Advertisement

A Software Engineering Methodology for Developing Secure Obfuscated Software

  • Carlos GonzalezEmail author
  • Ernesto Liñan
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 70)

Abstract

We propose a methodology to conciliate two apparently contradictory processes in the development of secure obfuscated software and good software engineered software. Our methodology consists first in the system designers defining the type of security level required for the software. There are four types of attackers: casual attackers, hackers, institution attack, and government attack. Depending on the level of threat, the methodology we propose uses five or six teams to accomplish this task. One Software Engineer Team and one or two Software Obfuscation Teams, and Compiler Team. These four teams will develop and compile the secure obfuscated software. A Code Breakers Team will test the results of the previous teams to see if the software is not broken at the required security level, and an Intrusion Analysis Team will analyze the results of the Code Breakers Team and propose solutions to the development teams to prevent the detected intrusions. We present also an analytical model to prove that our methodology is no only easier to use, but generates an economical way of producing secure obfuscated software.

Keywords

Secure software development Software engineering Development methodology 

References

  1. 1.
    Alliance, A.: What is Agile Software Development? (June 2013)Google Scholar
  2. 2.
    Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more (2013). http://eprint.iacr.org/2013/454.pdf
  3. 3.
    Sahai, A., et al.: Candidate indistinguishability obfuscation and functional encryption for all circuits (2013). http://eprint.iacr.org/2013/451.pdf
  4. 4.
    Aucsmith, D.: Tamper resistant software: an implementation. In: Proceedings of the 1st International Information Hiding Workshop (IHW), Cambridge, U.K., pp. 317–333. Springer LNCS 1174 (1996)Google Scholar
  5. 5.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the impossibility of obfuscating programs. In: Advances in Cryptology–Crypto 2001, pp. 1–18. Springer LNCS 2139 (2001) Google Scholar
  6. 6.
    Beck, K., et al.: Manifesto for Agile Software Development. Agile Alliance. Retrieved 14 June 2010 (2001)Google Scholar
  7. 7.
    Bernat, A.R., Roundy, K.A., Miller, B.P.: Efficient, sensitivity resistant binary instrumentation. In: International Symposium on Software Testing and Analysis (ISSTA), Toronto, Canada (2011)Google Scholar
  8. 8.
    Jones, C.: Software Engineering Best Practices: Lessons from Successful Projects in the Top Companies. McGraw-Hill (2010)Google Scholar
  9. 9.
    Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations. Technical Report 148, Dept. Computer Science, University of Auckland (July 1997)Google Scholar
  10. 10.
    Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of the Symposium on Principles of Programming Languages (POPL ′98), (Jan 1998)Google Scholar
  11. 11.
    Collberg, C.: Surreptitious software exercise, attacks, breaking on system functions. Department of Computer Science, University of Arizona, February 26 (2014)Google Scholar
  12. 12.
    Dmoz.org: Open Directory - Computers: Programming: Component Frameworks: .NET: Tools: Obfuscators, 2007-01-02. Retrieved 2013-11-25 (2007)Google Scholar
  13. 13.
    Dmoz.org: Open Directory - Computers: Programming: Languages: Java: Development Tools: Obfuscators, 2013-04-09. Retrieved 2013-11-25 (2013)Google Scholar
  14. 14.
    Dmoz.org: Open Directory - Computers: Programming: Languages: JavaScript: Tools: Obfuscators, 2013-08-03. Retrieved 2013-11-25 (2013)Google Scholar
  15. 15.
    Dmoz.org: Open Directory - Computers: Programming: Languages: PHP: Development Tools: Obfuscation and Encryption, 2013-09-19. Retrieved 2013-11-25 (2013)Google Scholar
  16. 16.
    dreamincode.net: A Simple Introduction to Obfuscated Code. http://www.dreamincode.net/forums/topic/38102-obfuscated-code-a-simple-introduction/. Posted 25 November 2007
  17. 17.
    Martin, F., Beck, K., Brant, J., Opdyke, W., Roberts, D.: Refactoring: Improving the Design of Existing Code. Boch Jacobson Rumbaugh (1999)Google Scholar
  18. 18.
    Humphrey, W.: The Team Software Process (PDF). Software Engineering Institute (Nov 2000)Google Scholar
  19. 19.
    IBM: Best practices for software development projects. http://www.ibm.com/developerworks/websphere/library/techarticles/0306_perks/perks2.html. Accessed 10 August 2006
  20. 20.
    Kenter, A.: Obfuscation. http://www.kenter.demon.nl/obfuscate.html. Visited 18 August 2015
  21. 21.
    Roundy, K.A., Miller, B.P.: Binary-Code Obfuscations in Prevalent Packer Tools (Sep 2011). http://ftp.cs.wisc.edu/pub/paradyn/papers/Roundy12Packers.pdfGoogle Scholar
  22. 22.
    Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Conference on Computer and Communications Security. Washington, DC (2003)Google Scholar
  23. 23.
    Mateas, M., Montfort, N.: A box, darkly: obfuscation, weird languages, and code aesthetics. In: Proceedings of the 6th Digital Arts and Culture Conference, IT University of Copenhagen, pp. 144–153, 1–3 December 2005Google Scholar
  24. 24.
    McConnell, S.: Code Complete: A Practical Handbook of Software Construction, 2nd edn, Microsoft (2004)Google Scholar
  25. 25.
    Microsoft: Crypto Obfuscator For.Net, version 2013.2, updated 7/25/2013Google Scholar
  26. 26.
    MIL-STD-498: Military Standard: Software Development And Documentation, United States Department of Defense (5 Dec 1994)Google Scholar
  27. 27.
    Oxagile.com: Waterfall software development model (Feb 2014). http://www.oxagile.com/company/blog/the-waterfall-model/
  28. 28.
    Patterson, D., Fox, A.: Engineering software as a service: an agile approach using cloud computing. Strawberry Canyon LLC (2013)Google Scholar
  29. 29.
    Pressman, R.S., Maxim, B.R.: Software Engineering: A Practitioner’s Approach, 8th edn, McGraw Hill (2014)Google Scholar
  30. 30.
    Somerville, I.: Software Engineering, 9th edn, Addison-Wesley (2011)Google Scholar
  31. 31.
    Chick, T.A., et al.: Team Software Process (TSP) Coach Mentoring Program Guidebook Version 1.1. Software Engineering Institute, Report CMU/SEI-2010-SR-016 (2010)Google Scholar
  32. 32.
    Ogiso, T., Sakabe, Y., Soshi, M., Miyaji, A.: Software obfuscation on a theoretical basis and its implementation. IEEE Trans. Fundam. Electron. Commun. Comput. Sci., 176–186 (Jan 2003)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Universidad Autónoma de CoahuilaArteagaMexico

Personalised recommendations