.NET Framework 1.1 Security Guidelines - Obfuscation

From Guidance Share

Jump to: navigation, search

- J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Use obfuscation to protect your intellectual property

If you are concerned with protecting intellectual property, you can make it extremely difficult for a decompiler to be used on the MSIL code of your assemblies, by using an obfuscation tool. An obfuscation tool confuses human interpretation of the MSIL instructions and helps prevent successful decompilation.

Obfuscation is not foolproof and you should not build security solutions that rely on it. However, obfuscation does address threats that occur because of the ability to reverse engineer code. Obfuscation tools generally provide the following benefits:

* They help protect your intellectual property. * They obscure code paths. This makes it harder for an attacker to crack security logic. * They mangle the names of internal member variables. This makes it harder to understand the code. * They encrypt strings. Attackers often attempt to search for specific strings to locate key sensitive logic. String encryption makes this much harder to do.

A number of third-party obfuscation tools exist for the .NET Framework. One tool, the Community Edition of the Dotfuscator tool by PreEmptive Solutions, is included with the Visual Studio .NET development system. It is also available from http://www.preemptive.com/dotfuscator. For more information, see the list of obfuscator tools listed at http://msdn.microsoft.com/vcsharp/programming/tools/.

Personal tools