ENTERPRISE INFORMATION SECURITY MANAGEMENT SYSTEM BASED ON THE MODERN OBFUSCATION TECHNIQUE FOR MOBILE NETWORK OPERATORS

Keywords: enterprise, security management system, information security, obfuscation, software, secure coding

Abstract

In today's realities, with constantly developing information technologies (IoT, 5G, Big Data, Cloud technologies, etc.), software protection is an urgent issue in the field of information security for each small, medium, or big enterprise. Also, software protection is a very important task for such enterprises, as mobile network operators, which, in order to ensure leadership in the market, produce a large number of modern unique software products for their own needs. Moreover, the software is the intellectual property of the enterprises, which developed it. The software is the intellectual property of both large corporations and small companies. The low reliability of software protection for enterprises is associated with a rather complex and time-consuming process, as well as with a number of technical limitations, which contributes to the thriving of computer piracy, inflicts colossal losses on IT companies and, of course, the state as a whole.

Therefore, the development of a new effective method of software protection, for the moment, is a priority in the field of information security, and new methods and techniques of software protection are needed for all specialized companies, which develop paid software. Nowadays there are many different approaches to solving this problem. These are encryption, watermarking, etc., but no one gives guaranteed results. That's why modern companies engaged in software development, should provide their customers with a more secure information product.

In this paper, the authors have provided the improved, more effective obfuscation method, based on a new sequence of obfuscation transformations. This method allows providing software protection of the enterprises from reverse engineering. To ensure the effectiveness of the proposed method, the authors have developed a special software product, based on cycles of operation and the creation of pseudocode to protect other software products. In the process of writing this article, studies were conducted that showed the following results. The product has become approximately 1.4 times more secure, and the obfuscation rate has increased by 10 percent. Based on the foregoing, the developed method can be followed to complicate the decoding process of existing software products used in various enterprises.

In the future, it is planned to implement additional obfuscation transformations, as well as a comparative analysis with existing obfuscation programs.

Downloads

Download data is not yet available.

Author Biographies

Oleh Polihenko, National Aviation University

PhD Student

Roman Odarchenko, National Aviation University

Chair of Telecommunications and Radioelectronics Academic Department

Sergiy Gnatyuk, National Aviation University

Vice dean of the Faculty of cybersecurity, computer and software engineering

References

Anderson, E. E., & Choobineh, J. (2008). Enterprise information security strategies. Computers & Security, 27(1–2), 22-29. https://doi.org/10.1016/j.cose.2008.03.002

Cafasso, D., Calabrese, C., Casella, G., Bottani, E., & Murino, T. (2020). Framework for Selecting Manufacturing Simulation Software in Industry 4.0 Environment. Sustainability, 12, 5909. https://doi.org/10.3390/su12155909

Danik, Yu., Hryschuk, R., & Gnatyuk, S. (2016). Synergistic effects of information and cybernetic interaction in civil aviation. Aviation, 20(3), 137-144. https://doi.org/10.3846/16487788.2016.1237787

De Smit, Z., Elhabashy, A. E., Wells, L. J., & Camelio, J. A. (2016). Cyber-physical security challenges in manufacturing systems. Procedia Manufacturing, 5, 1060-1074. https://doi.org/10.1016/j.promfg.2016.08.075

Dechow, N., Granlund, M., & Mouritsen, J. (2006). Management control of the complex organization: relationships between management accounting and information technology. Handbooks of Management Accounting Research, 2, 625-640. https://doi.org/10.1016/S1751-3243(06)02007-4

Dzwigol, H., Dzwigol-Barosz, M., Miskiewicz, R., & Kwilinski, A. (2020). Manager Competency Assessment Model in the Conditions of Industry 4.0. Entrepreneurship and Sustainability Issues, 7(4), 2630-2644. https://doi.org/10.9770/jesi.2020.7.4(5)

Dźwigoł, H., Shcherbak, S., Semikina, M., Vinichenko, O., & Vasiuta, V. (2019). Formation of Strategic Change Management System at an Enterprise. Academy of Strategic Management Journal, 18(SI1), 1-8.

Foket, Ch., De Bosschere, K., & De Sutter, B. (2019). Effective and efficient java-type obfuscation. Journal of Software: Practice and Experience, 50(2), 136-160. https://doi.org/10.1002/spe.2773

Granlund, M., & Mouritsen, J. (2003). Introduction: problematizing the relationship between management control and information technology. European Accounting Review, 12(1), 77-83. https://doi.org/10.1080/0963818031000087925

Hu, Z., Gnatyuk, V., Sydorenko, V., Odarchenko, R., & Gnatyuk, S. (2016). Cyber Stealth Attacks in Critical Information Infrastructures. IEEE Systems Journal, 12(2), 1778-1792. https://doi.org/10.1109/JSYST.2015.2487684

Henrie, M. (2015). Cyber Security Risk Management in the SCADA Critical Infrastructure Environment. Engineering Management Journal, 25(2), 38-45. https://doi.org/10.1080/10429247.2013.11431973

Jeet, K., & Dhir, R. (2016). Software Module Clustering Using Hybrid Socio-Evolutionary Algorithms. International Journal of Information Engineering and Electronic Business, 8(4), 43-53. https://doi.org/10.5815/ijieeb.2016.04.06

Kaur, J., & Tomar, P. (2018). Clustering based Architecture for Software Component Selection. International Journal of Modern Education and Computer Science, 10(8), 33-40. https://doi.org/10.5815/ijmecs.2018.08.04

Kuang, K., Tang, Z., Gong, X., Fang, D., Chena, X., & Wang, Z. (2018). Enhance virtual-machine-based code obfuscation security through dynamic bytecode scheduling. Computers & Security, 74, 202-220. https://doi.org/10.1016/j.cose.2018.01.008

Lu, Y. (2017). Industry 4.0: A survey on technologies, applications and open research issues. Journal of Industrial Information Integration, 6, 1-10. https://doi.org/10.1016/j.jii.2017.04.005

Mayadunne, S., & Park, S. (2016). An economic model to evaluate information security investment of risk-taking small and medium enterprises. International Journal of Production Economics, 182, 519-530. https://doi.org/10.1109/SP.2015.47

Merhi, M. I., & Ahluwalia, P. (2019). Examining the impact of deterrence factors and norms on resistance to Information Systems Security. Computers in Human Behavior, 92, 37-46. https://doi.org/10.1016/j.chb.2018.10.031

Miśkiewicz, R. (2019). Challenges Facing Management Practice in the Light of Industry 4.0: The Example of Poland. Virtual Economics, 2(2), 37-47. https://doi.org/10.34021/ve.2019.02.02(2).

Miśkiewicz, R, & Wolniak, R. (2020). Practical Application of the Industry 4.0 Concept in a Steel Company. Sustainability, 12(14), 5776. https://doi.org/10.3390/su12145776

Rangel, A. (2019). Why enterprises need to adopt ‘need-to-know’ security. Computer Fraud & Security, 2019(12), 9-12. https://doi.org/10.1016/S1361-3723(19)30127-7

Sari, A. (2015). Review of Anomaly Detection Systems in Cloud Networks and Survey of Cloud Security Measures in Cloud Storage Applications. Journal of Information Security, 6(2), 142-154. https://doi.org/10.4236/jis.2015.62015

Shariati, M., Bahmani, F., & Shams, F. (2011). Enterprise information security, a review of architectures and frameworks from interoperability perspective. Procedia Computer Science, 3, 537-543. https://doi.org/10.1016/j.procs.2010.12.089

Stepanenko, I., Kinzeryavyy, V., Nagi, A., Lozinskyi, I. (2016). Modern obfuscation methods for secure coding. Ukrainian Scientific Journal of Information Security, 22(1), 32-37. https://doi.org/10.18372/2225-5036.22.10451

Uchenna, P., Ani, D., He, H. M., & Tiwari, A. (2017). Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective. Journal of Cyber Security Technology, 1(1), 32-74. https://doi.org/10.1080/23742917.2016.1252211

Wang, P., Wu, D., Chen, Z., & Wei, T. (2018). Protecting million-user IOS apps with obfuscation: motivations, pitfalls, and experience. In ICSE-SEIP '18: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Practice. Association for Computing Machinery. New York, NY, United States. https://doi.org/10.1145/3183519.3183524

Yadegari, B., Johannesmeyer, B., Whitely, B., & Debray, S. (2015). A generic approach to automatic deobfuscation of executable code. IEEE Symposium on Security and Privacy, San Jose, CA, 674-691. https://doi.org/10.1109/SP.2015.47

Zeng, W., & Koutny, M. (2019). Modelling and analysis of corporate efficiency and productivity loss associated with enterprise information security technologies. Journal of Information Security and Applications, 49, 102385. https://doi.org/10.1016/j.jisa.2019.102385

Published
2020-07-31
How to Cite
PolihenkoO., OdarchenkoR., & GnatyukS. (2020). ENTERPRISE INFORMATION SECURITY MANAGEMENT SYSTEM BASED ON THE MODERN OBFUSCATION TECHNIQUE FOR MOBILE NETWORK OPERATORS. European Cooperation, 3(47), 43-52. https://doi.org/10.32070/ec.v3i47.89