A software engineering methodology for developing secure obfuscated software

Abstract

We propose a methodology to conciliate two apparently contradictory processes in the development of secure obfuscated software and good software engineered software. Our methodology consists first in the system designers defining the type of security level required for the software. There are four types of attackers: casual attackers, hackers, institution attack, and government attack. Depending on the level of threat, the methodology we propose uses five or six teams to accomplish this task. One Software Engineer Team and one or two Software Obfuscation Teams, and Compiler Team. These four teams will develop and compile the secure obfuscated software. A Code Breakers Team will test the results of the previous teams to see if the software is not broken at the required security level, and an Intrusion Analysis Team will analyze the results of the Code Breakers Team and propose solutions to the development teams to prevent the detected intrusions. We present also an analytical model to prove that our methodology is no only easier to use, but generates an economical way of producing secure obfuscated software.