@CONFERENCE{CollbergThomborsonLow97c, AUTHOR = "Christian Collberg and Clark Thomborson and Douglas Low", TITLE = "Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs", MONTH = jan, YEAR = 1998, BOOKTITLE = "Principles of Programming Languages 1998, POPL'98", ADDRESS = "San Diego, CA", NOTE = "http://www.cs.auckland.ac.nz/$\sim$collberg/Research/Publications/CollbergThomborsonLow97c/index.html", URL = { CollbergThomborsonLow97c }, ABSTRACT = " It has become common to distribute software in forms that are isomorphic to the original source code. An important example is Java bytecode. Since such codes are easy to decompile, they increase the risk of malicious reverse engineering attacks. In this paper we describe the design of a Java {\em code obfuscator}, a tool which -- through the application of code transformations -- converts a Java program into an equivalent one that is more difficult to reverse engineer. We describe a number of transformations which obfuscate control-flow. Transformations are evaluated with respect to {\em potency} (To what degree is a human reader confused?), {\em resilience} (How well are automatic {\em deobfuscation} attacks resisted?), {\em cost} (How much time/space overhead is added?), and {\em stealth} (How well does obfuscated code blend in with the original code?). The resilience of many control-altering transformations rely on the resilience of {\em opaque predicates}. These are boolean valued expressions whose values are known to the obfuscator but difficult to determine for an automatic deobfuscator. We show how to construct resilient, cheap, and stealthy opaque predicates based on the intractability of certain static analysis problems such as alias analysis." }