Java control flow obfuscation (1998) [9 citations — 0 self]
Abstract:
The language Java was designed to be compiled into a platform independent bytecode format. Much of the information contained in the source code remains in the bytecode, which means that decompilation is easier than with traditional native codes. As a result, software developers are taking seriously the threat of competitors using reverse-engineering to extract proprietary algorithms from compiled Java programs. We examine several technical protection techniques that could be used to hinder the reverse-engineering of software. We claim that code obfuscation is the most suitable technical protection technique that can be applied to a portable language like Java. The technique of code obfuscation involves applying obfuscating transformations to a program. These transformations make the program more difficult for a reverse-engineer to understand but do not affect the functionality of the program. We focus on a particular category of obfuscating transformations--- control flow obfuscation. Control flow obfuscations disguise the algorithms used by a program by introducing new fake control flows, creating features at the object code level which have no source code equivalent or altering the way in which statements are grouped. There are many practical aspects to be considered when applying obfuscating transformations to Java programs. The fact that Java programs are portable and are verified before execution makes obfuscating transformations more difficult to apply. The verification stage ensures that programs do not perform illegal operations, such as corrupting a user's system. Obfuscating transformations can be applied automatically to a program by a tool called an obfuscator. In this thesis, we present one possible method of implementing such an obfuscator. We first discuss the design decisions made to address implementation problems. Then, we use the obfuscator on examples of Java code and examine how effective the obfuscating transformations are in impeding reverse-engineering.
