A Framework for Measuring Software Obfuscation Resilience against Automated Attacks

Sebastian Banescu, Martin Ochoa, Alexander Pretschner
2015 2015 IEEE/ACM 1st International Workshop on Software Protection  
Software obfuscation of programs, with the goal of protecting against attackers having physical access to the machine executing them, is a common practice motivated by the necessity of keeping intellectual property (such as business critical algorithms) and critical data (such as cryptographic keys) secret. However, as of today, it is unclear how secure popular obfuscation operators are relative to each other or to other protection techniques. In this paper we propose a formal framework to
more » ... cterize attacker models and guarantees, inspired by similar notions from cryptography. We then map prior work in the area of deobfuscation to our formal model to the possible extent. We also perform a case-study about using symbolic execution for deobfuscation, concretely mapped onto our formal model.
doi:10.1109/spro.2015.16 dblp:conf/icse/BanescuOP15 fatcat:muwyelbg6nab3ordl5h3awunsu