2017 IEEE/ACM 25th International Conference on Program Comprehension (ICPC) 2017
DOI: 10.1109/icpc.2017.2
|View full text |Cite
|
Sign up to set email alerts
|

How Professional Hackers Understand Protected Code while Performing Attack Tasks

Abstract: Code protections aim at blocking (or at least delaying) reverse engineering and tampering attacks to critical assets within programs. Knowing the way hackers understand protected code and perform attacks is important to achieve a stronger protection of the software assets, based on realistic assumptions about the hackers' behaviour. However, building such knowledge is difficult because hackers can hardly be involved in controlled experiments and empirical studies.The FP7 European project Aspire has given the a… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
27
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
4
4
2

Relationship

0
10

Authors

Journals

citations
Cited by 29 publications
(27 citation statements)
references
References 22 publications
(30 reference statements)
0
27
0
Order By: Relevance
“…To measure intercoder reliability, we used Krippendorff's Alpha (α), as it accounts for chance agreements [67]. 2 After each round, the coders resolved any differences, updated the codebook as necessary, and re-coded previously coded interviews. The coders repeated this process four times until they achieved an α of 0.8, which is above the recommended level for exploratory studies [67,69].…”
Section: Discussionmentioning
confidence: 99%
“…To measure intercoder reliability, we used Krippendorff's Alpha (α), as it accounts for chance agreements [67]. 2 After each round, the coders resolved any differences, updated the codebook as necessary, and re-coded previously coded interviews. The coders repeated this process four times until they achieved an α of 0.8, which is above the recommended level for exploratory studies [67,69].…”
Section: Discussionmentioning
confidence: 99%
“…Different metrics are used to measure various security requirements [22], and similarly code metrics have also been a common approach to measure obfuscation strength [23] or by calculating their potency [3]. Other approaches have been proposed to measure the attacker effort increased by obfuscation by means of controlled experiments with students [23], penetration testers [24] or public challenges [25], while other works tried to represent the attacker effort with modelling approaches based on Petri nets [26] [27], or an ontology of attacks and protections [28].…”
Section: Related Workmentioning
confidence: 99%
“…Other properties of translated/obfuscated code, such us how harder it is to understand and to attack, are out of the scope of the present paper. To investigate these properties, human studies and controlled experiment are required, and we are planning and conducting them as part of our research activity [5], [24], [6] A. Case Studies…”
Section: Empirical Validationmentioning
confidence: 99%