Archivio Istituzionale della RicercaInvariants monitoring is a software attestation technique that aims at proving the integrity of a running application by checking likely-invariants, which are statistically significant predicates inferred on variables’ values. Being very promising, according to the software protection literature, we developed a technique to remotely monitor invariants. This paper presents the analysis we have performed to assess the effectiveness of our technique and the effectiveness of likely-invariants for software attestation purposes. Moreover, it illustrates the identified limitations and our studies to improve the detection abilities of this technique. Our results suggest that, despite further studies and future results may increase the efficacy and reduce the side effects, software attestation based on likely-invariants is not yet ready for the real world. Software developers should be warned of these limitations, if they could be tempted by adopting this technique, and companies developing software protections should not invest in development without also investing in further research.
On the impossibility of effectively using likely-invariants for software attestation purposes / Viticchie', Alessio; Basile, Cataldo; Valenza, Fulvio; Lioy, Antonio. - In: JOURNAL OF WIRELESS MOBILE NETWORKS, UBIQUITOUS COMPUTING AND DEPENDABLE APPLICATIONS. - ISSN 2093-5374. - STAMPA. - 9:2(2018), pp. 1-25. [10.22667/JOWUA.2018.06.30.001]
On the impossibility of effectively using likely-invariants for software attestation purposes
Alessio Viticchié;Cataldo Basile;Fulvio Valenza;Antonio Lioy
2018
Abstract
Invariants monitoring is a software attestation technique that aims at proving the integrity of a running application by checking likely-invariants, which are statistically significant predicates inferred on variables’ values. Being very promising, according to the software protection literature, we developed a technique to remotely monitor invariants. This paper presents the analysis we have performed to assess the effectiveness of our technique and the effectiveness of likely-invariants for software attestation purposes. Moreover, it illustrates the identified limitations and our studies to improve the detection abilities of this technique. Our results suggest that, despite further studies and future results may increase the efficacy and reduce the side effects, software attestation based on likely-invariants is not yet ready for the real world. Software developers should be warned of these limitations, if they could be tempted by adopting this technique, and companies developing software protections should not invest in development without also investing in further research.
| File | Dimensione | Formato | |
|---|---|---|---|
|
2018BasileInvariants.pdf
accesso aperto
Descrizione: Main paper
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
PUBBLICO - Tutti i diritti riservati
Dimensione
967.01 kB
Formato
Adobe PDF
|
967.01 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2711778