Abstract:
We romp through the history of software obfuscation, providing non-technical explanations of key events in each decade. In the 1970s, obfuscation was an elite sport played by overly-clever programmers who hid undocumented features in system software. In the 1980s, obfuscation was a competitive sport in The International Obfuscated C Code Contest, and white-hat analyst Fred Cohen designed self-obfuscating viruses which would evade detection. In the 1990s, obfuscation was a dark-side tool for malware designers, and white-hat inventors produced patentable art for use in the commercial sector. The 2000s was a decade of consolidation: some potent obfuscation methods were released in an open-source software suite, the first commercial vendor of obfuscation services became profitable, and Boaz Barak received a Turing Award for proving that a general-purpose software obfuscator cannot exist. In this decade, most smartphone apps are lightly obfuscated, and obfuscation theorists are hoping to construct a provably-secure restricted-purpose obfuscation method.