The Effectiveness of Source Code Obfuscation: an Experimental Assessment

Conference paper

Ceccato, Mariano, Di Penta, Massimiliano, Nagra, Jasvir, Falcarin, P., Ricca, Filippo, Torchiano, Marco and Tonell, Paolo 2009. The Effectiveness of Source Code Obfuscation: an Experimental Assessment. 17th IEEE International Conference on Program Comprehension (ICPC-09). Vancouver (Canada) May 17-19 2009 pp. 178 - 187
AuthorsCeccato, Mariano, Di Penta, Massimiliano, Nagra, Jasvir, Falcarin, P., Ricca, Filippo, Torchiano, Marco and Tonell, Paolo
TypeConference paper
Abstract

Source code obfuscation is a protection mechanism widely used to limit the possibility of malicious reverse engineering
or attack activities on a software system. Although several code obfuscation techniques and tools are available, little knowledge is available about the capability of obfuscation
to reduce attackers’ efficiency, and the contexts in which such an efficiency may vary. This paper reports the outcome of two controlled experiments meant to measure the ability of subjects to understand and modify decompiled, obfuscated Java code, compared to
decompiled, clear code. Results quantify to what extent code obfuscation is able to make attacks more difficult to be performed, and reveal that obfuscation can mitigate the effect of factors that can alter the likelihood of a successful attack, such as the attackers’ skill and experience, or the intrinsic characteristics of the system under attack.

Keywordssoftware system security; computer security
Year2009
Conference17th IEEE International Conference on Program Comprehension (ICPC-09)
Accepted author manuscript
License
CC BY-ND
Publication dates
PrintMay 2009
Publication process dates
Deposited30 Mar 2010
ISSN1063-6897
Web address (URL)http://dx.doi.org/10.1109/ICPC.2009.5090041
http://hdl.handle.net/10552/691
Additional information

Citation:
Ceccato, M. et al. (2009) ‘The Effectiveness of Source Code Obfuscation: an Experimental Assessment’ In: 17th IEEE International Conference on Program Comprehension (ICPC-09), Vancouver (Canada) May 17-19, 2009, IEEE pp. 178 - 187.

Place of publication2009
Page range178 - 187
Permalink -

https://repository.uel.ac.uk/item/863vz

Log in to edit

Download files

Accepted author manuscript
Ceccato, M. (2009) ICPC 178-87.pdf
License: CC BY-ND

  • 242
    total views
  • 445
    total downloads
  • 7
    views this month
  • 1
    downloads this month

Export as

Related outputs

Time-series clustering for sensor fault detection in large-scale Cyber-Physical Systems
Alwan, A., Brimicombe, A., Ciupala, A., Ghorashi, S., Baravalle, A. and Falcarin, P. 2022. Time-series clustering for sensor fault detection in large-scale Cyber-Physical Systems. Computer Networks. 218 (Art. 109384). https://doi.org/10.1016/j.comnet.2022.109384
Data quality challenges in large-scale cyber-physical systems: A systematic review
Alwan, A., Ciupala, A., Brimicombe, A., Ghorashi, S., Baravalle, A. and Falcarin, P. 2021. Data quality challenges in large-scale cyber-physical systems: A systematic review. Information Systems. 105 (Art. 101951). https://doi.org/10.1016/j.is.2021.101951
Enhancement performance of random forest algorithm via one hot encoding for IoT IDS
Hussein, A. Y., Falcarin, P. and Sadiq, A. T. 2021. Enhancement performance of random forest algorithm via one hot encoding for IoT IDS. Periodicals of Engineering and Natural Sciences. 9 (3), pp. 579-591. https://doi.org/10.21533/pen.v9i3.2204
Code Renewability for Native Software Protection
Abrath, B., Coppens, B., Van Den Broeck, J., Wyseur, B., Cabutto, A., Falcarin, P. and De Sutter, B. 2020. Code Renewability for Native Software Protection. ACM Transactions on Privacy and Security. 23 (Art. 20). https://doi.org/10.1145/3404891
HADES: a Hybrid Anomaly Detection System for Large-Scale Cyber-Physical Systems
Alwan, A., Baravalle, A., Ciupala, A. and Falcarin, P. 2020. HADES: a Hybrid Anomaly Detection System for Large-Scale Cyber-Physical Systems. FMEC2020: The Fifth International Conference on Fog and Mobile Edge Computing. Paris, FR 30 Jun - 03 Jul 2020 IEEE. https://doi.org/10.1109/FMEC49853.2020.9144751
Analysis of Obfuscated Code with Program Slicing
Talukder, M., Falcarin, P. and Islam, S. 2019. Analysis of Obfuscated Code with Program Slicing. 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security). Oxford, UK 03 - 04 Jun 2019 IEEE. https://doi.org/10.1109/CyberSecPODS.2019.8885094
A meta-model for software protections and reverse engineering attacks
Basile, C., Canavese, D., Regano, L., Falcarin, P. and De Sutter, B 2019. A meta-model for software protections and reverse engineering attacks. Journal of Systems and Software. 150, pp. 3-21. https://doi.org/10.1016/j.jss.2018.12.025
Rule-based monitoring and error detecting for converged telecommunication processes
Ordonez, Armando, Eraso, Luis and Falcarin, P. 2015. Rule-based monitoring and error detecting for converged telecommunication processes. in: 2015 SAI Intelligent Systems Conference (IntelliSys) IEEE. pp. 705-713
gLCB: an energy aware context broker
Ardito, Luca, Torchiano, Marco, Marengo, Marco and Falcarin, P. 2013. gLCB: an energy aware context broker. Sustainable Computing: Informatics and Systems. 3 (1), pp. 18-26. https://doi.org/10.1016/j.suscom.2012.10.005
Emergency situations supported by context-aware and application streaming technologies
Bernal, Jose Felipe Mejia, Falcarin, P., Ardito, Luca, Rocha, Oscar Rodríguez, Morisio, Maurizio, Pistillo, Francesco and Giovanelli, Flavio 2013. Emergency situations supported by context-aware and application streaming technologies. International Journal of Ad Hoc and Ubiquitous Computing. 13 (2), p. 120. https://doi.org/10.1504/IJAHUC.2013.054176
HAUTO: Automated composition of convergent services based in HTN planning
Ordoñez, Armando, Corrales, Juan Carlos and Falcarin, P. 2014. HAUTO: Automated composition of convergent services based in HTN planning. Ingeniería e Investigación. 34 (1), pp. 66-71. https://doi.org/10.15446/ing.investig.v34n1.42782
Automated context aware composition of Advanced Telecom Services for environmental early warnings
Ordonez, Armando, Alcázar, Vidal, Corrales, Juan Carlos and Falcarin, P. 2014. Automated context aware composition of Advanced Telecom Services for environmental early warnings. Expert Systems with Applications. 41 (13), pp. 5907-5916. https://doi.org/10.1016/j.eswa.2014.03.045
Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge
Ceccato, Mariano, Tonella, Paolo, Basile, Cataldo, Falcarin, P., Torchiano, Marco, Coppens, Bart and De Sutter, Bjorn 2018. Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge. Empirical Software Engineering (EMSE). 24 (1), pp. 240-286. https://doi.org/10.1007/s10664-018-9625-6
An Open Source Software Architecture for Smart Buildings
Alwan, A., Baravalle, A., Ciupala, A. and Falcarin, P. 2018. An Open Source Software Architecture for Smart Buildings. in: Arai, K., Kapoor, S. and Bhatia, R. (ed.) Intelligent Systems and Applications Springer.
Energy optimization in wireless sensor networks based on genetic algorithms
Rodriguez, Angela, Falcarin, P. and Ordonez, Armando 2015. Energy optimization in wireless sensor networks based on genetic algorithms. in: 2015 SAI Intelligent Systems Conference (IntelliSys) IEEE. pp. 470-474
Content Discovery Advertisements: An Explorative Analysis
Jadhav Balaji, R., Baravalle, Andres, Al-Nemrat, A. and Falcarin, P. 2017. Content Discovery Advertisements: An Explorative Analysis. in: Jahankhani, Hamid, Carlile, Alex, Emmett, David, Hosseinian-Far, Amin, Brown, Guy, Sexton, Graham and Jamal, Arshad (ed.) Global Security, Safety and Sustainability - The Security Challenges of the Connected World Springer Verlag.
A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques
Ceccato, Mariano, Di Penta, Massimiliano, Falcarin, P., Ricca, Filippo, Torchiano, Marco and Tonella, Paolo 2013. A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques. Empirical Software Engineering. 19 (4), pp. 1040-1074. https://doi.org/10.1007/s10664-013-9248-x
How Professional Hackers Understand Protected Code while Performing Attack Tasks
Ceccato, Mariano, Tonella, Paolo, Basile, Cataldo, Coppens, Bart, De Sutter, Bjorn, Falcarin, P. and Torchiano, Marco 2017. How Professional Hackers Understand Protected Code while Performing Attack Tasks. in: Proceedings of 2017 IEEE/ACM 25th International Conference on Program Comprehension (ICPC) IEEE. pp. 154-164
Software Protection with Code Mobility
Cabutto, Alessandro, Falcarin, P., Abrath, Bert, Coppens, Bart and De Sutter, Bjorn 2015. Software Protection with Code Mobility. in: MTD '15-- Proceedings of the Second ACM Workshop on Moving Target Defense Association for Computing Machinery (ACM). pp. 95-103
A large study on the effect of code obfuscation on the quality of java code
Ceccato, Mariano, Capiluppi, Andrea, Falcarin, P. and Boldyreff, Cornelia 2014. A large study on the effect of code obfuscation on the quality of java code. Empirical Software Engineering. 20 (6), pp. 1486-1524. https://doi.org/10.1007/s10664-014-9321-0
Attack simulation based software protection assessment method
Zhang, Gaofeng, Falcarin, P., Gomez-Martinez, Elena, Islam, Shareeful, Tartary, Christophe, De Sutter, Bjorn and d'Annoville, Jerome 2016. Attack simulation based software protection assessment method. in: 2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security) IEEE.
A Reference Architecture for Software Protection
De Sutter, Bjorn, Falcarin, P., Wyseur, Brecht, Basile, Cataldo, Ceccato, Mariano, DAnnoville, Jerome and Zunke, Michael 2016. A Reference Architecture for Software Protection. in: 2016 13th Working IEEE/IFIP Conference on Software Architecture (WICSA) IEEE. pp. 291-294
Search Based Clustering for Protecting Software with Diversified Updates
Ceccato, Mariano, Falcarin, P., Cabutto, Alessandro, Frezghi, Yosief Weldezghi and Staicu, Cristian-Alexandru 2016. Search Based Clustering for Protecting Software with Diversified Updates. 8th International Symposium on Search Based Software Engineering (SSBSE 2016). Raleigh, NC, USA 08 - 10 Oct 2016 Springer. https://doi.org/10.1007/978-3-319-47106-8_11
Towards automated composition of convergent services: A survey
Ordónez, Armando, Alcazar, Vidal, Rendon, Oscar Mauricio Caicedo, Falcarin, P., Corrales, Juan C. and Granville, Lisandro Zambenedetti 2015. Towards automated composition of convergent services: A survey. Computer Communications. 69, pp. 1-21.
Measuring Security Requirements for Software Security
Islam, S. and Falcarin, P. 2011. Measuring Security Requirements for Software Security. IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS). London 01 - 02 Sep 2011
Software protection
Falcarin, P., Collberg, Christian, Atallah, Mikhail and Jakubowski, Mariusz 2011. Software protection. IEEE Software. 28 (2), pp. 24-27.
Exploiting Code Mobility for Dynamic Binary Obfuscation
Falcarin, P., Di Carlo, Stefano, Cabutto, Alessandro, Garazzino, Nicola and Barberis, Davide 2011. Exploiting Code Mobility for Dynamic Binary Obfuscation. IEEE World Congress on Internet Security (WorldCIS-2011), London, 21-23 February 2011. London: IEEE pp 114 – 120.
Towards Experimental Evaluation of Code Obfuscation Techniques
Ceccato, Mariano, Di Penta, Massimiliano, Nagra, Jasvir, Falcarin, P. and Ricca, Filippo 2008. Towards Experimental Evaluation of Code Obfuscation Techniques. 4th ACM workshop on Quality of Protection. Alexandria, Virginia, USA Oct 2008 pp. 39-46
Next Generation Networks: the service offering standpoint
Licciardi, Carlo Alberto and Falcarin, P. 2003. Next Generation Networks: the service offering standpoint. in:
An Aspect-Oriented Approach for Dynamic Monitoring of a Service Logic Execution Environment
Falcarin, P. and Goix, Laurent Walter 2006. An Aspect-Oriented Approach for Dynamic Monitoring of a Service Logic Execution Environment. in:
A Dynamic Analysis Tool for Extracting UML 2 Sequence Diagrams
Falcarin, P. and Torchiano, Marco 2006. A Dynamic Analysis Tool for Extracting UML 2 Sequence Diagrams. ICSOFT 2006, First International Conference on Software and Data Technologies. Setúbal, Portugal 11 - 14 Sep 2006
Towards a Telecommunication Service Oriented Architecture
Falcarin, P. and Yu, Jian 2007. Towards a Telecommunication Service Oriented Architecture. in:
Dynamic Context-Aware Business Process: A Rule-Based Approach Supported by Pattern Identification
Bernal, Jose F. Mejia, Falcarin, P. and Morisio, Maurizio 2010. Dynamic Context-Aware Business Process: A Rule-Based Approach Supported by Pattern Identification. Proceedings of the 2010 ACM Symposium on Applied Computing SAC'10. Sierre, Switzerland 22 - 26 Mar 2010
Service Creation in the SPICE Service Platform
Almeida, Joao Paulo, Baravaglio, Alberto, Belaunde, Mariano, Falcarin, P. and Kovacs, Erno 2006. Service Creation in the SPICE Service Platform. 17th Wireless World Research Forum Meeting (WWRF17).
Towards the Automation of the Service Composition Process: Case Study and Prototype Implementations
Shiaa, Mazen, Falcarin, P., Pastor, Alain, Lecue, Freddy, Silva, Eduardo and Pires, Luis Ferreira 2008. Towards the Automation of the Service Composition Process: Case Study and Prototype Implementations. Cunningham, P and Cunningham, M. (Eds) ICT-MobileSummit 2008 Conference Proceedings Stockholm pp. 10-12
A Web-Based application to verify Open Mobile Alliance device management specifications
Mejia Bernal, Jose F., Falcarin, P. and Morisio, Maurizio 2009. A Web-Based application to verify Open Mobile Alliance device management specifications. IEEE International Conference on Advances in System Testing and Validation Lifecycle (VALID 2009). 20-25 September 2009 Porto pp. 13-18
Developing Secure Software and Systems
Falcarin, P. and Morisio, Maurizio 2004. Developing Secure Software and Systems. in:
First International Workshop on Telecom Service Oriented Architectures (TSOA-07)
Falcarin, P. and Belaunde, Mariano 2009. First International Workshop on Telecom Service Oriented Architectures (TSOA-07). E. Di Nitto and M Ripeanu (Eds.): ICSOC 2007 Workshops
Weaving Business Processes and Rules: A Petri Net Approach
Yu, Jian, Sheng, Quan Z., Falcarin, P. and Morisio, Maurizio 2009. Weaving Business Processes and Rules: A Petri Net Approach. in: Information Systems: Modeling, Development, and Integration Springer.
A User-centric Mobile Service Creation Approach Converging Telco and IT Services
Yu, Jian, Falcarin, P., del Álamo, José María, Sienel, Juergen, Sheng, Quan Z. and Mejia, Jose F. 2009. A User-centric Mobile Service Creation Approach Converging Telco and IT Services. Eighth International Conference on Mobile Business, (ICMB 2009), Sch. of Comput Sci. pp. 27-28
XDM-Compatible Service Repository for User-Centric Service Creation and Discovery
Jian, Yu, Falcarin, P., Rego, S., Ordas, I., Martins, E., Quan, Sun, Trapero, R. and Sheng, Quan Z. 2009. XDM-Compatible Service Repository for User-Centric Service Creation and Discovery. IEEE International Conference on Web Services. (ICWS 2009) Los Angeles pp. 6-10
Towards an Efficient Context-Aware System: Problems and Suggestions to Reduce Energy Consumption in Mobile Devices
Mejia Bernal, Jose F., Ardito, Luca, Morisio, Maurizio and Falcarin, P. 2010. Towards an Efficient Context-Aware System: Problems and Suggestions to Reduce Energy Consumption in Mobile Devices. Ninth International Conference on Mobile Business. (ICMB 2010) Athens pp. 13-15
Analysis of NGN service creation technologies
Licciardi, Carlo Alberto and Falcarin, P. 2003. Analysis of NGN service creation technologies. IEC Annual Review of Communications.
A CPL to Java compiler for dynamic service personalization in JAIN-SIP server
Falcarin, P. 2004. A CPL to Java compiler for dynamic service personalization in JAIN-SIP server. IEC Annual Review of Communications.
A visual semantic service browser supporting user-centric service composition
Yu, Jian, Sheng, Quan Z. and Falcarin, P. 2010. A visual semantic service browser supporting user-centric service composition. IEEE 24th International Conference on Advanced Information Networking and Applications (AINA 2010).
Communication Web Services and JAIN-SLEE Integration Challenges
Falcarin, P. and Venezia, Claudio 2008. Communication Web Services and JAIN-SLEE Integration Challenges. International Journal of Web Services Research. 5 (4), pp. 59-78.
Personalized Service Creation and Provision for the Mobile Web
Sheng, Quan Z., Yu, Jian, del Álamo, José María and Falcarin, P. 2009. Personalized Service Creation and Provision for the Mobile Web. in: Irwin, King and Baeza-Yates, Ricardo (ed.) Weaving Services and People on the World Wide Web Springer. pp. 99-121
Service Composition Quality Evaluation in SPICE Platform
Falcarin, P. 2009. Service Composition Quality Evaluation in SPICE Platform. in: Zhang, Liang-Ji, Paul, Raymond and Dong, Jing (ed.) High Assurance Services Computing Springer US. pp. 89-102
Situation Inference for Mobile Users: a Rule Based Approach
Goix, Laurent Walter, Valla, Massimo, Cerami, Laura and Falcarin, P. 2007. Situation Inference for Mobile Users: a Rule Based Approach. International Conference on Mobile Data Management, Mannheim, Germany May 01. IEEE pp 299-303
UML requirements for Distributed Software Architectures
Lago, Patricia and Falcarin, P. 2001. UML requirements for Distributed Software Architectures. Proceedings of the 1st International Workshop on Describing Software Architecture with UML, Toronto, Canada, May 2001, pp. 27-30
Call Control Component implementing converged Telephony- Internet networks
Falcarin, P. and Lago, Patricia 2001. Call Control Component implementing converged Telephony- Internet networks. Proceedings of the 3rd International Workshop on Net-Centric Computing, Toronto, Canada, May 2001, pp. 32-35
Designing the Parlay Call-Control Using ASMs
Falcarin, P. and Cavarra, Alessandra 2003. Designing the Parlay Call-Control Using ASMs. Börger, E; Gargantini, A; Riccobene, E. (Eds ) Abstract State Machines (ASM 2003)
Communication Web Services Composition and Integration
Venezia, Claudio and Falcarin, P. 2006. Communication Web Services Composition and Integration. IEEE Proceedings of International Conference on Web Services (ICWS-06). September 2006 IEEE Press pp. 523 - 530
Automated Reasoning on Aspects Interactions
Falcarin, P. and Torchiano, Marco 2006. Automated Reasoning on Aspects Interactions. IEEE/ACM Proceedings of International Conference on Automated Software Engineering (ASE 2006). Tokyo Japan
Service Discovery Suite for User-Centric Service Creation
Baladrón, Carlos, Aguiar, Javier, Carro, Belén, Sienel, Jürgen, Trapero, Rubén, Yelmo, Juan Carlos, del Álamo, José María, Yu, Jian and Falcarin, P. 2007. Service Discovery Suite for User-Centric Service Creation. . In Service Oriented Computing: a look at the Inside (SOC@Inside'07) workshop. ACM Vienna
An Approach to Domain-Specific Reuse in Service-Oriented Environments
Wang, Jianwu, Yu, Jian, Falcarin, P., Han, Yanbo and Morisio, Maurizio 2008. An Approach to Domain-Specific Reuse in Service-Oriented Environments. Mei, H. (Ed ) High Confidence Software Reuse in Large Systems ICSR 2008
Realizing an MDA and SOA Marriage for the Development of Mobile Services
Belaunde, Mariano and Falcarin, P. 2008. Realizing an MDA and SOA Marriage for the Development of Mobile Services. ECMDA-FA 2008.
Service opportunities for next generation networks
Andreetto, Alessandra, Licciardi, Carlo Alberto and Falcarin, P. 2001. Service opportunities for next generation networks. Proceedings Eurescom Summit conference - 3G Technologies and Applications. Heidelberg Germania
Remote Trust with Aspect-Oriented Programming
Falcarin, P., Scandariato, Riccardo and Baldi, Mario 2006. Remote Trust with Aspect-Oriented Programming. IEEE 20th International Conference on Advanced Information Networking and Applications (AINA 2006). Vienna, Austria Apr 2006 pp. 451-456
Using Temporal Business Rules to Synthesize Service Composition Process Models
Yu, Jian, Han, Jun, Falcarin, P. and Morisio, Maurizio 2007. Using Temporal Business Rules to Synthesize Service Composition Process Models.
Introducing the user to the service creation world: concepts for user centric service creation, personalization and notification
Caetano, Jorge, Santos, Pedro, Justino, Paulo, Goix, Laurent Walter, Renditore, Paola, Demartini, Matteo, Falcarin, P., Martín, Raúl, Martínez, Alvaro, Fernández, Rosario, Baladrón, Carlos, Aguiar, Javier and Carro, Belén 2007. Introducing the user to the service creation world: concepts for user centric service creation, personalization and notification. 16th IST Mobile & Wireless Communications Summit. Budapest Hungary
Application-oriented trust in distributed computing
Scandariato, Riccardo, Ofek, Yoram, Falcarin, P. and Baldi, Mario 2008. Application-oriented trust in distributed computing. IEEE, International Conference on Availability, Reliability and Security (ARES 2008), Barcelona (Spain) March 2008. pp 434-439.
A User-Centric Service Creation Approach for Next Generation Networks
Yelmo, Juan Carlos, del Álamo, José María, Trapero, Rubén, Falcarin, P., Yu, Jian, Carro, Belén and Baladrón, Carlos 2008. A User-Centric Service Creation Approach for Next Generation Networks. First ITU-T Kaleidoscope Academic Conference. Geneva, Switzerland May 2008 pp. 211-218
A Model-driven Framework for Professional Service Designers and Developers
Belaunde, Mariano, Falcarin, P. and Jezequel, Jean-Marc 2008. A Model-driven Framework for Professional Service Designers and Developers. ICIN 2008 International Conference on Intelligent Networks: Services, Enablers and Architectures. Bordeaux, France Oct 2008
User-Centric Future Internet and Telecommunication Services
Baladrón, Carlos, Aguiar, Javier, Carro, Belén, Goix, Laurent Walter, Martin, Alberto León, Falcarin, P. and Sienel, Jürgen 2009. User-Centric Future Internet and Telecommunication Services. in: Georgios, T. (ed.) Towards the Future Internet - A European Research Perspective IOS Press. pp. 217-226
Next Generation Networks: the service offering standpoint
Lago, Patricia, Falcarin, P., Andreetto, Alessandra and Licciardi, Carlo Alberto 2001. Next Generation Networks: the service offering standpoint.
Technologies and Guidelines for Service Creation in NGN
Licciardi, Carlo Alberto and Falcarin, P. 2003. Technologies and Guidelines for Service Creation in NGN.
Dynamic Architectural Changes for Distributed Services
Falcarin, P., Lago, Patricia and Morisio, Maurizio 2003. Dynamic Architectural Changes for Distributed Services. 8th International Workshop on Component-Oriented Programming. Darmstadt Germany
Software Tampering Detection using AOP and mobile code
Falcarin, P., Baldi, Mario and Mazzocchi, Daniele 2004. Software Tampering Detection using AOP and mobile code.
Software Architecture Evolution through Dynamic AOP
Falcarin, P. and Alonso, Gustavo 2004. Software Architecture Evolution through Dynamic AOP. Oquendo, F. et al (Eds) European Workshop on Software Architectures (EWSA) pp. 21-22