research-article

From obfuscation to comprehension

Authors:

Dror G. FeitelsonAuthors Info & Claims

ICPC '15: Proceedings of the 2015 IEEE 23rd International Conference on Program Comprehension

Pages 178 - 181

Published: 16 May 2015 Publication History

Abstract

Code obfuscation techniques are widely used in industry to increase protection of source code and intellectual property. The idea is that even if attackers gain hold of source code, it will be hard for them to understand what it does and how. Thus obfuscation techniques are specifically targeted at human comprehension of code. We suggest that the ideas and experience embedded in obfuscations can be used to learn about comprehension. In particular, we survey known obfuscation techniques and use them in an attempt to derive metrics for code (in)comprehensibility. This leads to emphasis on issues such as identifier naming, which are typically left on the sidelines in discussions of code comprehension, and motivates increased efforts to measure their effect.

References

[1]

F. P. Brooks, Jr., "No silver bullet: Essence and accidents of software engineering". Computer 20(4), pp. 10--19, Apr 1987.

Digital Library

[2]

R. P. L. Buse and W. R. Weimer, "A metric for software readability". In Intl. Symp. Softw. Testing & Analysis, pp. 121--130, Jul 2008.

Digital Library

[3]

M. Ceccato, A. Capiluppi, P. Falcarin, and C. Boldyreff, "A large study on the effect of code obfuscation on the quality of Java code". Empirical Softw. Eng. 2015.

[4]

M. Ceccato, M. Di Penta, P. Falcarin, F. Ricca, M. Torchiano, and P. Tonella, "A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques". Empirical Softw. Eng. 19(4), pp. 1040--1074, 2014.

Digital Library

[5]

J.-T. Chan and W. Yang, "Advanced obfuscation techniques for Java bytecode". J. Syst. Softw. 71(1), pp. 1--10, 2004.

Digital Library

[6]

M. Christodorescu and S. Jha, "Static analysis of executables to detect malicious patterns". In 12th USENIX Security Symp., pp. 169--186, 2003.

Digital Library

[7]

C. Collberg, C. Thomborson, and D. Low, A taxonomy of obfuscating transformations. Tech. rep., Dept. Computer Science, University of Auckland, New Zealand, 1997.

[8]

F. Deissenboeck and M. Pizka, "Concise and consistent naming". Softw. Quality J. 14(3), pp. 261--282, 2006.

Digital Library

[9]

E. W. Dijkstra, "Go To statement considered harmful". Comm. ACM 11(3), pp. 147--148, Mar 1968.

Digital Library

[10]

S. Henry and D. Kafura, "Software structure metrics based on information flow". IEEE Trans. Softw. Eng. SE-7(5), pp. 510--518, Sep 1981.

Digital Library

[11]

J. Knoop, O. Rüthing, and B. Steffen, "Partial dead code elimination". In Prog. Lang. Design & Implementation, pp. 147--158, ACM, 1994.

Digital Library

[12]

D. Low, "Java control flow obfuscation". MSc Thesis, University of Auckland, Jun 1998.

[13]

T. McCabe, "A complexity measure". IEEE Trans. Softw. Eng. SE-2(4), pp. 308--320, Dec 1976.

Digital Library

[14]

F. Nielson, H. R. Nielson, and C. Hankin, Principles of Program Analysis. Springer, 1999.

Digital Library

[15]

D. Posnett, A. Hindle, and P. Devanbu, "A simpler model of software readability". In 8th Working Conf. Mining Softw. Repositories, pp. 73--82, May 2011.

Digital Library

[16]

SonarSource, "SonarQube". 2013. URL http://www.sonarqube.org/

[17]

M. Sosonkin, G. Naumovich, and N. Memon, "Obfuscation of design intent in object-oriented applications". In Proc. 3rd ACM workshop on Digital Rights Mgmt., pp. 142--153, 2003.

Digital Library

Cited By

Gopstein DIannacone JYan YDeLong LZhuang YYeh MCappos JBodden ESchäfer WDeursen AZisman A(2017)Understanding misunderstandings in source codeProceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering10.1145/3106237.3106264(129-139)Online publication date: 21-Aug-2017
https://dl.acm.org/doi/10.1145/3106237.3106264

Index Terms

From obfuscation to comprehension

Recommendations

From Obfuscation to Comprehension
ICPC '15: Proceedings of the 2015 IEEE 23rd International Conference on Program Comprehension

Code obfuscation techniques are widely used in industry to increase protection of source code and intellectual property. The idea is that even if attackers gain hold of source code, it will be hard for them to understand what it does and how. Thus ...
Obfuscation: The Hidden Malware

A cyberwar exists between malware writers and antimalware researchers. At this war's heart rages a weapons race that originated in the 80s with the first computer virus. Obfuscation is one of the latest strategies to camouflage the telltale signs of ...
Malware Obfuscation Techniques: A Brief Survey
BWCCA '10: Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications

As the obfuscation is widely used by malware writers to evade antivirus scanners, so it becomes important to analyze how this technique is applied to malwares. This paper explores the malware obfuscation techniques while reviewing the encrypted, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ICPC '15: Proceedings of the 2015 IEEE 23rd International Conference on Program Comprehension

May 2015

325 pages

General Chair:
Andrea De Lucia
University of Salerno, Italy
,
Program Chairs:
Christian Bird
Microsoft Research
,
Rocco Oliveto
University of Molise, Italy

Sponsors

ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS\DATC: IEEE Computer Society
TCSE: IEEE Computer Society's Tech. Council on Software Engin.

Publisher

IEEE Press

Publication History

Published: 16 May 2015

Check for updates

Qualifiers

Research-article

Conference

ICSE '15

Sponsor:

ACM
SIGSOFT
IEEE-CS\DATC
TCSE

ICSE '15: 37th International Conference on Software Engineering

May 16 - 24, 2015

Florence, Italy

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
92
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gopstein DIannacone JYan YDeLong LZhuang YYeh MCappos JBodden ESchäfer WDeursen AZisman A(2017)Understanding misunderstandings in source codeProceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering10.1145/3106237.3106264(129-139)Online publication date: 21-Aug-2017
https://dl.acm.org/doi/10.1145/3106237.3106264

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents