The number of online devices is growing at a high rate. These devices can be smartphones, tablets, desktops and servers, but also devices in the Internet of Things, medical equipment, etc. These devices provide functionality that have become essential to our society, to our economy and for our well-being. The more devices are put onine, the more attractive they become to be attacked, especially when they process confidential data. One way to prevent attacks from being executed, or at least to make them harder to be executed, is by using software protections: techniques by which the software running on those devices is transformed to protect them against improper use.
However, a major shortcoming of most techniques is that they only protect against static attacks: attacks in which the software is analysed without executing it. They are very weak against dynamic attacks, where the software is executed. Recent work showed that even some of the most complex protection techniques can be easily removed in an automated way by using such dynamic attacks.
This research aims to develop novel, strong and against dynamic attacks resistant, obfuscations. We do this in two ways. On the one hand, we develop techniques to exploit the properties of code fragments already present in the original program. We will use these properties to implement the protections. On the other hand, we develop a meta-API to enable the introduction of more complex and global protections.