Pushing Java Type Obfuscation to the Limit
Bytecoded .Net and Java programs reveal type information through encoded type hierarchies, casts, field declarations and method signatures. This facilitates bytecode verification, but it also helps reverse engineers. To obfuscate the type information, we combine three transformations. Class hierarch...
Saved in:
Published in | IEEE transactions on dependable and secure computing Vol. 11; no. 6; pp. 553 - 567 |
---|---|
Main Authors | , , |
Format | Journal Article |
Language | English |
Published |
Washington
IEEE
01.11.2014
IEEE Computer Society |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Bytecoded .Net and Java programs reveal type information through encoded type hierarchies, casts, field declarations and method signatures. This facilitates bytecode verification, but it also helps reverse engineers. To obfuscate the type information, we combine three transformations. Class hierarchy flattening removes as much of the type hierarchy from programs as possible. Interface merging and object factory insertion further remove type information from casts, method signatures, and object creation sites. We evaluate these techniques with a prototype tool for Java bytecode. On real-life programs from the DaCapo benchmark suite, we demonstrate that our approach effectively hinders human and tool analysis with limited overhead. |
---|---|
Bibliography: | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 23 |
ISSN: | 1545-5971 1941-0018 |
DOI: | 10.1109/TDSC.2014.2305990 |