ENTERPRISE INFORMATION SECURITY MANAGEMENT SYSTEM BASED ON THE MODERN OBFUSCATION TECHNIQUE FOR MOBILE NETWORK OPERATORS
In today's realities, with constantly developing information technologies (IoT, 5G, Big Data, Cloud technologies, etc.), software protection is an urgent issue in the field of information security for each small, medium, or big enterprise. Also, software protection is a very important task for such enterprises, as mobile network operators, which, in order to ensure leadership in the market, produce a large number of modern unique software products for their own needs. Moreover, the software is the intellectual property of the enterprises, which developed it. The software is the intellectual property of both large corporations and small companies. The low reliability of software protection for enterprises is associated with a rather complex and time-consuming process, as well as with a number of technical limitations, which contributes to the thriving of computer piracy, inflicts colossal losses on IT companies and, of course, the state as a whole.
Therefore, the development of a new effective method of software protection, for the moment, is a priority in the field of information security, and new methods and techniques of software protection are needed for all specialized companies, which develop paid software. Nowadays there are many different approaches to solving this problem. These are encryption, watermarking, etc., but no one gives guaranteed results. That's why modern companies engaged in software development, should provide their customers with a more secure information product.
In this paper, the authors have provided the improved, more effective obfuscation method, based on a new sequence of obfuscation transformations. This method allows providing software protection of the enterprises from reverse engineering. To ensure the effectiveness of the proposed method, the authors have developed a special software product, based on cycles of operation and the creation of pseudocode to protect other software products. In the process of writing this article, studies were conducted that showed the following results. The product has become approximately 1.4 times more secure, and the obfuscation rate has increased by 10 percent. Based on the foregoing, the developed method can be followed to complicate the decoding process of existing software products used in various enterprises.
In the future, it is planned to implement additional obfuscation transformations, as well as a comparative analysis with existing obfuscation programs.
Anderson, E. E., & Choobineh, J. (2008). Enterprise information security strategies. Computers & Security, 27(1–2), 22-29. https://doi.org/10.1016/j.cose.2008.03.002
Cafasso, D., Calabrese, C., Casella, G., Bottani, E., & Murino, T. (2020). Framework for Selecting Manufacturing Simulation Software in Industry 4.0 Environment. Sustainability, 12, 5909. https://doi.org/10.3390/su12155909
Danik, Yu., Hryschuk, R., & Gnatyuk, S. (2016). Synergistic effects of information and cybernetic interaction in civil aviation. Aviation, 20(3), 137-144. https://doi.org/10.3846/16487788.2016.1237787
De Smit, Z., Elhabashy, A. E., Wells, L. J., & Camelio, J. A. (2016). Cyber-physical security challenges in manufacturing systems. Procedia Manufacturing, 5, 1060-1074. https://doi.org/10.1016/j.promfg.2016.08.075
Dechow, N., Granlund, M., & Mouritsen, J. (2006). Management control of the complex organization: relationships between management accounting and information technology. Handbooks of Management Accounting Research, 2, 625-640. https://doi.org/10.1016/S1751-3243(06)02007-4
Dzwigol, H., Dzwigol-Barosz, M., Miskiewicz, R., & Kwilinski, A. (2020). Manager Competency Assessment Model in the Conditions of Industry 4.0. Entrepreneurship and Sustainability Issues, 7(4), 2630-2644. https://doi.org/10.9770/jesi.2020.7.4(5)
Dźwigoł, H., Shcherbak, S., Semikina, M., Vinichenko, O., & Vasiuta, V. (2019). Formation of Strategic Change Management System at an Enterprise. Academy of Strategic Management Journal, 18(SI1), 1-8.
Foket, Ch., De Bosschere, K., & De Sutter, B. (2019). Effective and efficient java-type obfuscation. Journal of Software: Practice and Experience, 50(2), 136-160. https://doi.org/10.1002/spe.2773
Granlund, M., & Mouritsen, J. (2003). Introduction: problematizing the relationship between management control and information technology. European Accounting Review, 12(1), 77-83. https://doi.org/10.1080/0963818031000087925
Hu, Z., Gnatyuk, V., Sydorenko, V., Odarchenko, R., & Gnatyuk, S. (2016). Cyber Stealth Attacks in Critical Information Infrastructures. IEEE Systems Journal, 12(2), 1778-1792. https://doi.org/10.1109/JSYST.2015.2487684
Henrie, M. (2015). Cyber Security Risk Management in the SCADA Critical Infrastructure Environment. Engineering Management Journal, 25(2), 38-45. https://doi.org/10.1080/10429247.2013.11431973
Jeet, K., & Dhir, R. (2016). Software Module Clustering Using Hybrid Socio-Evolutionary Algorithms. International Journal of Information Engineering and Electronic Business, 8(4), 43-53. https://doi.org/10.5815/ijieeb.2016.04.06
Kaur, J., & Tomar, P. (2018). Clustering based Architecture for Software Component Selection. International Journal of Modern Education and Computer Science, 10(8), 33-40. https://doi.org/10.5815/ijmecs.2018.08.04
Kuang, K., Tang, Z., Gong, X., Fang, D., Chena, X., & Wang, Z. (2018). Enhance virtual-machine-based code obfuscation security through dynamic bytecode scheduling. Computers & Security, 74, 202-220. https://doi.org/10.1016/j.cose.2018.01.008
Lu, Y. (2017). Industry 4.0: A survey on technologies, applications and open research issues. Journal of Industrial Information Integration, 6, 1-10. https://doi.org/10.1016/j.jii.2017.04.005
Mayadunne, S., & Park, S. (2016). An economic model to evaluate information security investment of risk-taking small and medium enterprises. International Journal of Production Economics, 182, 519-530. https://doi.org/10.1109/SP.2015.47
Merhi, M. I., & Ahluwalia, P. (2019). Examining the impact of deterrence factors and norms on resistance to Information Systems Security. Computers in Human Behavior, 92, 37-46. https://doi.org/10.1016/j.chb.2018.10.031
Miśkiewicz, R. (2019). Challenges Facing Management Practice in the Light of Industry 4.0: The Example of Poland. Virtual Economics, 2(2), 37-47. https://doi.org/10.34021/ve.2019.02.02(2).
Miśkiewicz, R, & Wolniak, R. (2020). Practical Application of the Industry 4.0 Concept in a Steel Company. Sustainability, 12(14), 5776. https://doi.org/10.3390/su12145776
Rangel, A. (2019). Why enterprises need to adopt ‘need-to-know’ security. Computer Fraud & Security, 2019(12), 9-12. https://doi.org/10.1016/S1361-3723(19)30127-7
Sari, A. (2015). Review of Anomaly Detection Systems in Cloud Networks and Survey of Cloud Security Measures in Cloud Storage Applications. Journal of Information Security, 6(2), 142-154. https://doi.org/10.4236/jis.2015.62015
Shariati, M., Bahmani, F., & Shams, F. (2011). Enterprise information security, a review of architectures and frameworks from interoperability perspective. Procedia Computer Science, 3, 537-543. https://doi.org/10.1016/j.procs.2010.12.089
Stepanenko, I., Kinzeryavyy, V., Nagi, A., Lozinskyi, I. (2016). Modern obfuscation methods for secure coding. Ukrainian Scientific Journal of Information Security, 22(1), 32-37. https://doi.org/10.18372/2225-5036.22.10451
Uchenna, P., Ani, D., He, H. M., & Tiwari, A. (2017). Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. Journal of Cyber Security Technology, 1(1), 32-74. https://doi.org/10.1080/23742917.2016.1252211
Wang, P., Wu, D., Chen, Z., & Wei, T. (2018). Protecting million-user IOS apps with obfuscation: motivations, pitfalls, and experience. In ICSE-SEIP '18: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Practice. Association for Computing Machinery. New York, NY, United States. https://doi.org/10.1145/3183519.3183524
Yadegari, B., Johannesmeyer, B., Whitely, B., & Debray, S. (2015). A generic approach to automatic deobfuscation of executable code. IEEE Symposium on Security and Privacy, San Jose, CA, 674-691. https://doi.org/10.1109/SP.2015.47
Zeng, W., & Koutny, M. (2019). Modelling and analysis of corporate efficiency and productivity loss associated with enterprise information security technologies. Journal of Information Security and Applications, 49, 102385. https://doi.org/10.1016/j.jisa.2019.102385