Stochastic optimization of program obfuscation

Author email: jy1989@mails.tsinghua.edu.cn
Tool name: Closure
Description: Program obfuscation is a common practice in software development to obscure source code or binary code, in order to prevent humans from understanding the purpose or logic of software. It protects intellectual property and deters malicious attacks. While tremendous efforts have been devoted to the development of various obfuscation techniques, we have relatively little knowledge on how to most effectively use them together. The biggest challenge lies in identifying the most effective combination of obfuscation techniques. This paper presents a unified framework to optimize program obfuscation. Given an input program P and a set T of obfuscation transformations, our technique can automatically identify a sequence seq = 〈t2, t2, ... , tn〉 (∀i ε [1, n]. ti ε T), such that applying ti in order on P yields the optimal obfuscation performance. We model the process of searching for seq as a mathematical optimization problem. The key technical contributions of this paper are: (1) an obscurity language model to assess obfuscation effectiveness/optimality, and (2) a guided stochastic algorithm based on Markov chain Monte Carlo methods to search for the optimal solution seq. We have realized the framework in a tool Closure* for JavaScript, and evaluated it on 25 most starred JavaScript projects on GitHub (19K lines of code). Our machinery study shows that Closure* outperforms the well-known Google Closure Compiler by defending 26% of the attacks initiated by JSNice. Our human study also reveals that Closure* is practical and can reduce the human attack success rate by 30%.
Bibtex: @inproceedings{10.1109/ICSE.2017.28, author = {Liu, Han and Sun, Chengnian and Su, Zhendong and Jiang, Yu and Gu, Ming and Sun, Jiaguang}, title = {Stochastic Optimization of Program Obfuscation}, year = {2017}, isbn = {9781538638682}, publisher = {IEEE Press}, url = {https://doi.org/10.1109/ICSE.2017.28}, doi = {10.1109/ICSE.2017.28}, booktitle = {Proceedings of the 39th International Conference on Software Engineering}, pages = {221–231}, numpages = {11}, keywords = {program obfuscation, obscurity language model, markov chain monte carlo methods}, location = {Buenos Aires, Argentina}, series = {ICSE ’17} }
Link to public pdf: https://dl.acm.org/doi/abs/10.1109/ICSE.2017.28
Link to tool webpage: https://bitbucket.org/njaliu/closure-star-tool
Link to demo: Not provided by authors
Category: None
Year and Conference: 2017, ICSE
Terms of use