An in-house development team in your organization is tasked to develop a new information system. As a software developer, which of the following is the best tool to protect the intellectual property of codes?
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Obfuscator.
Obfuscation is a technique of software protection against code comprehension, code tampering, and unauthorized reverse-engineering. It’s a technique of security through obscurity and does not require any inverse transformation as encryption does. Reverse-engineering typically uses disassemblers or de-compiler to transform executable machine code into human-readable code.
In software development, obfuscation is the deliberate act of creating source or machine code that is difficult for humans to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose (security through obscurity) or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even to create a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.
However, obfuscation deters attacks only. After spending enough time to inspect the obfuscated code, a determined attacker might crack the program. As a result, obfuscation typically is complemented by other protection approaches, such as code replacement/update, code tampering detection, protections updating (by that the attackers get a limited amount of time to complete their objective), etc.
Obfuscation methods include:
- code re-ordering
- transformation to replace meaningful identifier names in the original code with meaningless random names (identifier renaming)
- junk code insertions
- unconditional jumps
- conditional jumps
- transparent branch insertion
- variable reassigning
- random dead code
- merge local integers
- string encoding
- generation of bogus middle level code
- suppression of constants
- meshing of control flows
Source: Behera and Bhaskari
- Linker (computing)
- Address space layout randomization
- Obfuscation (software)
- Different Obfuscation Techniques for Code Protection
- Top Seven Source Code Obfuscation Techniques to Protect Code
- Predicting Program Properties from ‘Big Code’
- What is Code Obfuscation?
- Obfuscation and diversification for securing the internet of things (IoT)
- ReSharper 2017.3 brings the debugger into the editor
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
A. 編譯器 (Compiler)
B. 混淆器 (Obfuscator)
C. 除錯器 (Debugger)
D. 鏈接器 (Linker)