Software applications contain valuable assets that, if compromised, can make the security of users at stake and cause huge monetary losses for software developers. Software protections are applied whenever assets’ security is at risk as they delay successful attacks. Unfortunately, protections might have recognizable fingerprints that can expose the location of the assets, thus facilitating the attackers’ job. This paper presents a novel approach that uses three main methods to hide the protected assets: protection fingerprint replication, enlargement, and shadowing. The best way to hide assets is determined with a Mixed Integer Linear Program, which is automatically built starting from the code structure, the protected assets, and a model that depicts the dependencies among protection and the fingerprints they generate. Additional constraints, such as overhead limits are also supported to ensure the usability of the protected applications. Our implementation, which uses off-the-shelf solvers, showed promising performance and scalability on large applications.

Towards Optimally Hiding Protected Assets in Software Applications / Regano, Leonardo; Canavese, Daniele; Basile, Cataldo; Lioy, Antonio. - CD-ROM. - (2017), pp. 374-385. (Intervento presentato al convegno 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS) tenutosi a Prague (CZ) nel July 25-29, 2017) [10.1109/QRS.2017.47].

Towards Optimally Hiding Protected Assets in Software Applications

REGANO, LEONARDO;CANAVESE, DANIELE;BASILE, CATALDO;LIOY, ANTONIO
2017

Abstract

Software applications contain valuable assets that, if compromised, can make the security of users at stake and cause huge monetary losses for software developers. Software protections are applied whenever assets’ security is at risk as they delay successful attacks. Unfortunately, protections might have recognizable fingerprints that can expose the location of the assets, thus facilitating the attackers’ job. This paper presents a novel approach that uses three main methods to hide the protected assets: protection fingerprint replication, enlargement, and shadowing. The best way to hide assets is determined with a Mixed Integer Linear Program, which is automatically built starting from the code structure, the protected assets, and a model that depicts the dependencies among protection and the fingerprints they generate. Additional constraints, such as overhead limits are also supported to ensure the usability of the protected applications. Our implementation, which uses off-the-shelf solvers, showed promising performance and scalability on large applications.
2017
978-1-5386-0592-9
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2679343
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo