Architectural Principles That Prevent Code Modification or Reverse Engineering

=Introduction=

Relevant Audiences
This guide is relevant to technical audiences that are responsible for designing or proposing the software architecture behind high-risk applications that store, transmit, or process sensitive information assets within hostile environments (read: mobile, web server code in particular geographies, cloud, firmware). The code behind these applications will be hosted in an environment that the organization has no control over. An attacker may have access to the code and could either reverse engineer it or modify it. Typically, the attacker does so in order to steal assets associated with the code. Often, relevant technical audiences have the following role titles:


 * Enterprise Architect;


 * Solution Architect;


 * Security Architect;


 * Software Architect;


 * Infrastructure Security Specialist Architect;


 * Web Application Security Architect; or


 * Lead Software Engineer.

The relevant audience is interested in preventing an attacker from reverse engineering or modifying the behavior of the underlying code.

Goals of this Guide
This guide helps Security Architects formulate appropriate solutions that mitigate operational risks specific to code hosted in untrustworthy environments such as mobile phones, clouds, or web code hosted in particular geographies. These risks are outlined in a related OWASP project titled, "Technical Risks of Reverse Engineering and Unauthorized Code Modification". This project has several different goals that are outlined below:

Integrity Risk Education
Software Architects must take into account many different competing design factors when proposing a technical architecture for applications hosted in hostile environments. When considering the security of the application’s solution, architects must propose various controls that will mitigate several different types of operational risk. Relevant technical risks that stem from mobile phone applications include: hardware infrastructure, code, and application integrity. This section of the guide highlights application integrity risks that an architect should be aware of when designing mobile phone application solutions.

Architectural Solution Components
To reduce application integrity risks to an acceptable level, an architect must integrate particular security controls at the right locations within the mobile phone application. This section of the document highlights a catalog of potential architectural controls that are relevant to mitigating application integrity violation risks.

As part of the architectural formulation process, the architect must choose particular technologies to leverage in the final solution. These choices can have varying impacts on the following aspects of the mobile phone application: performance; scalability; and maintenance. This section of the guide highlights the potential impacts of integrity security controls on the final solution.