Summary of ObfSec: Measuring the Security of Obfuscations from a Testing Perspective

Summary of ObfSec: Measuring the Security of Obfuscations from a Testing Perspective

연구 분야: Analysis

학회: IFIP International Conference on Testing Software and Systems

Code obfuscation is a widely used technique to protect the intellectual property of software by altering its structure to make it harder to understand or reverse-engineer. However, these modifications to the control flow and data flow can inadvertently compromise the security of the software. With a broad range of obfuscation methods available, each altering the program’s structure differently, these changes can introduce new bugs or exacerbate existing ones, potentially increasing the risk of vulnerabilities. In this context, we introduce ObfSec (Obfuscation Security), a novel approach to evaluate the security implications of software obfuscation. ObfSec systematically detects pre-existing errors in software and analyzes how obfuscation can alter the nature of these errors, particularly focusing on transformations that might convert benign bugs into exploitable vulnerabilities. Our study, conducted on a corpus of approximately 70,000 programs subjected to various obfuscation techniques, demonstrates that obfuscation can indeed degrade the security of software.