1

I want to to perform obfuscation on the software that will be delivered the customer as a library or executable to prevent or at least make it difficult to de-compile the product. However some levels of the DO-178 standard requires object code to be traceable to source code and obfuscation can alter the object code or the source code based on the technique that is preferred.

My question is that if the product is a DO-178 qualified software (not the source code) to be delivered to customer for them to integrate to their software project as a library, is there any way or tool to perform obfuscation while still satisfying the standard's requirements?

653lover
  • 53
  • 5
  • 10
    "It is known that it's a good practice to perform obfuscation on the software that will be delivered the customer" is very debatable to begin with. – Chris Nov 16 '23 at 08:08
  • @Chris I updated the reason for needing the obfuscation as stated. – 653lover Nov 16 '23 at 08:20
  • 8
    From a technical & safety point of view, I don't believe it is good practice to obfuscate the binary. Depending on the language and obfuscation technique used, the software's executable may run with different CPU instructions after obfuscation and therefore critical timing may be affected. – DeltaLima Nov 16 '23 at 08:33
  • 4
    What is the assurance level of your software? What is the language? How is traceability ensured without the obfuscation? – DeltaLima Nov 16 '23 at 08:34
  • 5
    The software is going to be tested/verified and each line of code which is not hit during the test is dead code which simply mustn't be there. Code obfuscation and avionics don't match... – sophit Nov 16 '23 at 09:38
  • @DeltaLima It is stated in the 178C 6.4.4.2.b that the source code to object code traceability is only required if the level is DAL-A and assume the C language is being used. The CAST-12 Certification Authorities Software Team) suggests that the traceability can be performed on the non-traceable code by identifying the object code generated by the compiler that has nothing to do with the intended functionality (such as error checks or optimizations). It is not required to trace the whole source code but the object code with these patterns only. – 653lover Nov 16 '23 at 10:09
  • @sophit As I understand, if the non-traceable object code (inserted by the compiler or an obfuscation tool) can be understood and verification is achieved then they can be justified. For dead code issue, some obfuscation methods only insert some certain instructions into the code that won't create a branch or jump. So if the source code does not have dead code to begin with the obfuscation won't add a new one. – 653lover Nov 16 '23 at 10:23
  • 1
    @sophit So in order to create traceability the functionality of the inserted object code must be figured out first. However the obfuscation, by nature, inserts some abstruse code so it can't be easily understood thus You are right! Code obfuscation and avionics don't match! – 653lover Nov 16 '23 at 10:24
  • 2
    So, it seems we came to a conclusion that there is no place for code obfuscation in avionics. @sophit would you be able to take the information from the various comments here (yours, mine, 653lover's) and craft it into a proper answer? – DeltaLima Nov 16 '23 at 10:50
  • @653lover: so you want to write in your code something like?

    X=X+10; X=X-10; X=X*10; X=X/10; print(X);

     – sophit Nov 16 '23 at 12:28
  • @sophit Technically yes. There are lots of methods for obfuscating a C code or even object code. Some of them works by inserting new lines of code or instructions and some other methods just alters the instructions with other new ones whilst keeping the functionality of the executable unchanged. I was wondering if there is a tool that does these kind of operations and also qualified wrt. DO-178 Tool Qualification Requirements. I do not want to add those lines manually into the source code. – 653lover Nov 16 '23 at 13:24
  • 1
    @653lover: understand. Anyway as a big con I'd say that whoever will have to modify the code after you is going to hate you Mmh, I don't know, if that piece of code has to be certified >level C then I'd be afraid of adding anything not directly related to what the code is supposed to do – sophit Nov 16 '23 at 13:40
  • @sophit What I actually had in mind was an automated pipeline that only runs when the code is going to be released. The tool would take the final source code and compiles it and then obfuscates it so it's ready to be delivered to the client. So engineers don't have to deal with mangled code or executable. Also the resulting obfuscated binary only needs to be manually investigated if the tool is not qualified. – 653lover Nov 17 '23 at 08:26
  • 1
    This is far my knowledge, sorry. And if this far yours or your company's too, then maybe you should ask for an external advisor. – sophit Nov 17 '23 at 09:44
  • 1
    What does your customer have to say about it? If they're going to use you library to develop certified code, they need to know if you are obfuscating the code. The only way they wouldn't is if your library was qualified with the obfuscation in place. Getting tools qualified is time consuming and expensive. That's why qualified compilers are ridiculously expensive. To be honest, If you were trying to sell me a library like you describe, I'd look elsewhere. Certifying and more importantly maintaining certified code is hard work. I wouldn't want the headaches that your library would introduce. – Gerry Nov 17 '23 at 14:55
  • @Gerry Of course the customer will be informed as the status of the final product will be written in the contract as obfuscated and qualified. I also agree that such a tool would be expensive, but in order to protect the intellectual property which is the library for this case it might be wise to use it. In order to get around the certification process I was in search of a certified tool that produces qualified library, just like how the compilers are priced and use in this field of work. – 653lover Nov 20 '23 at 12:29

0 Answers0