Roberto Fellin and Mariano Ceccato

Experimental assessment of xor-masking data obfuscation based on k-clique opaque constants


Data obfuscations are program transformations used to complicate program understanding and conceal actual values of program variables. The possibility to hide constant values is a basic building block of several obfuscation techniques. In XOR-Masking, a constant mask is used to obfuscate data, but this mask must be hidden too, in order to keep the obfuscation resilient to attacks.

In this paper, we present a novel extension of XOR-Masking where the mask is an opaque constant, i.e. a value that is difficult to guess by static analysis. In fact, opaque constants are constructed such that static analysis should solve the k-clique problem, which is known to be NP-complete, to identify the mask value.

In our experimental assessment we apply obfuscation to 12 real Java applications. We observe that obfuscation does not alter the program correctness and we record performance overhead due to obfuscation, in terms of execution time and memory consumption.

Link to the paper.