Software applications contain valuable assets that, if compromised, can make the security of users at stake and cause huge monetary losses for software developers. Software protections are applied whenever assets’ security is at risk as they delay successful attacks. Unfortunately, protections might have recognizable fingerprints that can expose the location of the assets, thus facilitating the attackers’ job. This paper presents a novel approach that uses three main methods to hide the protected assets: protection fingerprint replication, enlargement, and shadowing. The best way to hide assets is determined with a Mixed Integer Linear Program, which is automatically built starting from the code structure, the protected assets, and a model that depicts the dependencies among protection and the fingerprints they generate. Additional constraints, such as overhead limits are also supported to ensure the usability of the protected applications. Our implementation, which uses off-the-shelf solvers, showed promising performance and scalability on large applications.
Towards Optimally Hiding Protected Assets in Software Applications / Regano, Leonardo; Canavese, Daniele; Basile, Cataldo; Lioy, Antonio. - CD-ROM. - (2017), pp. 374-385. (Intervento presentato al convegno 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS) tenutosi a Prague (CZ) nel July 25-29, 2017) [10.1109/QRS.2017.47].
Towards Optimally Hiding Protected Assets in Software Applications
REGANO, LEONARDO;CANAVESE, DANIELE;BASILE, CATALDO;LIOY, ANTONIO
2017
Abstract
Software applications contain valuable assets that, if compromised, can make the security of users at stake and cause huge monetary losses for software developers. Software protections are applied whenever assets’ security is at risk as they delay successful attacks. Unfortunately, protections might have recognizable fingerprints that can expose the location of the assets, thus facilitating the attackers’ job. This paper presents a novel approach that uses three main methods to hide the protected assets: protection fingerprint replication, enlargement, and shadowing. The best way to hide assets is determined with a Mixed Integer Linear Program, which is automatically built starting from the code structure, the protected assets, and a model that depicts the dependencies among protection and the fingerprints they generate. Additional constraints, such as overhead limits are also supported to ensure the usability of the protected applications. Our implementation, which uses off-the-shelf solvers, showed promising performance and scalability on large applications.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2679343
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo