Obfuscation techniques are a general category of software protections widelyadopted to prevent malicious tampering of the code by making applications moredifficult to understand and thus harder to modify. Obfuscation techniques aredivided in code and data obfuscation, depending on the protected asset. Whilepreliminary empirical studies have been conducted to determine the impact ofcode obfuscation, our work aims at assessing the effectiveness and efficiencyin preventing attacks of a specific data obfuscation technique - VarMerge. Weconducted an experiment with student participants performing two attack taskson clear and obfuscated versions of two applications written in C. Theexperiment showed a significant effect of data obfuscation on both the timerequired to complete and the successful attack efficiency. An application withVarMerge reduces by six times the number of successful attacks per unit oftime. This outcome provides a practical clue that can be used when applyingsoftware protections based on data obfuscation.
展开▼
