Abstract
We propose a methodology to conciliate two apparently contradictory processes in the development of secure obfuscated software and good software engineered software. Our methodology consists first in the system designers defining the type of security level required for the software. There are four types of attackers: casual attackers, hackers, institution attack, and government attack. Depending on the level of threat, the methodology we propose uses five or six teams to accomplish this task. One Software Engineer Team and one or two Software Obfuscation Teams, and Compiler Team. These four teams will develop and compile the secure obfuscated software. A Code Breakers Team will test the results of the previous teams to see if the software is not broken at the required security level, and an Intrusion Analysis Team will analyze the results of the Code Breakers Team and propose solutions to the development teams to prevent the detected intrusions. We present also an analytical model to prove that our methodology is no only easier to use, but generates an economical way of producing secure obfuscated software.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alliance, A.: What is Agile Software Development? (June 2013)
Sahai, A., Waters, B.: How to use indistinguishability obfuscation: deniable encryption, and more (2013). http://eprint.iacr.org/2013/454.pdf
Sahai, A., et al.: Candidate indistinguishability obfuscation and functional encryption for all circuits (2013). http://eprint.iacr.org/2013/451.pdf
Aucsmith, D.: Tamper resistant software: an implementation. In: Proceedings of the 1st International Information Hiding Workshop (IHW), Cambridge, U.K., pp. 317–333. Springer LNCS 1174 (1996)
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the impossibility of obfuscating programs. In: Advances in Cryptology–Crypto 2001, pp. 1–18. Springer LNCS 2139 (2001)
Beck, K., et al.: Manifesto for Agile Software Development. Agile Alliance. Retrieved 14 June 2010 (2001)
Bernat, A.R., Roundy, K.A., Miller, B.P.: Efficient, sensitivity resistant binary instrumentation. In: International Symposium on Software Testing and Analysis (ISSTA), Toronto, Canada (2011)
Jones, C.: Software Engineering Best Practices: Lessons from Successful Projects in the Top Companies. McGraw-Hill (2010)
Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations. Technical Report 148, Dept. Computer Science, University of Auckland (July 1997)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Proceedings of the Symposium on Principles of Programming Languages (POPL ′98), (Jan 1998)
Collberg, C.: Surreptitious software exercise, attacks, breaking on system functions. Department of Computer Science, University of Arizona, February 26 (2014)
Dmoz.org: Open Directory - Computers: Programming: Component Frameworks: .NET: Tools: Obfuscators, 2007-01-02. Retrieved 2013-11-25 (2007)
Dmoz.org: Open Directory - Computers: Programming: Languages: Java: Development Tools: Obfuscators, 2013-04-09. Retrieved 2013-11-25 (2013)
Dmoz.org: Open Directory - Computers: Programming: Languages: JavaScript: Tools: Obfuscators, 2013-08-03. Retrieved 2013-11-25 (2013)
Dmoz.org: Open Directory - Computers: Programming: Languages: PHP: Development Tools: Obfuscation and Encryption, 2013-09-19. Retrieved 2013-11-25 (2013)
dreamincode.net: A Simple Introduction to Obfuscated Code. http://www.dreamincode.net/forums/topic/38102-obfuscated-code-a-simple-introduction/. Posted 25 November 2007
Martin, F., Beck, K., Brant, J., Opdyke, W., Roberts, D.: Refactoring: Improving the Design of Existing Code. Boch Jacobson Rumbaugh (1999)
Humphrey, W.: The Team Software Process (PDF). Software Engineering Institute (Nov 2000)
IBM: Best practices for software development projects. http://www.ibm.com/developerworks/websphere/library/techarticles/0306_perks/perks2.html. Accessed 10 August 2006
Kenter, A.: Obfuscation. http://www.kenter.demon.nl/obfuscate.html. Visited 18 August 2015
Roundy, K.A., Miller, B.P.: Binary-Code Obfuscations in Prevalent Packer Tools (Sep 2011). http://ftp.cs.wisc.edu/pub/paradyn/papers/Roundy12Packers.pdf
Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Conference on Computer and Communications Security. Washington, DC (2003)
Mateas, M., Montfort, N.: A box, darkly: obfuscation, weird languages, and code aesthetics. In: Proceedings of the 6th Digital Arts and Culture Conference, IT University of Copenhagen, pp. 144–153, 1–3 December 2005
McConnell, S.: Code Complete: A Practical Handbook of Software Construction, 2nd edn, Microsoft (2004)
Microsoft: Crypto Obfuscator For.Net, version 2013.2, updated 7/25/2013
MIL-STD-498: Military Standard: Software Development And Documentation, United States Department of Defense (5 Dec 1994)
Oxagile.com: Waterfall software development model (Feb 2014). http://www.oxagile.com/company/blog/the-waterfall-model/
Patterson, D., Fox, A.: Engineering software as a service: an agile approach using cloud computing. Strawberry Canyon LLC (2013)
Pressman, R.S., Maxim, B.R.: Software Engineering: A Practitioner’s Approach, 8th edn, McGraw Hill (2014)
Somerville, I.: Software Engineering, 9th edn, Addison-Wesley (2011)
Chick, T.A., et al.: Team Software Process (TSP) Coach Mentoring Program Guidebook Version 1.1. Software Engineering Institute, Report CMU/SEI-2010-SR-016 (2010)
Ogiso, T., Sakabe, Y., Soshi, M., Miyaji, A.: Software obfuscation on a theoretical basis and its implementation. IEEE Trans. Fundam. Electron. Commun. Comput. Sci., 176–186 (Jan 2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Gonzalez, C., Liñan, E. (2020). A Software Engineering Methodology for Developing Secure Obfuscated Software. In: Arai, K., Bhatia, R. (eds) Advances in Information and Communication. FICC 2019. Lecture Notes in Networks and Systems, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-030-12385-7_72
Download citation
DOI: https://doi.org/10.1007/978-3-030-12385-7_72
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12384-0
Online ISBN: 978-3-030-12385-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)