Obfuscating Transformations for Decompilation Resistant Java (designed for a non-specialist audience)

•

1 like•443 views

http://whoyouknow.co.uk/uni/phd/ Computer programs are written by a programmer in an English-like programming language, known as source-code. There are many programming languages available to programmers who can choose a language for their specific needs. Source code is transformed by a compiler into a sequence of instructions to be executed by a computer - a task known as compiling. Java is a popular programming language mainly due to it's `write once, run anywhere' nature - programmers write Java source code and the compiled Java program is able to run on many different systems without changes. In comparison, compiled programs written in the C language are tied to particular types of computers. One disadvantage that the Java programming language has, compared to other languages like C, is the relative ease of decompiling - the act of transforming compiled programs back into source code. Access to source code presents a risk that adversaries (such as software pirates or competing companies) could access proprietary information used to create a program. Code obfuscation techniques can be used to make decompiled code more confusing and in certain cases cause decompilation tools to fail. Such techniques can be applied to Java programs to hinder decompilation and decrease program understanding. What obfuscating transformations can be applied to Java programs to hinder decompilation? How effective are such obfuscating transformations? What are the ways in which adverseries could attack such obfuscations? How can we use this knowledge to create secure Java programs?

Technology

0 1 0 0 0 0 1 1
0 1 1 0 0 0 1 0
0 1 1 0 1 0 1 0
0 1 0 1 0 1 0 1
Obfuscating Transformations

1 0 0 1
for Decompilation Resistant 04/28/09
Java
James Hamilton

0 0 0 1 1 1 0 1

computer programs

computer programs are written in an English-like language, by a programmer,
known as source code

many programming languages exist, for different purposes, for example Java

public class SimpleProgram {
public static void main(String[] args) {
System.out.println(quot;Helloquot;);
}
}

source code is transformed into executable computer instructions by a compiler

000101010101010110111111010110110
010100101101010110101010101010100
101001010101010101010101010111111
101001000000010101010101010101010
101001010101111111101010101110001

2

understanding computer programs

source code

public class SimpleProgram {
public static void main(String[] args) {
System.out.println(quot;Helloquot;);
}
} easy to understand

executable code

000101010101010110111111010110110
010100101101010110101010101010100
101001010101010101010101010111111
101001000000010101010101010101010
101001010101111111101010101110001 hard to understand

3

stealing computer programs

software companies sell the executable version of their program but
keep the source code secret

software theives want the source code to change and re-sell

000101010101010110111111010110110
010100101101010110101010101010100
101001010101010101010101010111111
101001000000010101010101010101010
101001010101111111101010101110001

software software
company theif

4

stealing computer programs by decompilation

software theives may attempt to decompile an executable program to
access the source code

software software
company theif

5

protecting computer programs using code obfuscation

software companies may obscure their programs to protect from
decompilation

software thieves find it difficult to understand and decompile programs

00010101010101!&^%&01111010110110
010^%$£&&$101011010101010£$%$£00
10100101$£%£$^$%&!£*)(*^&$%£”01111
10%$&%£$000010101010^&%!10101010
10100101$”$&^**^%%((!$1010^01110001

software software
company thief

6

stealing obfuscated programs using program slicing

software thieves may slice programs to remove obscurities and reveal
only the useful parts

software software
company thief

7

protecting obfuscated programs from program slicing

software companies must make sure the obfuscations cover all
sections of code, without leaving useful sections for software thieves to
find

obfuscations must be hard to detect and remove

software thieves will have trouble finding useful code

$%$^%^*&(%$£^%$^$%^$%£”£!!”$(*&^%
!££%$£^%^*”£$”&%^*”($£”$)^**%*$*%£$!
£^*£&!£”)%($%&£&$%(!£*(!£*!(£*!$£&%!!!
“£$”£$&£”!!”£!*($£!**££I£^*%£”*(&^*^(&*%
!^$£$*(!!(£!)(*£^£!!””!!!!!!£%^&^$££$”””£”$$

software software
company thief

8

research questions

➢ what obfuscations can be applied to computer programs to hinder
decompilation and software theft?
➢ how effective are such obfuscations against attacks?
➢ what are the ways in which adversaries could attack such
obfuscations?
➢ how can we use this knowledge to create secure programs?

software software
company thief

9

Recently uploaded

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Victor Rentea

MINDCTI Revenue Release Quarter One 2024

MIND CTI

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Corporate and higher education May webinar.pptx

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

MINDCTI Revenue Release Quarter One 2024

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

MS Copilot expands with MS Graph connectors

AXA XL - Insurer Innovation Award Americas 2024

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

[BuildWithAI] Introduction to Gemini.pdf

Manulife - Insurer Transformation Award 2024

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Cyberprint. Dark Pink Apt Group [EN].pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

presentation ICT roal in 21st century education

Featured

Product Design Trends in 2024 | Teenage Engineerings

Pixeldarts

Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits. To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups. Technology For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did. While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis. Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad. Age and Gender When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same. Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers. Race Affects Attitudes As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).

How Race, Age and Gender Shape Attitudes Towards Mental Health

ThinkNow

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

marketingartwork

Skeleton Culture Code

Skeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024

Neil Kimberley

Content Methodology: A Best Practices Report (Webinar)

contently

How to Prepare For a Successful Job Search for 2024

Albert Qian

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

5 Public speaking tips from TED - Visualized summary

SpeakerHub

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

ChatGPT and the Future of Work - Clark Boyd

Clark Boyd

Getting into the tech field. what next

Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Lily Ray

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Vit Horky

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

The six step guide to practical project management

MindGenius

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

During this webinar, Anand Bagmar demonstrates how AI tools such as ChatGPT can be applied to various stages of the software development life cycle (SDLC) using an eCommerce application case study. Find the on-demand recording and more info at https://applitools.info/b59 Key takeaways: • Learn how to use ChatGPT to add AI power to your testing and test automation • Understand the limitations of the technology and where human expertise is crucial • Gain insight into different AI-based tools • Adopt AI-based tools to stay relevant and optimize work for developers and testers * ChatGPT and OpenAI belong to OpenAI, L.L.C.

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

Applitools

12 Ways to Increase Your Influence at Work

GetSmarter

Featured (20)

Product Design Trends in 2024 | Teenage Engineerings

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

Skeleton Culture Code

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

12 Ways to Increase Your Influence at Work

Obfuscating Transformations for Decompilation Resistant Java (designed for a non-specialist audience)

1. 0 1 0 0 0 0 1 1 0 1 1 0 0 0 1 0 0 1 1 0 1 0 1 0 0 1 0 1 0 1 0 1 Obfuscating Transformations 1 0 0 1 for Decompilation Resistant 04/28/09 Java James Hamilton 0 0 0 1 1 1 0 1

2. computer programs computer programs are written in an English-like language, by a programmer, known as source code many programming languages exist, for different purposes, for example Java public class SimpleProgram { public static void main(String[] args) { System.out.println(quot;Helloquot;); } } source code is transformed into executable computer instructions by a compiler 000101010101010110111111010110110 010100101101010110101010101010100 101001010101010101010101010111111 101001000000010101010101010101010 101001010101111111101010101110001 2

3. understanding computer programs source code public class SimpleProgram { public static void main(String[] args) { System.out.println(quot;Helloquot;); } } easy to understand executable code 000101010101010110111111010110110 010100101101010110101010101010100 101001010101010101010101010111111 101001000000010101010101010101010 101001010101111111101010101110001 hard to understand 3

4. stealing computer programs software companies sell the executable version of their program but keep the source code secret software theives want the source code to change and re-sell 000101010101010110111111010110110 010100101101010110101010101010100 101001010101010101010101010111111 101001000000010101010101010101010 101001010101111111101010101110001 software software company theif 4

5. stealing computer programs by decompilation software theives may attempt to decompile an executable program to access the source code software software company theif 5

6. protecting computer programs using code obfuscation software companies may obscure their programs to protect from decompilation software thieves find it difficult to understand and decompile programs 00010101010101!&^%&01111010110110 010^%$£&&$101011010101010£$%$£00 10100101$£%£$^$%&!£*)(*^&$%£”01111 10%$&%£$000010101010^&%!10101010 10100101$”$&^**^%%((!$1010^01110001 software software company thief 6

7. stealing obfuscated programs using program slicing software thieves may slice programs to remove obscurities and reveal only the useful parts software software company thief 7

8. protecting obfuscated programs from program slicing software companies must make sure the obfuscations cover all sections of code, without leaving useful sections for software thieves to find obfuscations must be hard to detect and remove software thieves will have trouble finding useful code $%$^%^*&(%$£^%$^$%^$%£”£!!”$(*&^% !££%$£^%^*”£$”&%^*”($£”$)^**%*$*%£$! £^*£&!£”)%($%&£&$%(!£*(!£*!(£*!$£&%!!! “£$”£$&£”!!”£!*($£!**££I£^*%£”*(&^*^(&*% !^$£$*(!!(£!)(*£^£!!””!!!!!!£%^&^$££$”””£”$$ software software company thief 8

9. research questions ➢ what obfuscations can be applied to computer programs to hinder decompilation and software theft? ➢ how effective are such obfuscations against attacks? ➢ what are the ways in which adversaries could attack such obfuscations? ➢ how can we use this knowledge to create secure programs? software software company thief 9

10. questions? 10

Obfuscating Transformations for Decompilation Resistant Java (designed for a non-specialist audience)

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Obfuscating Transformations for Decompilation Resistant Java (designed for a non-specialist audience)