Authors:
Chit W. (Nick) Saw
;
Mariusz M. Jakubowski
and
Ramarathnam Venkatesan
Affiliation:
Microsoft Research, United States
Keyword(s):
Software protection, Tamper-resistance, Obfuscation, Security metrics.
Related
Ontology
Subjects/Areas/Topics:
Enterprise Information Systems
;
Formal Methods
;
Information and Systems Security
;
Information Systems Analysis and Specification
;
Methodologies and Technologies
;
Operational Research
;
Secure Software Development Methodologies
;
Security
;
Security Engineering
;
Security in Information Systems
;
Security Metrics and Measurement
;
Security Verification and Validation
;
Simulation and Modeling
Abstract:
This paper describes a new framework for design, implementation and evaluation of software-protection schemes. Our approach is based on the paradigm of iterated protection, which repeats and combines simple transformations to build up complexity and security. Based on ideas from the field of complex systems, iterated protection is intended as an element of a comprehensive obfuscation and tamper-resistance system, but not as a full-fledged, standalone solution. Our techniques can (and should) be combined with previously proposed approaches, strengthening overall protection.
A long-term goal of this work is to create protection methods amenable to analysis or estimation of security in practice. As a step towards this, we present security evaluation via metrics computed over transformed code. Indicating the difficulty of real-life reverse engineering and tampering, such metrics offer one approach to move away from ad hoc, poorly analyzable approaches to protection.