Obfuscation using Encryption
This addresses the issue of source code theft and reverse engineering for developers and organizations, though it appears incremental as it builds on existing obfuscation techniques.
The paper tackles the problem of protecting confidential source code during computation on untrusted parties by introducing a method that modifies code with adjustable performance and security, ranging from indistinguishability obfuscation to ordinary obfuscation, and evaluation shows it effectively preserves confidentiality.
Protecting source code against reverse engineering and theft is an important problem. The goal is to carry out computations using confidential algorithms on an untrusted party while ensuring confidentiality of algorithms. This problem has been addressed for Boolean circuits known as `circuit privacy'. Circuits corresponding to real-world programs are impractical. Well-known obfuscation techniques are highly practicable, but provide only limited security, e.g., no piracy protection. In this work, we modify source code yielding programs with adjustable performance and security guarantees ranging from indistinguishability obfuscators to (non-secure) ordinary obfuscation. The idea is to artificially generate `misleading' statements. Their results are combined with the outcome of a confidential statement using encrypted \emph{selector variables}. Thus, an attacker must `guess' the encrypted selector variables to disguise the confidential source code. We evaluated our method using more than ten programmers as well as pattern mining across open source code repositories to gain insights of (micro-)coding patterns that are relevant for generating misleading statements. The evaluation reveals that our approach is effective in that it successfully preserves source code confidentiality.