The main goal of obfuscation is to make software difficult to analyze. Although obfuscation is one useful method to protect programs, the ability to analyze malware is greatly reduced if used for malicious purposes. T...
详细信息
The main goal of obfuscation is to make software difficult to analyze. Although obfuscation is one useful method to protect programs, the ability to analyze malware is greatly reduced if used for malicious purposes. The obfuscation technique is most applicable at the binary level, but it can also be applied at the sourcecode level. Although source-level techniques can be applied regardless of the target platform, these are often optimized and eliminated during compilation. However, when control-flow obfuscation is applied at the sourcecode level, removal is not possible. When applied for malicious purposes, the ability to analyze the sourcecode and compiled binary code is greatly reduced. To date, no research has presented a method that increases the readability of sourcecode or the ability to analyze compiled binaries via optimization at the source level. In this paper, we select a very powerful obfuscation tool that provides options, including control-flow obfuscation, at the source level. The result of our research is a tool that outputs optimized sourcecode and performs control-flow reconstruction as preprocessing, which increases readability even when control-flow obfuscation has been applied. The results also suggest an improvement in the ability to analyze binary code. As a result, more than 70% of the sourcecode can be optimized at the source level, and the control-flow graph can be serialized. The optimized sourcecode compiles more concise binary code even if no compiler optimizations are applied. Finally, the paper concludes by presenting the results of a module that prevents deobfuscation through code tampering (preventive obfuscation) at the sourcecode level.
The paper is devoted to codeoptimization techniques with respect to various criteria. codeoptimization is well studied for compiled languages;however, interpreted languages can also benefit when using optimization a...
详细信息
ISBN:
(纸本)9789897581892
The paper is devoted to codeoptimization techniques with respect to various criteria. codeoptimization is well studied for compiled languages;however, interpreted languages can also benefit when using optimization approaches. We provide a work in progress of how the codeoptimization can be effectively performed for the applications developed with the use of interpreted languages. Methods and techniques proposed in the paper rely on the use of formal models, and in particular state models. We propose some codeoptimization based on two different state models, namely weighted tree automata, and extended finite automata. The problem of extraction of such models is known to be hard, and in both cases we provide some recommendations of how such models can be derived for a code in an interpreted language. All the optimization techniques proposed in the paper are followed by corresponding illustrative examples.
This article is a summary of a study focusing on Artificial Intelligence (AI) based sourcecode analysis amidst the complexity of software development and rapidly evolving technological needs. The study evaluates anal...
详细信息
ISBN:
(数字)9783031700187
ISBN:
(纸本)9783031700170;9783031700187
This article is a summary of a study focusing on Artificial Intelligence (AI) based sourcecode analysis amidst the complexity of software development and rapidly evolving technological needs. The study evaluates analyses conducted to improve code quality, detect errors, and perform codeoptimization by examining the potential impacts of AI in software development processes. The time spent on research and experiments for detecting and resolving errors in the software development process has been a constant source of concern. In this context, the results of using unoptimized sourcecode often lead to outputs that directly affect complex and maintenance costs. The topic has been extensively addressed in the literature as a comprehensive subject known as AI, code Intelligence (CI), and Programming Language Processing (PLP) and has been the focus of various surveys and application studies. The article suggests that the use of AI could be a potential solution to increase efficiency and minimize errors in software development processes. In the study, two different AI tools, namely ChatGPT and Gemini, were used to address problem resolution. Two different models, GPT4 and Gemini, were included in the analysis process. JavaScript was the preferred language for obtaining sourcecode, which was sourced from the GitHub platform.
source code optimization enables developers to enhance programs at the human–computer interaction level, thereby improving development efficiency and product quality. With the rise of large language models (LLMs), fi...
详细信息
In modern society, software security has become an essential part of most software systems. As nowadays, new systems roll out more than ever, cybercriminals and unethical hackers tend to target those new systems to ab...
详细信息
ISBN:
(纸本)9781728130125
In modern society, software security has become an essential part of most software systems. As nowadays, new systems roll out more than ever, cybercriminals and unethical hackers tend to target those new systems to abuse and exploit its vulnerability to achieve a specific goal regardless of the consequences. Thus, validating software security is a challenging task and of crucial importance. The paper aims to find an optimal logical approach to test and validate software security through static analysis using regular expressions.
Writing high performance software requires the programmer to take advantage of multi-core processing. This can be done through tools like OpenMP, which allow the programmer to mark parallel loops. Identifying parallel...
详细信息
ISBN:
(纸本)9781509028252
Writing high performance software requires the programmer to take advantage of multi-core processing. This can be done through tools like OpenMP, which allow the programmer to mark parallel loops. Identifying parallelizable loops, however, is a non-trivial task. Furthermore, transformations can be applied to a loop nest to expose parallelism. Polyhedral compilation has become an increasingly popular technique for exposing parallelism in computationally intensive loop nests. These techniques can simultaneously optimize for a number of performance parameters (i.e. parallelism, locality, etc). This is typically done using a cost model designed to give good performance in the general case. For some problems, the compiler may miss optimization opportunities or even produce a transformation that leads to worse performance. In these cases, the user has little recourse, since there are few options for the user to affect the transformation decisions. In this paper we present PUMA-V, a visualization interface that helps the user understand and affect the transformations made by R-Stream, an industrial strength optimizing compiler based on the polyhedral model. This tool visualizes performance heuristics and runtime performance statistics to help the user identify missed optimization opportunities. Changes to the transformed code can be made by directly manipulating the visualizations. We show an example where performance is greatly improved over the polyhedral model alone by using our tool.
Over the past few decades, the ANSI C language has become one of the most popular test and measurement programming languages due to its power and flexibility. ANSI C applications can be optimized for improved performa...
详细信息
ISBN:
(纸本)9781424479597
Over the past few decades, the ANSI C language has become one of the most popular test and measurement programming languages due to its power and flexibility. ANSI C applications can be optimized for improved performance because of the developer's ability to have low level control through direct access to memory and hardware specific function calls. Although the ANSI C language provides low level control of application development resulting in the freedom to optimize sourcecode for improved execution performance, it can also lead to programming mistakes. Some examples of the most common ANSI C programming mistakes are syntax errors, incorrect array indexing, memory leaks and inefficient function implementation, which can cause sluggish execution speeds on deployed test systems. Unlike high-level language developers, ANSI C developers are challenged with the added responsibility of ensuring that low level details are handled appropriately in order to ensure that applications are reliable and stable. Modern tools are becoming available to help ANSI C developers face these challenges and, often, integrate directly into existing development environments. This paper examines how and why ANSI C developers commonly make programming mistakes related to syntax, memory allocation and inefficiencies in application sourcecode, and focuses on overcoming these challenges with modern development tools. Some of these modern ANSI C development tools include run-time debugging, resource tracking and run-time analysis and help to increase developer productivity and ensure the reliability of test systems.
Parallel programming has remained a topic of extensive research over the last few decades. With the advent of cluster computing, significant improvements in runtime performance can be achieved by parallelizing sequent...
详细信息
ISBN:
(纸本)1932415262
Parallel programming has remained a topic of extensive research over the last few decades. With the advent of cluster computing, significant improvements in runtime performance can be achieved by parallelizing sequential code. The process of parallelizing a serial program is however a labor-intensive and complex operation that involves limitations. This paper describes a software toolkit designed to assist the process of parallelizing sequential code by targeting those functions, subroutines, and loop computations that consume a major portion of the execution time. These time-consuming portions of the code are identified using static analysis as opposed to a more expensive dynamic analysis. The tool is designed to target sequential programs that are written in Fortran. In addition to other features, the tool includes a user-friendly interactive environment that gives feedback to the user regarding the potential bottlenecks in the sequential code. The toolkit has been designed using Perl, Tcl/Tk and uses Message Passing Interface (MPI) as the basis for interprocessor communication to maximize portability.
暂无评论