The Impact of Control Flow Obfuscation Technique on Software Protection Against Human Attacks

Software developers rely on obfuscation techniques for protecting their source code against reverse engineering attacks. Most of the obfuscation techniques are not based on well-defined measurements to clarify their effectiveness in protecting the source code from both dynamic and static analysis by human subjects. This paper presents an experimental technique towards the aim to provide an assessment tool that investigates the impact of control flow obfuscation on software protection against human attacks. The main objective is to estimate how the obfuscation prevents or limits the ability of the attacker to understand or comprehend and to alter or perform any modification on the source code. An experiment was designed to assess the capabilities of the control flow obfuscation technique with the opaque predicates in preventing or limiting the attacks on source code. As a result of the statistical analysis used in this paper, it is shown that the presence of obfuscation on source code increases seven times the difficulties for the attacker to successfully complete the understanding task. Also, the control flow obfuscation significantly reduces the capability of subjects to correctly perform the understanding tasks while there is no significant difference for modification tasks. Also, it is shown that the presence of obfuscation on source code increases the amount of time needed for subjects to alter or perform modification and understand the source code.