Programs often run under strict usage conditions (e.g., license restrictions) that could be broken in case of code tampering. Possible attacks include malicious reverse engineering, tampering using static, dynamic and hybrid techniques. Many code protection techniques (e.g., code obfuscation) have been proposed to mitigate the problem of attacks to software integrity, by turning code resilient to attacks or just more difficult to understand and, consequently, to attack. Effectiveness of software protection in limiting or retarding attacks is often assessed by using various code metrics. However, metrics alone give a limited (and potentially biased) quantification of the level of protection. Human studies are required to validate metrics and to objectively quantify how effective is code protection in blocking malicious tampering. Human studies would shown if metrics approximate the actual effort required by an attacker break protections. However, these studies are very expensive and time consuming. The contribution of the whole research community is required to achieve this demanding objective.

On the need for more human studies to assess software protection

Ceccato, Mariano
2014

Abstract

Programs often run under strict usage conditions (e.g., license restrictions) that could be broken in case of code tampering. Possible attacks include malicious reverse engineering, tampering using static, dynamic and hybrid techniques. Many code protection techniques (e.g., code obfuscation) have been proposed to mitigate the problem of attacks to software integrity, by turning code resilient to attacks or just more difficult to understand and, consequently, to attack. Effectiveness of software protection in limiting or retarding attacks is often assessed by using various code metrics. However, metrics alone give a limited (and potentially biased) quantification of the level of protection. Human studies are required to validate metrics and to objectively quantify how effective is code protection in blocking malicious tampering. Human studies would shown if metrics approximate the actual effort required by an attacker break protections. However, these studies are very expensive and time consuming. The contribution of the whole research community is required to achieve this demanding objective.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11582/255219
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
social impact