FEATURES OF THE IMPLEMENTATION AND APPLICATION OF CODE OBFUSCATION METHODS (ANALYTICAL AND REVIEW RESEARCH)
DOI:
https://doi.org/10.32689/maup.it.2023.2.8Keywords:
obfuscation, deobfuscation, program code, transformation, software developersAbstract
The article is devoted to the main methods of protecting the software code from research, in particular the methods of code obfuscation. The modern pace of development of the IT industry has made the task of improving the security of software products a priority, because reducing the risk of illegal use and distribution of the developed software product is an extremely important aspect of activity for software developers. However, in connection with the development of information technologies, there have always been and will remain unsolved problems of software piracy. One way to alleviate this problem from a technical point of view is to use software security techniques, especially code obfuscation. An informal and formal definition of the obfuscation process is given. The main goals and objectives of the application of obfuscation methods by both software developers and attackers are analyzed. Computer technologies have significantly expanded the capabilities of both legal software users and criminals to use methods and means of unauthorized access to software products. Separately, this problem concerns the byte code-oriented software, which has a number of specific features of development and use in modern computer systems. Since the analysis of modern software products showed the development trend of using byte code-oriented software, the demonstration example shows the implementation of one of the obfuscation methods for the created Python script using the pyArmor library. It is shown that obfuscation is commonly used together with other protection methods. It was concluded that the combined use of new approaches and modifications of existing technologies of obfuscation methods of software code protection must be strengthened with the help of encryption, which will add another level of protection of devices and data.
References
Давидов В.В. Моделі та методи підвищення безпеки байт-код орієнтованого програмного забезпечення в умовах кібератак : дис. д-ра техн. наук : 05.13.05 / Давидов Вячеслав Вадимович. Харків, 2021. 313 с. Режим доступу: https://er.chdtu.edu.ua/handle/ChSTU/2577
Важливість системи захисту кінцевих точок URL: https://www.microsoft.com/uk-ua/security/business/security-101/what-is-an-endpoint
Stepanenko I., Kinzeryavyy V., Nagi A., Lozinskyi I. Modern obfuscation methods for secure coding. Ukrainian Scientific Journal of Information Security. 2016, vol. 22 (1), issue 1, p. 32-37. Режим доступу: doi.org/10.18372/2225-5036.22.10451
Garg, V., Srivastava, A., Mishra, A. Obscuring mobile agents by source code obfuscation. Int. J. Comput. Appl., 2013. 61(9), 46–50.
Svitlana Sysoienko, Iryna Myronets, Vira Babenko. Practical Implementation Effectiveness of the Speed Increasing Method of Group Matrix Cryptographic Transformation. CEUR Workshop Proceedings 2353. 2019. p.402 – 412. (Scopus). ISSN 1613-0073. Режим доступу: doi.org/10.32782/cmis/2353-32
Gnatyuk, S., Kinzeryavyy, V., Stepanenko, I., Gorbatyuk, Y., Gizun, A., Kotelianets, V. Code Obfuscation Technique for Enhancing Software Protection Against Reverse Engineering. In: Hu, Z., Petoukhov, S., He, M. (eds) Advancesin Artificial Systems for Medicine and Education II. AIMEE2018 2018. Advances in Intelligent Systems and Computing, 2020. Vol 902. pp. 571–580. Springer, Cham. Режим доступу: https://doi.org/10.1007/978-3-030-12082-5_52
Lantao Wang; Yun Li; Haitao Zhang; Qigu Han; Lirong Chen. (2021). An Efficient Control-flow based Obfuscator for Micropython Bytecode. 7th International Symposium on System and Software Reliability (ISSSR), 23-24 September 2021. Chongqing, China. INSPEC Accession Number: 21481418. Режим доступу: doi: 10.1109/ISSSR53171.2021.00028
Бондарчук А.П., Корнага Я.І., Базалій М.Ю., Сергієнко П.А., Ільїн О.Ю. Метод захисту програмного коду від аналізу засобами обфускації. Телекомунікаційні та інформаційні технології. 2020. № 4 (69). С. 140-148. Режим доступу: doi: 10.31673/2412-4338.2020.045051
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K. On the (im)possibility of obfuscating programs. Journal of the ACM. 2012. Vol. 59. Iss. 2. Article No. 6. 48 p. Режим доступу: DOI:10.1145/2160158.2160159.
Goldwasser, S., & Guy, N. R. On best-possible obfuscation. Fourth IACR Theory of Cryptography Conference, TCC 2007, February 21-24 2007. Amsterdam: KNAW Trippenhuis, 2007. P. 194-213.
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K. On the (Im)possibility of Obfuscating Programs. LNCS, 2010. P. 1-18.
Chow, S., Gu, Y., Johnson, H., Zakharov, V. An approach to the obfuscation of control-flow of sequential computer program. LNCS, 2001. P. 144-155.
Garg S., Gentry C., Halevi S., Raykova M., Sahai A., and Waters B. Candidate indistinguishability obfuscation and functional encryption for all circuits. FOCS, 2013. P. 22-23.
JS Obfuscator Tool. URL: https://obfuscator.io/
JS-obfuscator. URL: https://github.com/caiguanhao/js-obfuscator
Opy. URL: https://github.com/QQuick/Opy
Pyarmor. URL: https://github.com/dashingsoft/pyar
