using Pairwise Feature FusionIEEE Access10.1109/ACCESS.2021.30791569(84828-84844)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3079156
Romano AZheng YWang WGrundy JLe Goues CLo D(2020)MinerRayProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3416580(1129-1140)Online publication date: 21-Dec-2020
https://dl.acm.org/doi/10.1145/3324884.3416580
Show More Cited By

Index Terms

A code obfuscation framework using code clones
1. Social and professional topics
  1. Professional topics
    1. Management of computing and information systems
      1. Software management
        Software maintenance
2. Software and its engineering
  1. Software creation and management
    1. Software post-development issues

Recommendations

Code Obfuscation: Why is This Still a Thing?
CODASPY '18: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy
Early developments in code obfuscation were chiefly motivated by the needs of Digital Rights Management (DRM). Other suggested applications included intellectual property protection of software and code diversification to combat the monoculture problem ...
Code Artificiality: A Metric for the Code Stealth Based on an N-Gram Model
SPRO '15: Proceedings of the 2015 IEEE/ACM 1st International Workshop on Software Protection

This paper proposes a method for evaluating the artificiality of protected code by means of an N-gram model. The proposed artificiality metric helps us measure the stealth of the protected code, that is, the degree to which protected code can be ...
Enhance virtual-machine-based code obfuscation security through dynamic bytecode scheduling

Code virtualization built upon virtual machine (VM) technologies is emerging as a viable method for implementing code obfuscation to protect programs against unauthorized analysis. State-of-the-art VM-based protection approaches use a fixed scheduling ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICPC 2014: Proceedings of the 22nd International Conference on Program Comprehension

June 2014

325 pages

ISBN:9781450328791

DOI:10.1145/2597008

General Chair:
Chanchal K. Roy
University of Saskatchewan, Canada
,
Program Chairs:
Andrew Begel
Microsoft Research, USA
,
Leon Moonen
Simula Research Laboratory, Norway

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ICSE '14

Sponsor:

SIGSOFT

ICSE '14: 36th International Conference on Software Engineering

June 2 - 3, 2014

Hyderabad, India

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
233
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sha ZShu HXiong XKang F(2022)Model of Execution Trace Obfuscation Between ThreadsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2021.312315919:6(4156-4171)Online publication date: 1-Nov-2022
https://doi.org/10.1109/TDSC.2021.3123159
Sheneamer ARoy SKalita J(2021)An Effective Semantic Code Clone Detection Framework Using Pairwise Feature FusionIEEE Access10.1109/ACCESS.2021.30791569(84828-84844)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3079156
Romano AZheng YWang WGrundy JLe Goues CLo D(2020)MinerRayProceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering10.1145/3324884.3416580(1129-1140)Online publication date: 21-Dec-2020
https://dl.acm.org/doi/10.1145/3324884.3416580
Al-Hakimi ASultan AAbdul Ghani AAli NAdmodisastro N(2020)Hybrid Obfuscation Technique to Protect Source Code From Prohibited Software Reverse EngineeringIEEE Access10.1109/ACCESS.2020.30284288(187326-187342)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3028428
von Nostitz-Wallwitz IKrüger JLeich TShukla RMarijan DBorg MYang Y(2018)Towards improving industrial adoptionProceedings of the 5th International Workshop on Software Engineering Research and Industrial Practice10.1145/3195546.3195548(10-17)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3195546.3195548

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten