Professor Clark Thomborson,
Computer Science Department, University of Auckland

Five Decades of Software Obfuscation: A Retrospective

We romp through the history of software obfuscation, providing non-technical explanations of key events in each decade. In the 1970s, obfuscation was an elite sport played by overly-clever programmers who hid undocumented features in system software. In the 1980s, obfuscation was a competitive sport in The International Obfuscated C Code Contest, and white-hat analyst Fred Cohen designed self-obfuscating viruses which would evade detection. In the 1990s, obfuscation was a dark-side tool for malware designers, and white-hat inventors produced patentable art for use in the commercial sector. The 2000s was a decade of consolidation: some potent obfuscation methods were released in an open-source software suite, the first commercial vendor of obfuscation services became profitable, and Boaz Barak received a Turing Award for proving that a general-purpose software obfuscator cannot exist. In this decade, most smartphone apps are lightly obfuscated, and obfuscation theorists are hoping to construct a provably-secure restricted-purpose obfuscation method.


Clark has been a professor of computer science at the University of Auckland since 1996, when he emigrated to New Zealand. He received the PhD degree in computer science in 1980 from Carnegie Mellon University, under his birth name Clark Thompson. He has held academic positions at the U of Minnesota-Duluth, UC Berkeley and MIT. He has several years of work experience as a software/hardware systems integrator in the private sector. For the first two decades of his research career, he focussed on performance issues for computer systems. Since the late 1990s, most of his research effort has been devoted to improving the security and privacy of computer systems. His patented methods for software obfuscation (US 6668325, co-inventors Collberg and Low) entered the public domain in June 2017.