On Entropy Measures for Code Obfuscation

The purpose of this paper is to introduce a further measurement for software obfuscation, in particular observing that many important obfuscation transformations increase the uncertainty an attacker has about the program behavior, uncertainty modeled by the entropy of the program traces or the nodes under execution. The transformations considered in this paper are unknown opaque predicates insertions or unknown dispatcher insertions, where the latter are an extension of the if-else statements of unknown opaque predicates to switch-case statements. Consequences of modeling obfuscation as an increase of entropy can be simple guidelines to obtain potent transformations at low cost and the explanation of existing transformations effectiveness. We present a program transformation algorithm based on the latter observations.