Effective and efficient Java‐type obfuscation

Abstract

SummaryTo protect valuable assets embedded in software against reverse‐engineering attacks, software obfuscations aim at raising the apparent complexity of programs and at removing information that is useful for attackers. In this work, we propose to combine five transformations that obfuscate the type hierarchy of Java applications and eliminate much of the type information that can be inferred from the Java bytecode. We rely on some existing algorithms, present adaptations, and introduce new algorithms for some of the transformations, which are all made available in an open‐source prototype implementation ready for take‐up. We present an extensive experimental evaluation on benchmarks of real‐world complexity, using complementary metrics that cover the protection strength against both human and tool‐based reverse‐engineering attack methods. The results indicate that the obfuscation is effective as well as much more efficient than the previous state of the art. For the first time, this makes these obfuscations practically viable in real‐world deployment scenarios.