One of the methods to provide tamper resistance
capabilities to a software is code obfuscation. It is a process
designed to change the software in order to make the software more
difficult to reverse engineering while semantically equivalent to the
original program. The technique is used both by “white hat”
security specialist to protect Intellectual Property and to “deter
the cracking of licensing and DRM schemes” (Victor,
D 2008), as well as “black hat” as a protection technique to
avoid detection (signature based) by anti-virus engines. Victor D.
(2008) lists a number of techniques used to obfuscate the code
including just-in-time decryption, polymorphic encryption, timing
check, layer anti-debugging logic and binary code morphing. Moreover,
Bai Zhongying and Quin Jiancheng (2009) successfully applied
obfuscation principals in web environment creating prototypes of
JavaScript and HTML obfuscation tools. An additional advance
technique, self-modifying code, was proposed by Nokos
Mavgoriannopoilos (n.d.) whereby the software mutates its own code in
order to make it difficult to “make attacks [on the code] more
expensive” (Nikos Mavrogiannopoulos, Nessim, K, & Bart, P
n.d.).
While usage of obfuscation techniques
become widely acceptable, Preda, M, & Giacobazzi, R (2009) raise
a question of effectiveness of code obfuscation techniques - “it is
hard to compare different obfuscating transformations with respect to
their resilience to attacks and this makes it difficult to understand
which technique is better to use in a given scenario” (Preda, M, &
Giacobazzi, R. 2009) due to absence of theoretical research to
formalize the metric of code obfuscation.
ProGuard “is a free Java
class file shrinker, optimizer, obfuscator, and preverifier” (Eric
Laforune, 2011). While advantages of the tool are easy integration
into commonly used Integrated Development Environments (IDE) as well
as ant
tasks, and additional functionality such as optimizer and code
shrieker, its obfuscation capabilities are limited to code morphing.
More advance techniques, or combination of a number of obfuscation
techniques such as flow obfuscation and string encryption could
potentially (see previous paragraph discussing the lack of metric to
measure the effectiveness of code obfuscation) exponentially increase
the effort required to reverse engineer the code.
Bibliography
- Bai Zhongying; Qin Jiancheng; 2009 , "Webpage Encryption Based on Polymorphic Javascript Algorithm," Information Assurance and Security, 2009. IAS '09. Fifth International Conference on , vol.1, no., pp.327-330, 18-20 Aug. 2009
doi: 10.1109/IAS.2009.39
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5284075&isnumber=5282964 - Eric Lafortune, 2011. “ProGuard” [online]. Available from: http://proguard.sourceforge.net/ (accessed: March 30, 2012).
- Nikos Mavrogiannopoulos, Nessim, K, & Bart, P n.d., 'A taxonomy of self-modifying code for obfuscation', Computers & Security, ScienceDirect, EBSCOhost, viewed 29 March 2012.
- Preda, M, & Giacobazzi, R 2009, 'Semantics-based code obfuscation by abstract interpretation', Journal Of Computer Security, 17, 6, pp. 855-908, Academic Search Complete, EBSCOhost, viewed 29 March 2012.
- Ross J. Anderson, 2008. “A Guide to Building Dependable Distributed Systems”. 2nd Edition. Wiley Publishing.
- Victor, D 2008, 'Obfuscation: Obfuscation – how to do it and how to crack it', Network Security, 2008, pp. 4-7, ScienceDirect, EBSCOhost, viewed 29 March 2012.
No comments:
Post a Comment