Diversification and obfuscation techniques for software security: A systematic literature review

Tietueen suppeat tiedot
dc.contributor.authorShohreh Hosseinzadeh
dc.contributor.authorSampsa Rauti
dc.contributor.authorSamuel Laurén
dc.contributor.authorJari-Matti Mäkelä
dc.contributor.authorJohannes Holvitie
dc.contributor.authorSami Hyrynsalmi
dc.contributor.authorVille Leppänen
dc.contributor.organizationfi=ohjelmistotekniikka|en=Software Engineering|
dc.contributor.organizationfi=tietojenkäsittelytiede|en=Computer Science|
dc.contributor.organization-code1.2.246.10.2458963.20.71310837563
dc.contributor.organization-code2606803
dc.contributor.organization-code2606804
dc.converis.publication-id35555656
dc.converis.urlhttps://research.utu.fi/converis/portal/Publication/35555656
dc.date.accessioned2022-10-27T11:54:03Z
dc.date.available2022-10-27T11:54:03Z
dc.description.abstract<p>Context: Diversification and obfuscation are promising techniques for securing software and protecting computers from harmful malware. The goal of these techniques is not removing the security holes, but making it difficult for the attacker to exploit security vulnerabilities and perform successful attacks.<br /><br />Objective: There is an increasing body of research on the use of diversification and obfuscation techniques for improving software security; however, the overall view is scattered and the terminology is unstructured. Therefore, a coherent review gives a clear statement of state-of-the-art, normalizes the ongoing discussion and provides baselines for future research.<br /><br />Method: In this paper, systematic literature review is used as the method of the study to select the studies that discuss diversification/obfuscation techniques for improving software security. We present the process of data collection, analysis of data, and report the results.<br /><br />Results: As the result of the systematic search, we collected 357 articles relevant to the topic of our interest, published between the years 1993 and 2017. We studied the collected articles, analyzed the extracted data from them, presented classification of the data, and enlightened the research gaps.<br /><br />Conclusion: The two techniques have been extensively used for various security purposes and impeding various types of security attacks. There exist many different techniques to obfuscate/diversify programs, each of which targets different parts of the programs and is applied at different phases of software development life-cycle. Moreover, we pinpoint the research gaps in this field, for instance that there are still various execution environments that could benefit from these two techniques, including cloud computing, Internet of Things (IoT), and trusted computing. We also present some potential ideas on applying the techniques on the discussed environments.<br /></p>
dc.format.pagerange72
dc.format.pagerange93
dc.identifier.eissn1873-6025
dc.identifier.jour-issn0950-5849
dc.identifier.olddbid172672
dc.identifier.oldhandle10024/155766
dc.identifier.urihttps://www.utupub.fi/handle/11111/30523
dc.identifier.urlhttps://www.sciencedirect.com/science/article/pii/S0950584918301484
dc.identifier.urnURN:NBN:fi-fe2021042719626
dc.language.isoen
dc.okm.affiliatedauthorHosseinzadeh, Shohreh
dc.okm.affiliatedauthorRauti, Sampsa
dc.okm.affiliatedauthorLauren, Samuel
dc.okm.affiliatedauthorMäkelä, Jari-Matti
dc.okm.affiliatedauthorHolvitie, Johannes
dc.okm.affiliatedauthorLeppänen, Ville
dc.okm.discipline113 Computer and information sciencesen_GB
dc.okm.discipline113 Tietojenkäsittely ja informaatiotieteetfi_FI
dc.okm.internationalcopublicationnot an international co-publication
dc.okm.internationalityInternational publication
dc.okm.typeA2 Scientific Article
dc.publisherElsevier B.V.
dc.publisher.countryUnited Kingdomen_GB
dc.publisher.countryBritanniafi_FI
dc.publisher.country-codeGB
dc.relation.doi10.1016/j.infsof.2018.07.007
dc.relation.ispartofjournalInformation and Software Technology
dc.relation.volume104
dc.source.identifierhttps://www.utupub.fi/handle/10024/155766
dc.titleDiversification and obfuscation techniques for software security: A systematic literature review
dc.year.issued2018

Tiedostot

Näytetään 1 - 1 / 1
Name:
1-s2.0-S0950584918301484-main.pdf
Size:
2 MB
Format:
Adobe Portable Document Format
Description:
Publisher's PDF
Lataa

Kokoelmat

Rinnakkaistallenteet