Skip to main content
SpringerLink
Log in

A Software Engineering Methodology for Developing Secure Obfuscated Software

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2019)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 70))

Included in the following conference series:

Abstract

We propose a methodology to conciliate two apparently contradictory processes in the development of secure obfuscated software and good software engineered software. Our methodology consists first in the system designers defining the type of security level required for the software. There are four types of attackers: casual attackers, hackers, institution attack, and government attack. Depending on the level of threat, the methodology we propose uses five or six teams to accomplish this task. One Software Engineer Team and one or two Software Obfuscation Teams, and Compiler Team. These four teams will develop and compile the secure obfuscated software. A Code Breakers Team will test the results of the previous teams to see if the software is not broken at the required security level, and an Intrusion Analysis Team will analyze the results of the Code Breakers Team and propose solutions to the development teams to prevent the detected intrusions. We present also an analytical model to prove that our methodology is no only easier to use, but generates an economical way of producing secure obfuscated software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alliance, A.: What is Agile Software Development? (June 2013)

    Google Scholar 

  2. Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more (2013). http://eprint.iacr.org/2013/454.pdf

  3. Sahai, A., et al.: Candidate indistinguishability obfuscation and functional encryption for all circuits (2013). http://eprint.iacr.org/2013/451.pdf

  4. Aucsmith, D.: Tamper resistant software: an implementation. In: Proceedings of the 1st International Information Hiding Workshop (IHW), Cambridge, U.K., pp. 317–333. Springer LNCS 1174 (1996)

    Google Scholar 

  5. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the impossibility of obfuscating programs. In: Advances in Cryptology–Crypto 2001, pp. 1–18. Springer LNCS 2139 (2001)

    Google Scholar 

  6. Beck, K., et al.: Manifesto for Agile Software Development. Agile Alliance. Retrieved 14 June 2010 (2001)

    Google Scholar 

  7. Bernat, A.R., Roundy, K.A., Miller, B.P.: Efficient, sensitivity resistant binary instrumentation. In: International Symposium on Software Testing and Analysis (ISSTA), Toronto, Canada (2011)

    Google Scholar 

  8. Jones, C.: Software Engineering Best Practices: Lessons from Successful Projects in the Top Companies. McGraw-Hill (2010)

    Google Scholar 

  9. Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations. Technical Report 148, Dept. Computer Science, University of Auckland (July 1997)

    Google Scholar 

  10. Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of the Symposium on Principles of Programming Languages (POPL ′98), (Jan 1998)

    Google Scholar 

  11. Collberg, C.: Surreptitious software exercise, attacks, breaking on system functions. Department of Computer Science, University of Arizona, February 26 (2014)

    Google Scholar 

  12. Dmoz.org: Open Directory - Computers: Programming: Component Frameworks: .NET: Tools: Obfuscators, 2007-01-02. Retrieved 2013-11-25 (2007)

    Google Scholar 

  13. Dmoz.org: Open Directory - Computers: Programming: Languages: Java: Development Tools: Obfuscators, 2013-04-09. Retrieved 2013-11-25 (2013)

    Google Scholar 

  14. Dmoz.org: Open Directory - Computers: Programming: Languages: JavaScript: Tools: Obfuscators, 2013-08-03. Retrieved 2013-11-25 (2013)

    Google Scholar 

  15. Dmoz.org: Open Directory - Computers: Programming: Languages: PHP: Development Tools: Obfuscation and Encryption, 2013-09-19. Retrieved 2013-11-25 (2013)

    Google Scholar 

  16. dreamincode.net: A Simple Introduction to Obfuscated Code. http://www.dreamincode.net/forums/topic/38102-obfuscated-code-a-simple-introduction/. Posted 25 November 2007

  17. Martin, F., Beck, K., Brant, J., Opdyke, W., Roberts, D.: Refactoring: Improving the Design of Existing Code. Boch Jacobson Rumbaugh (1999)

    Google Scholar 

  18. Humphrey, W.: The Team Software Process (PDF). Software Engineering Institute (Nov 2000)

    Google Scholar 

  19. IBM: Best practices for software development projects. http://www.ibm.com/developerworks/websphere/library/techarticles/0306_perks/perks2.html. Accessed 10 August 2006

  20. Kenter, A.: Obfuscation. http://www.kenter.demon.nl/obfuscate.html. Visited 18 August 2015

  21. Roundy, K.A., Miller, B.P.: Binary-Code Obfuscations in Prevalent Packer Tools (Sep 2011). http://ftp.cs.wisc.edu/pub/paradyn/papers/Roundy12Packers.pdf

    Google Scholar 

  22. Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Conference on Computer and Communications Security. Washington, DC (2003)

    Google Scholar 

  23. Mateas, M., Montfort, N.: A box, darkly: obfuscation, weird languages, and code aesthetics. In: Proceedings of the 6th Digital Arts and Culture Conference, IT University of Copenhagen, pp. 144–153, 1–3 December 2005

    Google Scholar 

  24. McConnell, S.: Code Complete: A Practical Handbook of Software Construction, 2nd edn, Microsoft (2004)

    Google Scholar 

  25. Microsoft: Crypto Obfuscator For.Net, version 2013.2, updated 7/25/2013

    Google Scholar 

  26. MIL-STD-498: Military Standard: Software Development And Documentation, United States Department of Defense (5 Dec 1994)

    Google Scholar 

  27. Oxagile.com: Waterfall software development model (Feb 2014). http://www.oxagile.com/company/blog/the-waterfall-model/

  28. Patterson, D., Fox, A.: Engineering software as a service: an agile approach using cloud computing. Strawberry Canyon LLC (2013)

    Google Scholar 

  29. Pressman, R.S., Maxim, B.R.: Software Engineering: A Practitioner’s Approach, 8th edn, McGraw Hill (2014)

    Google Scholar 

  30. Somerville, I.: Software Engineering, 9th edn, Addison-Wesley (2011)

    Google Scholar 

  31. Chick, T.A., et al.: Team Software Process (TSP) Coach Mentoring Program Guidebook Version 1.1. Software Engineering Institute, Report CMU/SEI-2010-SR-016 (2010)

    Google Scholar 

  32. Ogiso, T., Sakabe, Y., Soshi, M., Miyaji, A.: Software obfuscation on a theoretical basis and its implementation. IEEE Trans. Fundam. Electron. Commun. Comput. Sci., 176–186 (Jan 2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universidad Autónoma de Coahuila, Arteaga, Mexico

    Carlos Gonzalez & Ernesto Liñan

Authors
  1. Carlos Gonzalez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ernesto Liñan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carlos Gonzalez .

Editor information

Editors and Affiliations

  1. Faculty of Science and Engineering, Saga University, Saga, Japan

    Kohei Arai

  2. The Science and Information (SAI) Organization, Bradford, UK

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gonzalez, C., Liñan, E. (2020). A Software Engineering Methodology for Developing Secure Obfuscated Software. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_72

Download citation

Publish with us

Policies and ethics

Search

Navigation