CE-18.03

Title: 

Software Obfuscation and Analyses

Author(s): 

Ammar Naqvi

Oral Defence Date: 

Tuesday, April 17, 2018 - 10:00

Location: 

TH 434

Committee: 

Professors Arno Puder and Bill Hsu

Abstract: 

Security is a growing concern in the software industry. Every year the industry takes billions of dollars in losses due to software security breaches. These breaches are carried out in the form of different attacks, such reverse engineering attacks, copyright violations, piracy, hacking, code tampering, etc. In this thesis, we examine using code obfuscation for protection against reverse engineering attacks. Code obfuscation is also used for anti-tampering, anti-piracy or watermarking. Code obfuscation is the transformation of code where source code is made difficult to reverse engineer by modifying its contents while preserving the functionality. In our work, we discuss and elaborate different criteria used to measure the effects and quality of obfuscation based on research. The different criteria outlined are the quality of obfuscation, and the resistance of software, brought by obfuscation, to static and dynamic attacks. We also discuss some of the tools that exist in the field and implemented our own tool that analyzes and provides insights to the static and dynamic changes resulting from an obfuscating transformation. We experiment with two different obfuscators run on a few different programs and analyze and compare the results of each. We summarize results on different metrics and statistics for static and dynamic analyses.

Keywords: 

Software Security, Obfuscation, Tampering, Obfuscators, Obfuscating Transformation, Reverse-Engineering, Java, Proguard, JShrink, Data Obfuscation, Layout Obfuscation, Preventive Transformations, Static Analysis, Dynamic Analysis

Copyright: 

Ammar Naqvi