Software module protection method based on obfuscation procedure

Abstract

Purpose of the article: research and development of the software licensing module code obfuscation method with usage of presentation the string expressions features, function calls mechanism and access to identifiers in the bytecode-oriented programming languages. Results. The classification of programming languages is presented. The expediency of bytecode-oriented programming languages (based on JVM, CLR, etc.) that are used in the modern world to create Enterprise applications research is proved. Privacy, which is ensured through the obfuscation procedure usage, was selected for analysis from the main information security services. Existing software product protection methods based on the obfuscation procedure were considered. Their limitations were considered and the methods based on the obfuscation procedure, which work with identifiers and do not change the algorithm of program execution, were proposed. The provided researches made it possible to formulate the task for obfuscation methods development. Thus, two obfuscation methods were developed. Firstly, it is the obfuscation of string literals using the features of pseudorandom number generation, which makes it possible to describe the same string constant with different values. Secondly, it is an obfuscation of identifier names. The combination of this two developed methods allowed to create a tool that obfuscates the identifiers in such a way that each access to the identifier is unique. This takes away the opportunity of the attacker to find the appropriate identifier names in a short time to analyze the module's algorithm. Conclusions. An experiment was conducted in which IT-specialists were offered to analyze the unobfuscated and obfuscated program code of the developed software module, the main purpose of which was the license key generation and verification. The results showed that it would take up to 5 times more time to analyze the obfuscated code. This proves the advisability of the developed methods.

Keywords: software protection, obfuscation, bytecode-oriented programming languages.

References
1. Melnikov V.P., Kleimenov S.A., Petrakov A.M. (2008). “Information Security and Information Security, 3rd ed. Training Allowance for stud. higher studies institutions.” M.,“Academy”: 336. Print.
2. Galatenko V.A. (2016). “Fundamentals of Information Security.” M., National Open University "INTUIT": 267. Print. ISBN 5-9556-0052-3.
3. Programming Concepts: Compiled and Interpreted Languages. https://thecodeboss.dev/ 2015/07/programming-concepts-compiled-and-interpreted-languages/ (01-dec-2019).
4. A Look At 5 of the Most Popular Programming Languages of 2019. https://stackify.com/popular-programming-languages-2018/ (01-dec-2019).
5. Top Computer Languages. http://statisticstimes.com/tech/top-computer-languages.php (01-dec-2019).
6. What’s The Average Web App Development Cost. https://perfectial.com/blog/average-web-app-development-cost/ (01-dec-2019).
7. Collberg C., Thomborson C., Low D.. (1997). “A Taxonomy of Obfuscating Transformations”. Department of Computer Science, The University of Auckland: 36. Print.
8. Barak B., Goldreich O., Impagliazzo R., Rudich S., Sahai A., Vadhan S. and Yang K. (2001). «On the (im) possibility of obfuscating programs.» CRYPTO-2001.
9. Garg S., Gentry C., Halevi S., Raykova M., Sahai A., and Waters B. (2013). «Candidate indistinguishability obfuscation and functional encryption for all circuits.» FOCS-2013.
10. Goldwasser S., and Guy N. R. (2007). “On best-possible obfuscation.” TCC-2007.
11. Sebastian Schrittwieser, Stefan Katzenbeisser, Johannes Kinder, Georg Merzdovnik, and Edgar Weippl (2016). “Protecting Software through Obfuscation: Can It Keep Pace with Progress in Code Analysis?” ACM Comput. Surv. 49, 1, Article 4 (April 2016): 40. Print.
12. Faruki, Parvez & Fereidooni, Hossein & Laxmi, Vijay & Conti, Mauro & and, & Gaur, Manoj (2016). “Android Code Protection via Obfuscation Techniques: Past, Present and Future Directions”: 37. Print.
13. Davydov V.V., Semenov S.G., Movchan A.V. (2016). “System for software digital identifier generation for copyright protection”. XV International scientific seminar “Contemporary Problems of Informatics in Management, Economics, Education and Overcoming the Consequences of the Chornobyl Catastrophe”, Kyiv-Svityaz, July 4-8, 2016, K., National Academy of Management. 110-115: Print.