Obfuscation of design intent in object-oriented applications

Mikhail Sosonkin, Gleb Naumovich, Nasir Memon

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Protection of digital data from unauthorized access is of paramount importance. In the past several years, much research has concentrated on protecting data from the standpoint of confidentiality, integrity and availability. Software is a form of data with unique properties and its protection poses unique challenges. First, software can be reverse engineered, which may result in stolen intellectual property. Second, software can be altered with the intent of performing operations this software must not be allowed to perform. With commercial software increasingly distributed in forms from which source code can be easily extracted, such as Java bytecodes, reverse engineering has become easier than ever. Obfuscation techniques have been proposed to impede illegal reverse engineers. Obfuscations are program transformations that preserve the program functionality while obscuring the code, thereby protecting the program against reverse engineering. Unfortunately, the existing obfuscation techniques are limited to obscuring variable names, transformations of local control flow, and obscuring expressions using variables of primitive types. In this paper, we propose obfuscations of design of object-oriented programs. We describe three techniques for obfuscation of program design. The class coalescing obfuscation replaces several classes with a single class. The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program. We show the results of our initial experiments with a prototype implementation of these techniques. In particular, we show that the runtime overheads of these obfuscations tend to be small.

Original languageEnglish (US)
Title of host publicationDRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management
EditorsM. Yung
Pages142-153
Number of pages12
StatePublished - 2003
EventDRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management - Washington, DC, United States
Duration: Oct 27 2003Oct 27 2003

Other

OtherDRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management
CountryUnited States
CityWashington, DC
Period10/27/0310/27/03

Fingerprint

Reverse engineering
Intellectual property
Flow control
Availability
Engineers
Experiments

Keywords

  • Code Generation
  • Refactoring
  • Software Obfuscation

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Sosonkin, M., Naumovich, G., & Memon, N. (2003). Obfuscation of design intent in object-oriented applications. In M. Yung (Ed.), DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management (pp. 142-153)

Obfuscation of design intent in object-oriented applications. / Sosonkin, Mikhail; Naumovich, Gleb; Memon, Nasir.

DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management. ed. / M. Yung. 2003. p. 142-153.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sosonkin, M, Naumovich, G & Memon, N 2003, Obfuscation of design intent in object-oriented applications. in M Yung (ed.), DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management. pp. 142-153, DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management, Washington, DC, United States, 10/27/03.
Sosonkin M, Naumovich G, Memon N. Obfuscation of design intent in object-oriented applications. In Yung M, editor, DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management. 2003. p. 142-153
Sosonkin, Mikhail ; Naumovich, Gleb ; Memon, Nasir. / Obfuscation of design intent in object-oriented applications. DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management. editor / M. Yung. 2003. pp. 142-153
@inproceedings{3cdc25eb3a0b4ce8a22795b3782b48ae,
title = "Obfuscation of design intent in object-oriented applications",
abstract = "Protection of digital data from unauthorized access is of paramount importance. In the past several years, much research has concentrated on protecting data from the standpoint of confidentiality, integrity and availability. Software is a form of data with unique properties and its protection poses unique challenges. First, software can be reverse engineered, which may result in stolen intellectual property. Second, software can be altered with the intent of performing operations this software must not be allowed to perform. With commercial software increasingly distributed in forms from which source code can be easily extracted, such as Java bytecodes, reverse engineering has become easier than ever. Obfuscation techniques have been proposed to impede illegal reverse engineers. Obfuscations are program transformations that preserve the program functionality while obscuring the code, thereby protecting the program against reverse engineering. Unfortunately, the existing obfuscation techniques are limited to obscuring variable names, transformations of local control flow, and obscuring expressions using variables of primitive types. In this paper, we propose obfuscations of design of object-oriented programs. We describe three techniques for obfuscation of program design. The class coalescing obfuscation replaces several classes with a single class. The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program. We show the results of our initial experiments with a prototype implementation of these techniques. In particular, we show that the runtime overheads of these obfuscations tend to be small.",
keywords = "Code Generation, Refactoring, Software Obfuscation",
author = "Mikhail Sosonkin and Gleb Naumovich and Nasir Memon",
year = "2003",
language = "English (US)",
isbn = "1581137869",
pages = "142--153",
editor = "M. Yung",
booktitle = "DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management",

}

TY - GEN

T1 - Obfuscation of design intent in object-oriented applications

AU - Sosonkin, Mikhail

AU - Naumovich, Gleb

AU - Memon, Nasir

PY - 2003

Y1 - 2003

N2 - Protection of digital data from unauthorized access is of paramount importance. In the past several years, much research has concentrated on protecting data from the standpoint of confidentiality, integrity and availability. Software is a form of data with unique properties and its protection poses unique challenges. First, software can be reverse engineered, which may result in stolen intellectual property. Second, software can be altered with the intent of performing operations this software must not be allowed to perform. With commercial software increasingly distributed in forms from which source code can be easily extracted, such as Java bytecodes, reverse engineering has become easier than ever. Obfuscation techniques have been proposed to impede illegal reverse engineers. Obfuscations are program transformations that preserve the program functionality while obscuring the code, thereby protecting the program against reverse engineering. Unfortunately, the existing obfuscation techniques are limited to obscuring variable names, transformations of local control flow, and obscuring expressions using variables of primitive types. In this paper, we propose obfuscations of design of object-oriented programs. We describe three techniques for obfuscation of program design. The class coalescing obfuscation replaces several classes with a single class. The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program. We show the results of our initial experiments with a prototype implementation of these techniques. In particular, we show that the runtime overheads of these obfuscations tend to be small.

AB - Protection of digital data from unauthorized access is of paramount importance. In the past several years, much research has concentrated on protecting data from the standpoint of confidentiality, integrity and availability. Software is a form of data with unique properties and its protection poses unique challenges. First, software can be reverse engineered, which may result in stolen intellectual property. Second, software can be altered with the intent of performing operations this software must not be allowed to perform. With commercial software increasingly distributed in forms from which source code can be easily extracted, such as Java bytecodes, reverse engineering has become easier than ever. Obfuscation techniques have been proposed to impede illegal reverse engineers. Obfuscations are program transformations that preserve the program functionality while obscuring the code, thereby protecting the program against reverse engineering. Unfortunately, the existing obfuscation techniques are limited to obscuring variable names, transformations of local control flow, and obscuring expressions using variables of primitive types. In this paper, we propose obfuscations of design of object-oriented programs. We describe three techniques for obfuscation of program design. The class coalescing obfuscation replaces several classes with a single class. The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program. We show the results of our initial experiments with a prototype implementation of these techniques. In particular, we show that the runtime overheads of these obfuscations tend to be small.

KW - Code Generation

KW - Refactoring

KW - Software Obfuscation

UR - http://www.scopus.com/inward/record.url?scp=18844377176&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=18844377176&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:18844377176

SN - 1581137869

SN - 9781581137866

SP - 142

EP - 153

BT - DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management

A2 - Yung, M.

ER -