Abstract

Android bytecode is easy to reverse engineer. It has been a common practice for Android application developers to protect their applications with obfuscation techniques. Control flow obfuscation aims to make it more difficult to determine the actual application control flows and thereby impede the understanding of the application logic by the attacker. Despite of the strong potency (i.e., high complexity increment), control flow obfuscation usually incurs a large overhead due to the call and return instructions inserted, which makes the application developer reluctant to use it in practice. In this paper, we present a pragmatic control-flow obfuscation approach where the application developer has more freedom to customize the trade-off between the achieved complexity and overhead. A new subset of application methods will be obfuscated by using a combination of packed-switch and try-catch constructs in different rounds, and larger methods are obfuscated by creating more code fragments in earlier rounds. After each round, the complexity increment will be automatically calculated using our implemented cyclomatic complexity based metric and checked against the target complexity increment. In other words, the obfuscation is conducted in a progressive manner until the target complexity increment is reached. The experimental results show that our method incurs averaged area overhead of 4.07% while achieving almost double complexity increment than the existing method when the same number of application methods are obfuscated.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.