Abstract
State of the art obfuscation techniques rely on an unproven concept of security, therefore it is very hard to evaluate their protection quality. In previous work we introduced algorithmic information theory as a theoretical foundation for code obfuscation security.We propose Kolmogorov complexity, estimated by compression, as a software complexity metric to measure regularities in obfuscated programs. In this paper we provide a theoretical validation for its soundness as a software metric, so it can have as much credibility as other complexity metrics. Then, we conduct an empirical evaluation for 43 obfuscation techniques, which are applied to 10 Java byte code programs of SPECjvm2008 benchmark suite using three different decompilers as a threat model, aiming to provide experimental evidence that support the formal treatments.
Cite
CITATION STYLE
Mohsen, R., & Pinto, A. M. (2016). Evaluating obfuscation security: A quantitative approach. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9482, pp. 174–192). Springer Verlag. https://doi.org/10.1007/978-3-319-30303-1_11
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
