Friday, February 03, 2006 - Posts

Obfuscation: Algorithm or Process?

Is Obfuscation an algorithm or process? Just like encryption, obfuscation should not be viewed in terms of just an algorithm. The Encryption process requires key management, decryption, etc. Similarly, the obfuscation process should address issues such as debugging, patch management, distributed development, support and QA functions.
An obfuscation solution addresses all of these issues by embedding the obfuscation algorithm into a process that is itself integrated into the broader application development lifecycle. An obfuscation solution should include

  • An integrated and distributed “lucidator”
    • A lucidator can reverse much of the obfuscation process to support debugging. Of course it must be a secure process that cannot run outside of its environment or on unauthorized code. Integration with the obfuscator supports unit testing and distribution enables debugging and support outside of the developer community that uses the obfuscator.

  • Declarative obfuscation
    • Developers are able to markup their code using attributes that define the level of obfuscation to be applied at a granular level maximizing developer control.

  • Incremental obfuscation
    • Obfuscate patches ensuring that they can be applied in the field against previously obfuscated code.

  • Integration into your IDE
    • Managing and automating the obfuscation process within your common IDE simplifies and secures this process within the broader development lifecycle supporting continuous integration.
    Make sure that when you look for an obfuscator, you are really looking a complete obfuscation solution.
    posted Friday, February 03, 2006 10:20 AM by obfuscator