Diversification and Obfuscation Techniques for Software Security: a Systematic Literature Review

Shohreh Hosseinzadeh, Sampsa Rauti, Samuel Laurén, Jari Matti Mäkelä, Johannes Holvitie, Sami Hyrynsalmi, Ville Leppänen

    Research output: Contribution to journalReview Articlepeer-review

    17 Citations (Scopus)
    419 Downloads (Pure)

    Abstract

    Abstract
    Context: Diversification and obfuscation are promising techniques for securing software and protecting computers from harmful malware. The goal of these techniques is not removing the security holes, but making it difficult for the attacker to exploit security vulnerabilities and perform successful attacks.

    Objective: There is an increasing body of research on the use of diversification and obfuscation techniques for improving software security; however, the overall view is scattered and the terminology is unstructured. Therefore, a coherent review gives a clear statement of state-of-the-art, normalizes the ongoing discussion and provides baselines for future research.

    Method: In this paper, systematic literature review is used as the method of the study to select the studies that discuss diversification/obfuscation techniques for improving software security. We present the process of data collection, analysis of data, and report the results.

    Results: As the result of the systematic search, we collected 357 articles relevant to the topic of our interest, published between the years 1993 and 2017. We studied the collected articles, analyzed the extracted data from them, presented classification of the data, and enlightened the research gaps.

    Conclusion: The two techniques have been extensively used for various security purposes and impeding various types of security attacks. There exist many different techniques to obfuscate/diversify programs, each of which targets different parts of the programs and is applied at different phases of software development life-cycle. Moreover, we pinpoint the research gaps in this field, for instance that there are still various execution environments that could benefit from these two techniques, including cloud computing, Internet of Things (IoT), and trusted computing. We also present some potential ideas on applying the techniques on the discussed environments.
    Original languageEnglish
    Pages (from-to)72-93
    Number of pages22
    JournalInformation and Software Technology
    Volume104
    Early online date10 Jul 2018
    DOIs
    Publication statusPublished - Dec 2018
    Publication typeA2 Review article in a scientific journal

    Publication forum classification

    • Publication forum level 3

    Fingerprint

    Dive into the research topics of 'Diversification and Obfuscation Techniques for Software Security: a Systematic Literature Review'. Together they form a unique fingerprint.

    Cite this