程序混淆的安全性探讨

The security of program obfuscation: a review

对程序代码进行混淆是一种重要的防止端侧软件遭受逆向攻击的技术,它的原理是通过等价语义变换的方法将程序代码转化成为难以理解的版本。因为,该方法非常易用,在电脑软件和手机软件上获得了广泛的应用。然而,作为一种安全防御技术,它难以像其它安全机制一样提供高强度的安全保护。文章是一篇针对程序混淆的安全性进行探讨的综述文章,首先从混淆强度和抗逆混淆能力的角度探讨常用混淆技术的安全性局限,之后介绍以函数加密为代表的程序混淆理论的研究进展。

Program obfuscation transforms a program into unintelligible versions via semantic-equivalence transformation. It is an essential technique that protects client software against reverse engineering attacks and has been widely employed by computer and smartphone software due to its usability. However,commonly used obfuscation approaches cannot provide strong security property as other security mechanisms. This paper, therefore, discusses the security issue of obfuscation by surveying related work. It first discusses the security limitation of obfuscation techniques from the perspective of potency and anti-deobfuscation, and then it presents the theoretical research results about program obfuscation,especially as a functional encryption problem.