A meta-model for software protections and reverse engineering attacks
Article
Basile, C., Canavese, D., Regano, L., Falcarin, P. and De Sutter, B 2019. A meta-model for software protections and reverse engineering attacks. Journal of Systems and Software. 150, pp. 3-21. https://doi.org/10.1016/j.jss.2018.12.025
Authors | Basile, C., Canavese, D., Regano, L., Falcarin, P. and De Sutter, B |
---|---|
Abstract | Software protection techniques are used to protect valuable software assets against man-at-the-end attacks. Those attacks include reverse engineering to steal confidential assets, and tampering to break the software’s integrity in unauthorized ways. While their ultimate aims are the original assets, attackers also target the protections along their attack path. To allow both humans and tools to reason about the strength of available protections (and combinations thereof) against potential attacks on concrete applications and their assets, i.e., to assess the true strength of layered protections, all relevant and available knowledge on the relations between the relevant aspects of protections, attacks, applications, and assets need to be collected, structured, and formalized. This paper presents a software protection meta-model that can be instantiated to construct a formal knowledge base that holds precisely that information. The presented meta-model is validated against existing models and taxonomies in the domain of software protection, and by means of prototype tools that we developed to help non-modelling-expert software defenders with populating a knowledge base and with extracting and inferring practically useful information from it. All discussed tools are available as open source, and we evaluate their use as part of a software protection work flow on an open source application and industrial use cases. |
Keywords | Software Protection; Security Knowledge Base; Decision Support; Attack modelling; Reverse Engineering; Meta-model |
Journal | Journal of Systems and Software |
Journal citation | 150, pp. 3-21 |
ISSN | 0164-1212 |
Year | 2019 |
Publisher | Elsevier |
Accepted author manuscript | License File Access Level Anyone |
Supplemental file | License File Access Level Anyone |
Digital Object Identifier (DOI) | https://doi.org/10.1016/j.jss.2018.12.025 |
Web address (URL) | https://doi.org/10.1016/j.jss.2018.12.025 |
Publication dates | |
Online | 22 Dec 2018 |
Publication process dates | |
Accepted | 21 Dec 2018 |
Deposited | 20 Jun 2019 |
Copyright holder | © 2018 Elsevier |
https://repository.uel.ac.uk/item/86vq2
Download files
Accepted author manuscript
8607748.pdf | ||
License: CC BY-NC-ND 4.0 | ||
File access level: Anyone |
Supplemental file
A Meta-model for Software Protections and Reverse Engineering Attacks: an instance of the meta-model.pdf | ||
License: CC BY 4.0 | ||
File access level: Anyone |
355
total views243
total downloads10
views this month1
downloads this month