SOFTWARE SECURITY AND PROTECTION
Main Topics and speakers:
This year ISSISP will provide outstanding courses in major areas of code and contents protection. In particular in software protection techniques including obfuscation and watermarking, Dynamic protection by virtualization, Evaluation and metrics in SW security, SW similarity analysis and learning in binary analysis, White-box cryptography and security.
Christian Collberg (University of Arizona)
Jack Davidson (University of Virginia)
Bjorn De Sutter (Gent University)
Yuan Gu (IRDETO)
Arun Lakhotia (University of Louisiana)
Brecht Wyseur (Nagravision)
Lecture speakers and description:
Christian Collberg (University of Arizona): Software Protection
Abstract: Software protection is the branch of computer security that studies techniques for protecting secrets contained in computer programs from being discovered, modified, or redistributed. In this introductory lecture we will show how an adversary can study a program under their control (using disassemblers, decompilers, etc.) in order to extract proprietary information or modify the program, for example in order to bypass a license check. We will discuss important basic software protection algorithms for obfuscation, tamper-proofing, and software watermarking, as well as basic reverse engineering techniques for attacking such protections.
Jack Davidson (University of Virginia): Code protection by dynamic translation
Abstract: Computing is increasingly ubiquitous. It is used in many areas of daily life, from cellular telephones, managing health and financial records, e-commerce, and electronic voting, to name a few. Users of these various computing platforms demand high quality, undisrupted service, and privacy and security of their personal information. Beyond personal use, much of society’s critical infrastructure is also controlled by complex software systems. Unfortunately, because of its complexity, it is difficult to build software that is impervious from attack by malicious adversaries. Indeed, every day there are reports of intrusions and security breaches that result in financial loss and disclosure of confidential or proprietary information. A promising approach for providing protection of software from a wide variety of attacks is the use of lightweight process virtualization via software dynamic translation. This course will introduce students to the concept of software dynamic translation, discuss its efficient implementation, and describe its use to protect software from various types of attacks. To introduce students to the power and utility of software dynamic translation, the course will include several hands-on exercises where the student implements a protection scheme using software dynamic translation.
Bjorn De Sutter (Gent University): Evaluating the strength of software protections
Abstract: Determining the effectiveness of software protection techniques is one of the major open challenges in the domain of software protection. How to do so is largely an open question that absolutely needs to be answered if we ever want to be able to provide non-experts with tools that automatically apply the best combination of protections given an application, its assets to be protected and the business model of the vendor. In this lecture, we will explore theoretical and practical approaches and metrics for modeling and evaluating the effectiveness of software protection techniques in MATE attack scenarios. We will study the toolboxes available to attackers, and methods to model attacks and to model the effects of protections on the engineering and exploitation of attacks. Finally, we will discuss how to run experiments involving human subjects. Such experiments are needed to determine the relation between measurable properties of (protected) applications and the effort that human attackers will have to invest for engineering attacks.
Yuan Gu (IRDETO): The industrial challenge in Software and information protection
This course is structured in two sessions: 1) a course lecture; 2) a panel to host a group of industrial experts to present, discuss and explore some most interesting software and information protection issues in emerging markets.
Arun Lakhotia (University of Louisiana): Binary analysis in Polymorphic Malware Detection
Abstract: Analysis of malware introduces new challenges that are not present when analyzing programs in the normal context. Besides the fact that the programs are in a binary form, they are explicitly created to defeat analysis by hiding behind undecidability. Nonetheless, I will show that program analysis methods can indeed be used to answer a variety of questions related to malware. For instance, by relaxing the requirements of safety one can use program analysis to provide semantics based “features” to a machine learner. Similarity analysis is a key tool for understanding and querying big-data of code, in particular in the context of malware analysis and mitigation. We will provide an end-to-end experience in analyzing malware binaries, extracting semantics features, and using those in a machine learner to find similar malware in a repository. We will use these hands-on exercises to also highlight opportunities and challenges for further research, and introduce you to the state-of-the-art technologies to get started.
Brecht Wyseur (Nagravision): White-box Cryptography
Abstract: Software applications often rely on cryptographic algorithms to protect a given service that they support. Think of banking applications, DRM applications, cloud storage services, secure email and teleconferencing, games. Many of these examples will suffer severe consequences when secret key information leaks from the software application. This lecture will explore the challenges of mitigating such information leakage in use-cases where the software is executed on platforms that are completely under control of malicious users. This is the research field that is denoted as white-box cryptography. After an introduction on the threats and some examples, the audience will be guided through the state of the art in white-box cryptography, and we will discuss some challenges and opportunities.