TY - JOUR
T1 - ObfSec
T2 - Measuring the security of obfuscations from a testing perspective
AU - Menéndez, Héctor D.
AU - Suárez-Tangil, Guillermo
N1 - Funding Information:
This research was funded by UK Research and Innovation Trustworthy Autonomous Systems Node in Verifiability ( EP/V026801/2 ), EPSRC, United Kingdom under grant EP/T026723/1 , and the “Ramon y Cajal” Fellowship RYC-2020-029401-I .
Publisher Copyright:
© 2022 The Authors
PY - 2022/12/30
Y1 - 2022/12/30
N2 - Code obfuscation protects the intellectual property of software. However, systematically altering the control- and data-flow of a program can deteriorate the security of the resulting program. There are a wide-range of obfuscation methods available that alter the layout of the program in different ways. These modifications can introduce bugs in the program or modify the nature and the severity of an existing ones. We propose a novel strategy, called ObfSec (Obfuscation Security), to understand the implications behind obfuscating software. ObfSec starts by detecting errors on software and exposes how the obfuscation can change the nature of those errors, looking in particular at transformations that turn software bugs into a exploitable vulnerable program. Our results, on a corpus of around 70,000 programs and obfuscations, show that obfuscation can deteriorate the security of a program.
AB - Code obfuscation protects the intellectual property of software. However, systematically altering the control- and data-flow of a program can deteriorate the security of the resulting program. There are a wide-range of obfuscation methods available that alter the layout of the program in different ways. These modifications can introduce bugs in the program or modify the nature and the severity of an existing ones. We propose a novel strategy, called ObfSec (Obfuscation Security), to understand the implications behind obfuscating software. ObfSec starts by detecting errors on software and exposes how the obfuscation can change the nature of those errors, looking in particular at transformations that turn software bugs into a exploitable vulnerable program. Our results, on a corpus of around 70,000 programs and obfuscations, show that obfuscation can deteriorate the security of a program.
KW - Obfuscations
KW - Security
KW - Testing
UR - http://www.scopus.com/inward/record.url?scp=85135950897&partnerID=8YFLogxK
U2 - 10.1016/j.eswa.2022.118298
DO - 10.1016/j.eswa.2022.118298
M3 - Article
AN - SCOPUS:85135950897
SN - 0957-4174
VL - 210
JO - Expert Systems with Applications
JF - Expert Systems with Applications
M1 - 118298
ER -