Sciweavers

CCS
2008
ACM

Towards experimental evaluation of code obfuscation techniques

14 years 2 months ago
Towards experimental evaluation of code obfuscation techniques
While many obfuscation schemes proposed, none of them satisfy any strong definition of obfuscation. Furthermore secure generalpurpose obfuscation algorithms have been proven to be impossible. Nevertheless, obfuscation schemes which in practice slow down malicious reverse-engineering by obstructing code comprehension for even short periods of time are considered a useful protection against malicious reverse engineering. In previous works, the difficulty of reverse engineering has been mainly estimated by means of code metrics, by the computational complexity of static analysis or by comparing the output of de-obfuscating tools. In this paper we take a different approach and assess the difficulty attackers have in understanding and modifying obfuscated code through controlled experiments involving human subjects. Categories and Subject Descriptors D.2.8 [Metrics] General Terms Security, Experimentation, Measurement Keywords Empirical studies, Software Obfuscation
Mariano Ceccato, Massimiliano Di Penta, Jasvir Nag
Added 12 Oct 2010
Updated 12 Oct 2010
Type Conference
Year 2008
Where CCS
Authors Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo Ricca, Marco Torchiano, Paolo Tonella
Comments (0)