Obfuscation of Abstract Data-Types - Rowan
Obfuscation of Abstract Data-Types - Rowan
Obfuscation of Abstract Data-Types - Rowan
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
CHAPTER 1. OBFUSCATION 13<br />
• Encryption — an encryption algorithm could be used to encrypt the entire<br />
code or parts <strong>of</strong> the code. However, the decryption process must be in<br />
the executable and so a client could intercept the code after decryption<br />
has taken place. The only really viable option is for the encryption and<br />
decryption processes take place in hardware [30].<br />
1.2 <strong>Obfuscation</strong><br />
We now consider a different technique for s<strong>of</strong>tware protection: code obfuscation.<br />
An obfuscation is a behaviour-preserving transformation whose aim is to make<br />
a program “harder to understand”.<br />
Collberg et al. [10] do not define obfuscation but instead qualify “hard to<br />
understand” by using various metrics which measure the complexity <strong>of</strong> code.<br />
For example:<br />
• Cyclomatic Complexity [37] — the complexity <strong>of</strong> a function increases with<br />
the number <strong>of</strong> predicates in the function.<br />
• Nesting Complexity [29] — the complexity <strong>of</strong> a function increases with<br />
the nesting level <strong>of</strong> conditionals in the function.<br />
• <strong>Data</strong>-Structure Complexity [40] — the complexity increases with the complexity<br />
<strong>of</strong> the static data structures declared in a program. For example,<br />
the complexity <strong>of</strong> an array increases with the number <strong>of</strong> dimensions and<br />
with the complexity <strong>of</strong> the element type.<br />
Using such metrics Collberg et al. [10] measure the potency <strong>of</strong> an obfuscation<br />
as follows. Let T be a transformation which maps a program P to a program<br />
P ′ . The potency <strong>of</strong> a transformation T with respect to the program P is defined<br />
to be:<br />
T pot (P) = E(P ′ )<br />
E(P) − 1<br />
where E(P) is the complexity <strong>of</strong> P (using an appropriate metric). T is said to<br />
be a potent obfuscating transformation if T pot (P) > 0 (i.e. if E(P ′ ) > E(P)).<br />
In [10], P and P ′ are not required to be equally efficient — it is stated that<br />
many <strong>of</strong> the transformations given will result in P ′ being slower or using more<br />
memory than P.<br />
Other properties Collberg et al. [10] measure are:<br />
• Resilience — this measures how well a transformation survives an attack<br />
from a deobfuscator. Resilience takes into account the amount <strong>of</strong> time<br />
required to construct a deobfuscator and the execution time and space<br />
actually required by the deobfuscator.<br />
• Execution Cost — this measures the extra execution time and space <strong>of</strong> an<br />
obfuscated program P ′ compared with the original program P.<br />
• Quality — this combines potency, resilience and execution cost to give an<br />
overall measure.