Obfuscation of design intent in object-oriented applications

Mikhail Sosonkin, Gleb Naumovich, Nasir Memon

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    Protection of digital data from unauthorized access is of paramount importance. In the past several years, much research has concentrated on protecting data from the standpoint of confidentiality, integrity and availability. Software is a form of data with unique properties and its protection poses unique challenges. First, software can be reverse engineered, which may result in stolen intellectual property. Second, software can be altered with the intent of performing operations this software must not be allowed to perform. With commercial software increasingly distributed in forms from which source code can be easily extracted, such as Java bytecodes, reverse engineering has become easier than ever. Obfuscation techniques have been proposed to impede illegal reverse engineers. Obfuscations are program transformations that preserve the program functionality while obscuring the code, thereby protecting the program against reverse engineering. Unfortunately, the existing obfuscation techniques are limited to obscuring variable names, transformations of local control flow, and obscuring expressions using variables of primitive types. In this paper, we propose obfuscations of design of object-oriented programs. We describe three techniques for obfuscation of program design. The class coalescing obfuscation replaces several classes with a single class. The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program. We show the results of our initial experiments with a prototype implementation of these techniques. In particular, we show that the runtime overheads of these obfuscations tend to be small.

    Original languageEnglish (US)
    Title of host publicationDRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management
    EditorsM. Yung
    Pages142-153
    Number of pages12
    StatePublished - 2003
    EventDRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management - Washington, DC, United States
    Duration: Oct 27 2003Oct 27 2003

    Other

    OtherDRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management
    CountryUnited States
    CityWashington, DC
    Period10/27/0310/27/03

    Fingerprint

    Reverse engineering
    Intellectual property
    Flow control
    Availability
    Engineers
    Experiments

    Keywords

    • Code Generation
    • Refactoring
    • Software Obfuscation

    ASJC Scopus subject areas

    • Engineering(all)

    Cite this

    Sosonkin, M., Naumovich, G., & Memon, N. (2003). Obfuscation of design intent in object-oriented applications. In M. Yung (Ed.), DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management (pp. 142-153)

    Obfuscation of design intent in object-oriented applications. / Sosonkin, Mikhail; Naumovich, Gleb; Memon, Nasir.

    DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management. ed. / M. Yung. 2003. p. 142-153.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Sosonkin, M, Naumovich, G & Memon, N 2003, Obfuscation of design intent in object-oriented applications. in M Yung (ed.), DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management. pp. 142-153, DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management, Washington, DC, United States, 10/27/03.
    Sosonkin M, Naumovich G, Memon N. Obfuscation of design intent in object-oriented applications. In Yung M, editor, DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management. 2003. p. 142-153
    Sosonkin, Mikhail ; Naumovich, Gleb ; Memon, Nasir. / Obfuscation of design intent in object-oriented applications. DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management. editor / M. Yung. 2003. pp. 142-153
    @inproceedings{3cdc25eb3a0b4ce8a22795b3782b48ae,
    title = "Obfuscation of design intent in object-oriented applications",
    abstract = "Protection of digital data from unauthorized access is of paramount importance. In the past several years, much research has concentrated on protecting data from the standpoint of confidentiality, integrity and availability. Software is a form of data with unique properties and its protection poses unique challenges. First, software can be reverse engineered, which may result in stolen intellectual property. Second, software can be altered with the intent of performing operations this software must not be allowed to perform. With commercial software increasingly distributed in forms from which source code can be easily extracted, such as Java bytecodes, reverse engineering has become easier than ever. Obfuscation techniques have been proposed to impede illegal reverse engineers. Obfuscations are program transformations that preserve the program functionality while obscuring the code, thereby protecting the program against reverse engineering. Unfortunately, the existing obfuscation techniques are limited to obscuring variable names, transformations of local control flow, and obscuring expressions using variables of primitive types. In this paper, we propose obfuscations of design of object-oriented programs. We describe three techniques for obfuscation of program design. The class coalescing obfuscation replaces several classes with a single class. The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program. We show the results of our initial experiments with a prototype implementation of these techniques. In particular, we show that the runtime overheads of these obfuscations tend to be small.",
    keywords = "Code Generation, Refactoring, Software Obfuscation",
    author = "Mikhail Sosonkin and Gleb Naumovich and Nasir Memon",
    year = "2003",
    language = "English (US)",
    isbn = "1581137869",
    pages = "142--153",
    editor = "M. Yung",
    booktitle = "DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management",

    }

    TY - GEN

    T1 - Obfuscation of design intent in object-oriented applications

    AU - Sosonkin, Mikhail

    AU - Naumovich, Gleb

    AU - Memon, Nasir

    PY - 2003

    Y1 - 2003

    N2 - Protection of digital data from unauthorized access is of paramount importance. In the past several years, much research has concentrated on protecting data from the standpoint of confidentiality, integrity and availability. Software is a form of data with unique properties and its protection poses unique challenges. First, software can be reverse engineered, which may result in stolen intellectual property. Second, software can be altered with the intent of performing operations this software must not be allowed to perform. With commercial software increasingly distributed in forms from which source code can be easily extracted, such as Java bytecodes, reverse engineering has become easier than ever. Obfuscation techniques have been proposed to impede illegal reverse engineers. Obfuscations are program transformations that preserve the program functionality while obscuring the code, thereby protecting the program against reverse engineering. Unfortunately, the existing obfuscation techniques are limited to obscuring variable names, transformations of local control flow, and obscuring expressions using variables of primitive types. In this paper, we propose obfuscations of design of object-oriented programs. We describe three techniques for obfuscation of program design. The class coalescing obfuscation replaces several classes with a single class. The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program. We show the results of our initial experiments with a prototype implementation of these techniques. In particular, we show that the runtime overheads of these obfuscations tend to be small.

    AB - Protection of digital data from unauthorized access is of paramount importance. In the past several years, much research has concentrated on protecting data from the standpoint of confidentiality, integrity and availability. Software is a form of data with unique properties and its protection poses unique challenges. First, software can be reverse engineered, which may result in stolen intellectual property. Second, software can be altered with the intent of performing operations this software must not be allowed to perform. With commercial software increasingly distributed in forms from which source code can be easily extracted, such as Java bytecodes, reverse engineering has become easier than ever. Obfuscation techniques have been proposed to impede illegal reverse engineers. Obfuscations are program transformations that preserve the program functionality while obscuring the code, thereby protecting the program against reverse engineering. Unfortunately, the existing obfuscation techniques are limited to obscuring variable names, transformations of local control flow, and obscuring expressions using variables of primitive types. In this paper, we propose obfuscations of design of object-oriented programs. We describe three techniques for obfuscation of program design. The class coalescing obfuscation replaces several classes with a single class. The class splitting obfuscation replaces a single class with multiple classes, each responsible for a part of the functionality of the original class. The type hiding obfuscation uses the mechanism of interfaces in Java to obscure the types of objects manipulated by the program. We show the results of our initial experiments with a prototype implementation of these techniques. In particular, we show that the runtime overheads of these obfuscations tend to be small.

    KW - Code Generation

    KW - Refactoring

    KW - Software Obfuscation

    UR - http://www.scopus.com/inward/record.url?scp=18844377176&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=18844377176&partnerID=8YFLogxK

    M3 - Conference contribution

    SN - 1581137869

    SN - 9781581137866

    SP - 142

    EP - 153

    BT - DRM 2003: Proceedings of the Third ACM Workshop on Digital Rights Management

    A2 - Yung, M.

    ER -