ObfSec: Measuring the security of obfuscations from a testing perspective

Héctor D. Menéndez*, Guillermo Suárez-Tangil

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

5 Citations (Scopus)

Abstract

Code obfuscation protects the intellectual property of software. However, systematically altering the control- and data-flow of a program can deteriorate the security of the resulting program. There are a wide-range of obfuscation methods available that alter the layout of the program in different ways. These modifications can introduce bugs in the program or modify the nature and the severity of an existing ones. We propose a novel strategy, called ObfSec (Obfuscation Security), to understand the implications behind obfuscating software. ObfSec starts by detecting errors on software and exposes how the obfuscation can change the nature of those errors, looking in particular at transformations that turn software bugs into a exploitable vulnerable program. Our results, on a corpus of around 70,000 programs and obfuscations, show that obfuscation can deteriorate the security of a program.

Original languageEnglish
Article number118298
JournalExpert Systems with Applications
Volume210
DOIs
Publication statusPublished - 30 Dec 2022

Keywords

  • Obfuscations
  • Security
  • Testing

Fingerprint

Dive into the research topics of 'ObfSec: Measuring the security of obfuscations from a testing perspective'. Together they form a unique fingerprint.

Cite this