Call graph obfuscation and diversification: An approach

Abstract

Monetary loss due to software piracy nowadays reaches millions. In 2017, the commercial value for this concept rose to $46.3 billion. A way to mitigate this problem from the technological point of view is the use of software protection techniques, especially the obfuscation and diversification of code, highlighting the control obfuscation. There are many proposals connected with obfuscating control flow graph. However, there are few reported works that perform obfuscation of the call graph. In this study, the authors propose a novel mechanism for the static obfuscation and diversification of the call graph of a software. The mechanism is based on the routing of functions calls in order to modify the software call graph. A prototype of the proposed mechanism was developed by extending the functionalities of a compiler. The generated software differed structurally by 25% on average, compared to the original software. There was an increase in the level of obfuscation from 2 to 30% in the tests performed, with only a 3% overhead of the execution time in all cases. The proposal allows to restructure the whole call graph efficiently, increasing the level of protection without affecting significantly the software performance.