{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T06:07:23Z","timestamp":1778825243980,"version":"3.51.4"},"reference-count":29,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers & Security"],"published-print":{"date-parts":[[2026,8]]},"DOI":"10.1016\/j.cose.2026.104866","type":"journal-article","created":{"date-parts":[[2026,3,15]],"date-time":"2026-03-15T15:47:08Z","timestamp":1773589628000},"page":"104866","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Unifying mixed boolean-arithmetic obfuscation by architectural and anti-generalization hardening"],"prefix":"10.1016","volume":"167","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-6199-579X","authenticated-orcid":false,"given":"Haoming","family":"Wei","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-9502-6750","authenticated-orcid":false,"given":"Tengyue","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-3428-2798","authenticated-orcid":false,"given":"Siyi","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0003-7769-8005","authenticated-orcid":false,"given":"Chuanping","family":"Hu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.104866_bib0001","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1016\/j.jnca.2014.10.009","article-title":"Man-at-the-end attacks: analysis, taxonomy, human aspects, motivation and future directions","volume":"48","author":"Akhunzada","year":"2015","journal-title":"J. Netw. Comput. Appl."},{"key":"10.1016\/j.cose.2026.104866_bib0002","series-title":"Selected Areas in Cryptography: 11th Annual International Workshop, SAC 2004","article-title":"Cryptanalysis of a white box AES implementation","author":"Billet","year":"2004"},{"key":"10.1016\/j.cose.2026.104866_bib0003","series-title":"26th USENIX Security Symposium (USENIX Security 17)","first-page":"643","article-title":"Syntia: synthesizing the semantics of obfuscated code","author":"Blazytko","year":"2017"},{"key":"10.1016\/j.cose.2026.104866_bib0004","series-title":"Proceedings of the 14th ACM Conference on Computer and Communications Security","first-page":"317","article-title":"Polyglot: automatic extraction of protocol message format using dynamic binary analysis","author":"Caballero","year":"2007"},{"key":"10.1016\/j.cose.2026.104866_bib0005","series-title":"OSDI","first-page":"209","article-title":"Klee: unassisted and automatic generation of high-coverage tests for complex systems programs","volume":"Vol. 8","author":"Cadar","year":"2008"},{"key":"10.1016\/j.cose.2026.104866_bib0006","first-page":"2015","article-title":"The tigress c diversifier\/obfuscator","volume":"14","author":"Collberg","year":"2015","journal-title":"Retrieved Aug."},{"issue":"8","key":"10.1016\/j.cose.2026.104866_bib0007","doi-asserted-by":"crossref","first-page":"735","DOI":"10.1109\/TSE.2002.1027797","article-title":"Watermarking, tamper-proofing, and obfuscation-tools for software protection","volume":"28","author":"Collberg","year":"2002","journal-title":"IEEE Trans. Software Eng."},{"key":"10.1016\/j.cose.2026.104866_bib0008","series-title":"Proceedings of the 2016 ACM Workshop on Software PROtection","first-page":"27","article-title":"Defeating mba-based obfuscation","author":"Eyrolles","year":"2016"},{"key":"10.1016\/j.cose.2026.104866_bib0009","series-title":"Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security (ASIACCS)","first-page":"749","article-title":"Full key recovery attack on a commercial white-box aes implementation","author":"Gouget","year":"2021"},{"key":"10.1016\/j.cose.2026.104866_bib0010","series-title":"Grehack 2016","article-title":"Arybo: manipulation, canonicalization and identification of mixed boolean-arithmetic symbolic expressions","author":"Guinet","year":"2016"},{"key":"10.1016\/j.cose.2026.104866_bib0011","series-title":"Proceedings of the 40th ACM\/SIGAPP Symposium on Applied Computing","first-page":"578","article-title":"AsmMBA: robust virtualization obfuscation with assembly-based mixed boolean-arithmetic","author":"Jin","year":"2025"},{"key":"10.1016\/j.cose.2026.104866_bib0012","series-title":"2015 IEEE\/ACM 1st International Workshop on Software Protection","first-page":"3","article-title":"Obfuscator-LLVM\u2013software protection for the masses","author":"Junod","year":"2015"},{"key":"10.1016\/j.cose.2026.104866_bib0013","series-title":"Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2351","article-title":"Simplifying mixed boolean-arithmetic obfuscation by program synthesis and term rewriting","author":"Lee","year":"2023"},{"key":"10.1016\/j.cose.2026.104866_bib0014","series-title":"30th USENIX Security Symposium (USENIX Security 21)","first-page":"1737","article-title":"Analyse this! on the practical deobfuscation of opaque predicates","author":"Lettner","year":"2021"},{"key":"10.1016\/j.cose.2026.104866_bib0015","series-title":"30th USENIX Security Symposium (USENIX Security 21)","first-page":"1701","article-title":"{MBA-Blast}: unveiling and simplifying mixed {Boolean-Arithmetic} obfuscation","author":"Liu","year":"2021"},{"key":"10.1016\/j.cose.2026.104866_bib0016","first-page":"1","article-title":"An in-place simplification on mixed boolean-arithmetic expressions","volume":"2022","author":"Liu","year":"2022","journal-title":"Secur. Commun. Netw."},{"key":"10.1016\/j.cose.2026.104866_bib0017","series-title":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","first-page":"2513","article-title":"Search-based local black-box deobfuscation: understand, improve and mitigate","author":"Menguy","year":"2021"},{"key":"10.1016\/j.cose.2026.104866_bib0018","series-title":"International Conference on Applied Cryptography and Network Security","first-page":"497","article-title":"Replacement attacks: automatically impeding behavior-based malware specifications","author":"Ming","year":"2015"},{"key":"10.1016\/j.cose.2026.104866_bib0019","series-title":"Applied Cryptography and Network Security - 18th International Conference, ACNS 2020, Rome, Italy, October 19\u201322, 2020, Proceedings, Part I","first-page":"45","article-title":"Cor-tainter: a flexible taint-based approach for cross-language information flow control","author":"Poeplau","year":"2020"},{"key":"10.1016\/j.cose.2026.104866_bib0020","series-title":"Proceedings of the 2022 ACM Workshop on Research on Offensive and Defensive Techniques in the Context of Man at the End (MATE) Attacks","first-page":"19","article-title":"Efficient deobfuscation of linear mixed boolean-arithmetic expressions","author":"Reichenwallner","year":"2022"},{"key":"10.1016\/j.cose.2026.104866_bib0021","series-title":"2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)","first-page":"427","article-title":"Simplification of general mixed boolean-arithmetic expressions: gamba","author":"Reichenwallner","year":"2023"},{"key":"10.1016\/j.cose.2026.104866_bib0022","article-title":"Seeing through obfuscation: interactive detection and removal of opaque predicates","author":"Rinsma","year":"2017","journal-title":"Master\u0160s thesis, Radboud University"},{"key":"10.1016\/j.cose.2026.104866_bib0023","series-title":"31st USENIX Security Symposium (USENIX Security 22)","first-page":"3055","article-title":"Loki: hardening code obfuscation against automated attacks","author":"Schloegel","year":"2022"},{"key":"10.1016\/j.cose.2026.104866_bib0024","series-title":"2015 IEEE Symposium on Security and Privacy","first-page":"745","article-title":"Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in c++ applications","author":"Schuster","year":"2015"},{"key":"10.1016\/j.cose.2026.104866_bib0025","series-title":"2016 IEEE Symposium on Security and Privacy (SP)","first-page":"138","article-title":"Sok: (state of) the art of war: offensive techniques in binary analysis","author":"Shoshitaishvili","year":"2016"},{"key":"10.1016\/j.cose.2026.104866_bib0026","series-title":"2013 IEEE Symposium on Security and Privacy","first-page":"574","article-title":"Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization","author":"Snow","year":"2013"},{"key":"10.1016\/j.cose.2026.104866_bib0027","series-title":"Proceedings of the 10th USENIX Security Symposium","article-title":"Control flow flattening","author":"Wang","year":"2000"},{"key":"10.1016\/j.cose.2026.104866_bib0028","series-title":"2015 IEEE Symposium on Security and Privacy","first-page":"674","article-title":"A generic approach to automatic deobfuscation of executable code","author":"Yadegari","year":"2015"},{"key":"10.1016\/j.cose.2026.104866_bib0029","series-title":"International Workshop on Information Security Applications","first-page":"61","article-title":"Information hiding in software with mixed boolean-arithmetic transforms","author":"Zhou","year":"2007"}],"container-title":["Computers & Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826000428?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826000428?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T05:12:18Z","timestamp":1778821938000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826000428"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,8]]},"references-count":29,"alternative-id":["S0167404826000428"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.104866","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,8]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Unifying mixed boolean-arithmetic obfuscation by architectural and anti-generalization hardening","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.104866","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"104866"}}