Enhancing obfuscation technique for protecting source code against software reverse engineering

Obfuscation (Obfu) is a practice to make the programming code complicated to protect the Intellectual Property (IP) and prevent prohibited software Reverse Engineering (RE). Obfuscation involves transforming potentially revealing data, renaming useful classes and variables (identifiers) names to...

Full description

Saved in:
Bibliographic Details
Main Author: Mahfoudh, Asma
Format: Thesis
Language:English
Published: 2019
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/90724/1/FSKTM%202020%206%20IR.pdf
http://psasir.upm.edu.my/id/eprint/90724/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.upm.eprints.90724
record_format eprints
institution Universiti Putra Malaysia
building UPM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Putra Malaysia
content_source UPM Institutional Repository
url_provider http://psasir.upm.edu.my/
language English
topic Data protection
Source code (Computer science)
Reverse engineering
spellingShingle Data protection
Source code (Computer science)
Reverse engineering
Mahfoudh, Asma
Enhancing obfuscation technique for protecting source code against software reverse engineering
description Obfuscation (Obfu) is a practice to make the programming code complicated to protect the Intellectual Property (IP) and prevent prohibited software Reverse Engineering (RE). Obfuscation involves transforming potentially revealing data, renaming useful classes and variables (identifiers) names to meaningless labels or adding unused or meaningless code to an application binary. Obfuscation is used to convert source code into a program that works the same way but is much harder to read and understand. Obfuscation techniques allow the programmer to customize which part of the code to be obfuscated. Recently, obfuscation techniques were mostly used to secure the source code; however, none of the current obfuscation techniques satisfy all obfuscation effectiveness criteria to resist the attack of Reverse Engineering. Therefore, IT industry loses tens of billions of dollars annually due to security attacks such as reverse engineering. The obvious amount of lost money of victims has led to many court cases where victim and theft claims the ownership of the program and the winner is who has a good lawyer. Many programming languages are used for programming; Java programming language is known to be most common due to its features, the use of this popular language increases an attacker's ability to steal intellectual property (IP), as the source program is translated to an intermediate format retaining most of the information such as meaningful variables names present in source code. An attacker can easily reconstruct source code from such intermediate formats to extract sensitive information such as proprietary algorithms present in the software. Hence, there is a need for development of techniques and schemes to obfuscate sensitive parts of software to protect it from reverse engineering attacks. In this research, we have proposed a new Hybrid Obfuscation Technique to prevent prohibited Reverse Engineering. The proposed technique contains three approaches; first approach is string encryption. The string encryption is about adding a mathematical equation with arrays and loops to the strings in the code to hide the meaning. Second approach is renaming system keywords to Unicode to increase difficulty and complexity of the code. Third approach is transforming identifiers to junk code to hide the meaning and increase the complexity of the code. Empirical evaluation was conducted to evaluate the proposed Hybrid Obfuscation Technique. It consists of experiment and interview. The experiment contains two phases; first phase was conducted against java applications that do not use any protection to determine the ability of reversing tools to read the compiled code. Second phase was conducted against the proposed technique to evaluate the effectiveness of it. Interview was conducted to get an overview of programming experts towards using Hybrid Obfuscation Technique to prevent prohibited Reverse Engineering. The experiment of the hybrid obfuscation technique was to test output correctness, syntax, reversed code errors, flow test, identifiers names test, methods and classes correctness test. With these parameters it was possible to determine the ability of the proposed technique to defend the attack. The proposed technique can be enhanced in the future to protect games applications and mobile applications that are developed by java; it can improve the software development industry. The proposed technique can be used to support many languages such as Arabic, English, Chinese and so on. There is also a need to develop a tool that contains the three approaches where the developer can customize the protection of the source code.
format Thesis
author Mahfoudh, Asma
author_facet Mahfoudh, Asma
author_sort Mahfoudh, Asma
title Enhancing obfuscation technique for protecting source code against software reverse engineering
title_short Enhancing obfuscation technique for protecting source code against software reverse engineering
title_full Enhancing obfuscation technique for protecting source code against software reverse engineering
title_fullStr Enhancing obfuscation technique for protecting source code against software reverse engineering
title_full_unstemmed Enhancing obfuscation technique for protecting source code against software reverse engineering
title_sort enhancing obfuscation technique for protecting source code against software reverse engineering
publishDate 2019
url http://psasir.upm.edu.my/id/eprint/90724/1/FSKTM%202020%206%20IR.pdf
http://psasir.upm.edu.my/id/eprint/90724/
_version_ 1712286799516139520
spelling my.upm.eprints.907242021-09-12T13:34:18Z http://psasir.upm.edu.my/id/eprint/90724/ Enhancing obfuscation technique for protecting source code against software reverse engineering Mahfoudh, Asma Obfuscation (Obfu) is a practice to make the programming code complicated to protect the Intellectual Property (IP) and prevent prohibited software Reverse Engineering (RE). Obfuscation involves transforming potentially revealing data, renaming useful classes and variables (identifiers) names to meaningless labels or adding unused or meaningless code to an application binary. Obfuscation is used to convert source code into a program that works the same way but is much harder to read and understand. Obfuscation techniques allow the programmer to customize which part of the code to be obfuscated. Recently, obfuscation techniques were mostly used to secure the source code; however, none of the current obfuscation techniques satisfy all obfuscation effectiveness criteria to resist the attack of Reverse Engineering. Therefore, IT industry loses tens of billions of dollars annually due to security attacks such as reverse engineering. The obvious amount of lost money of victims has led to many court cases where victim and theft claims the ownership of the program and the winner is who has a good lawyer. Many programming languages are used for programming; Java programming language is known to be most common due to its features, the use of this popular language increases an attacker's ability to steal intellectual property (IP), as the source program is translated to an intermediate format retaining most of the information such as meaningful variables names present in source code. An attacker can easily reconstruct source code from such intermediate formats to extract sensitive information such as proprietary algorithms present in the software. Hence, there is a need for development of techniques and schemes to obfuscate sensitive parts of software to protect it from reverse engineering attacks. In this research, we have proposed a new Hybrid Obfuscation Technique to prevent prohibited Reverse Engineering. The proposed technique contains three approaches; first approach is string encryption. The string encryption is about adding a mathematical equation with arrays and loops to the strings in the code to hide the meaning. Second approach is renaming system keywords to Unicode to increase difficulty and complexity of the code. Third approach is transforming identifiers to junk code to hide the meaning and increase the complexity of the code. Empirical evaluation was conducted to evaluate the proposed Hybrid Obfuscation Technique. It consists of experiment and interview. The experiment contains two phases; first phase was conducted against java applications that do not use any protection to determine the ability of reversing tools to read the compiled code. Second phase was conducted against the proposed technique to evaluate the effectiveness of it. Interview was conducted to get an overview of programming experts towards using Hybrid Obfuscation Technique to prevent prohibited Reverse Engineering. The experiment of the hybrid obfuscation technique was to test output correctness, syntax, reversed code errors, flow test, identifiers names test, methods and classes correctness test. With these parameters it was possible to determine the ability of the proposed technique to defend the attack. The proposed technique can be enhanced in the future to protect games applications and mobile applications that are developed by java; it can improve the software development industry. The proposed technique can be used to support many languages such as Arabic, English, Chinese and so on. There is also a need to develop a tool that contains the three approaches where the developer can customize the protection of the source code. 2019-12 Thesis NonPeerReviewed text en http://psasir.upm.edu.my/id/eprint/90724/1/FSKTM%202020%206%20IR.pdf Mahfoudh, Asma (2019) Enhancing obfuscation technique for protecting source code against software reverse engineering. Doctoral thesis, Universiti Putra Malaysia. Data protection Source code (Computer science) Reverse engineering
score 13.211869