Methods and systems for obfuscating computer program code are disclosed. In an embodiment, a method of generating obfuscated binary code from input source code for execution on a target processor comprises: generating a set of random obfuscation transform selections; and iteratively optimizing the obfuscation transform selections until a termination criterion is met. The obfuscation transformation selections may comprise indications of custom instructions which are executable on the co-processor in order to reduce side channel leakage.

Methods and systems for removing sensitive information from a digital image. An instruction to share a digital image is received. It is then determined that the digital image contains a depiction of a corporate display medium that is classified as sensitive based on a policy and, based on the determination that the digital image contains the depiction of the corporate display medium that is classified as sensitive based on the policy, the digital image is processed to modify the depiction. The digital image is shared.

The exemplary embodiments are related to a device, a system, and a method for implementing a mechanism that is configured to prevent the unauthorized execution of software. A user device is configured to execute a feature access function corresponding to an application feature included in an application. The feature access function is configured to receive one of a plurality of values each time the application is launched. During operation, the feature access function receives a value and determines whether a condition is satisfied. When the condition is satisfied, the value is returned which indicates that execution of the application feature is permitted.

A method for hiding information in executable code comprising: identifying a set of pairs of interchangeable instructions, wherein each pair has an instruction order of execution that is reversible without changing a functionality of the executable code; organizing the pairs into a plurality of matrices based on a set of random seeds; for each matrix, inverting a submatrix consisting of a subset of columns from each matrix to identify a subset of pairs; identifying a matrix that has full column rank on a subset of columns that is a function of the pairs' location; storing an index of the identified matrix's associated seed in a secure data storage location; and encoding data into the executable code by reversing the order of execution of the subset of pairs and treating each pair having reversed instructions as a “1” and each pair of non-reversed instructions as a “0” or vice versa.

A computing device comprising a web browser processes instructions to load, by the web browser, first executable code of a browser extension. The first executable code causes the web browser to load a file, wherein the file comprises file content and metadata. The web browser decodes second executable code from the metadata and processes the second executable code to extract obfuscated information embedded in the file content. The web browser extracts third executable code from the extracted obfuscated information and provides, to a user of the computing device, first browser extension functionality by processing the first executable code and second browser extension functionality by executing the third executable code.

A data conversion unit that converts all or part of first data including secret target information and a part including the secret target information, into second data for reading or viewing; a masking processing unit that performs masking processing on the second data, thereby generating masking data; a storage unit that stores the masking data; and an output unit that outputs the masking data stored in the storage unit.

Described are various embodiments of a secure cloud-based system. In one such embodiment, the secure cloud-based system includes a distribution of digital network processing resources and a central digital processing environment. The central processing environment includes a secure network interface to each of said digital processing resources; a digital hardware processor; and a deployment engine operable to serially deploy a unique ephemeral machine executable code instance, via said secure network interface, to a given one of said digital processing resources to be executed thereon for a predetermined runtime period, wherein execution of each said unique ephemeral machine executable code instance is automatically terminated after said predetermined runtime period to be operatively replaced by a subsequent unique ephemeral machine executable code instance.

A device for validating authorization key obfuscation in a continuous integration (CI) pipeline codebase is presented. The device comprises a transceiver, one or more memories, and one or more processors interfacing with the transceiver and the one or more memories. The one or more processors are configured to receive an update to the CI pipeline codebase. The update may include an authorization key, which the one or more processors store in the one or more memories. The one or more processors may perform a build process to integrate the update into the CI pipeline codebase. The build process may include an obfuscation, which creates an obfuscated CI pipeline codebase. The one or more processors may also scan the obfuscated CI pipeline codebase to determine a presence or an absence of the authorization key.

A device for validating authorization key obfuscation in a continuous integration (CI) pipeline codebase is presented. The device comprises a transceiver, one or more memories, and one or more processors interfacing with the transceiver and the one or more memories. The one or more processors are configured to receive an update to the CI pipeline codebase. The update may include an authorization key, which the one or more processors store in the one or more memories. The one or more processors may perform a build process to integrate the update into the CI pipeline codebase. The build process may include an obfuscation, which creates an obfuscated CI pipeline codebase. The one or more processors may also scan the obfuscated CI pipeline codebase to determine a presence or an absence of the authorization key.

Some embodiments are directed to a compiler device (400) arranged for obfuscation of a computer program. The compiler device performs a live variable analysis on the computer program representation, and modifies the computer program representation to encode a first variable using at least a second variable as an encoding parameter.