Research And Implementation Of Code Obfuscation Technology And Support System For White-Box Security

With the computer and electronic equipment playing an increasingly important role inmodern life, the value of content and services deployed on these devices also growsexponentially, and therefore more and more hackers pay attention on it. Because the attackercan monitor all details, at the same time, they can completely control all aspects of systemsand applications, so the threat of attack of the white box is rapidly rising and evolving, how toprotect the core algorithm and confidential data in the software has become a focus ofattention.Code obfuscation technology is a software protection technology for white-box securitydeveloped over the past decade. Code obfuscation which transforms one program into anothernew functionally equivalent program can hide the operating mechanism and function in theprogram. The new program is more ambiguity and more difficult to understand andimplement reverse engineering compared to the original program. Control flow obfuscationtechnology that researched in this paper has higher confusion intensity and concealment, but itwill increase the program execution cost in time and space at the same time. This paperpresents a control flow obfuscation method based on parametric decomposition tree, whichuses the formal methods to describe the control structure of the code and implements formalcode equivalent transformation rules for obfuscating code in the condition of retainingsemantic. It can dynamically adjust the transform method to make the code update constantlyto solve the problem of aging and resolve the contradiction between confusion intensity andcost through control of the parameters.In addition, in order to verify the correctness and feasibility of the algorithm, based onthe theories and methods of code obfuscation for white-box attack, the paper designs anddevelops the support environment and tools to support the user to transform own source codeand resistance to the reverse analysis. Finally, by many functional testing and performanceanalysis experiments, the system was validated in correctness, performance overload, andeffectiveness.The theoretical analysis and experimental results show that the proposed codeobfuscation algorithm has good confusion, but need further research and practice frompractical applications.