Software piracy prevention through diversity

Anckaert, Bertrand; Sutter, Bjorn De; Bosschere, Koen De

doi:10.1145/1029146.1029157

Cited by 22 publications

(20 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The type and quality of access to the Internet and its cost affect the access to the software. In [29], [30], using a population (219 professional users and 575 amateur users), software and hardware protection against unauthorized copying of the software was analyzed using a survey. The results showed that none of the protections has a significant impact on the level of theft.…”

Section: E Technical Dimensionsmentioning

confidence: 99%

Examining Software Intellectual Property Rights

Sargolzaei¹,

Keikha²

2017

ijacsa

View full text Add to dashboard Cite

Abstract-Intellectual property rights (IPR) of computer software is the right to assign the software to its creator, not limited to time and space, and non-transferable. Proving IPR of the creators of computer software requires a rigorous review of the ways in which these rights may be violated. The present study was conducted by comparing two populations in Iran with the aim of identifying the level of familiarity and observance of software IPR: 1) 96 software engineers member of IEEE Association and 2) 386 students randomly. Results are analyzed by SPSS software and the validity of the results is verified using T-test. By comparing the results, it was concluded that the first population significantly observed these cases more. Then a model was presented for protecting software IPR so that the challenges are reduced. This research is the completion of our previous work that was discussed as a future work.

show abstract

Section: E Technical Dimensionsmentioning

confidence: 99%

Examining Software Intellectual Property Rights

Sargolzaei¹,

Keikha²

2017

ijacsa

View full text Add to dashboard Cite

show abstract

“…While software diversification is an effective solution (see e.g. [2]), it raises major difficulties in software distribution, because each copy has to be different. There is no efficient way for the distribution of diversified copies via physical media (e.g.…”

Section: Related Workmentioning

confidence: 99%

Code Obfuscation against Static and Dynamic Reverse Engineering

Schrittwieser

Katzenbeisser

2011

Information Hiding

View full text Add to dashboard Cite

Abstract. The process of reverse engineering allows attackers to understand the behavior of software and extract proprietary algorithms and data structures (e.g. cryptographic keys) from it. Code obfuscation is frequently employed to mitigate this risk. However, while most of today's obfuscation methods are targeted against static reverse engineering, where the attacker analyzes the code without actually executing it, they are still insecure against dynamic analysis techniques, where the behavior of the software is inspected at runtime. In this paper, we introduce a novel code obfuscation scheme that applies the concept of software diversification to the control flow graph of the software to enhance its complexity. Our approach aims at making dynamic reverse engineering considerably harder as the information an attacker can retrieve from the analysis of a single run of the program with a certain input, is useless for understanding the program behavior on other inputs. Based on a prototype implementation we show that our approach improves resistance against both static disassembling tools and dynamic reverse engineering at a reasonable performance penalty.

show abstract

“…Another point to note is that the checker structure and location changes with each invocation of the application, providing an ever-changing attack surface for the adversary. Based on the outcomes derived by previous work on software diversity, [11,85,90], we conclude that instantiation polymorphism is effective at defeating automated attacks based on regular expressions. Figure 5.8 displays the performance overhead of Strata and the protection features normalized to native (i.e., the baseline is the application running natively on the platform).…”

Section: Measuring Diversity Of Checker Instancesmentioning

confidence: 67%

“…Since automated attacks are easier to craft than customized attacks, the vulnerability of any security scheme to automated attacks significantly reduces its effectiveness. To combat such attacks, many systems employ software diversity, which consists of customizing every instance of a particular security scheme [85,86] . The basic premise behind software diversity is that each security implementation is different from another instance, such that an automatic attack has a reduced chance of success.…”

Section: Instantiation Polymorphismmentioning

confidence: 99%

See 1 more Smart Citation

Software Protection via Composable Process-level Virtual Machines

Ghosh

View full text Add to dashboard Cite

Complex hardware/software systems are ubiquitous, affecting every aspect of daily life. Software is integral to the normal functioning of critical systems such as power plants, financial systems, communication systems, modern medical systems and devices, and transportation systems to name a few. Because of society's increasing reliance on these systems, it is of paramount importance that software perform as intended, and not be subverted for malicious purposes. Consequently, techniques that thwart reverse engineering and tamper, (called tamper-resistance techniques), have become increasingly important as a means to hinder malicious exploitation of software in critical systems.Given the growing importance of preventing tampering with critical systems, research in this area has grown. Recently, software virtualization has been proposed as a suitable mechanism to impart tamper resistance to software applications. However, protections based on virtualization have not fully matured, which has led to successful attacks. This dissertation is the culmination of a detailed study examining the application of low-overhead process-level virtualization to protect software applications from reverse engineering and tamper.This research is structured as follows: First, a formal model describing virtualization is presented.The model is useful in describing general-purpose computing systems and the applicability of virtualization in protecting applications. Then we explored several novel tamper-resistance techniques that are based on process-level virtualization. Each technique was thoroughly evaluated in terms of performance overhead and protection. During the course of our investigation, a serious vulnerability in current process-level virtual machines was discovered. We modeled this vulnerability using our formal model and describe two attack implementations that successfully exploit this vulnerability. Finally, ii Abstract iii we conceptualize a revolutionary protection technique to compose an application with multiple virtual machines, providing robust program protection. The ideas presented in this dissertation are evaluated using current state-of-the-art attacks to gauge its effectiveness. The results of our investigation reveal that composable virtual machines are significantly more effective in thwarting reverse engineering and software tamper than current protection techniques. AcknowledgementsThere are too many people who deserve thanks for their invaluable help throughout this process, so this is not a comprehensive list. First and foremost, I would like to thank my committee, Jack

show abstract

Software piracy prevention through diversity

Cited by 22 publications

References 10 publications

Examining Software Intellectual Property Rights

Examining Software Intellectual Property Rights

Code Obfuscation against Static and Dynamic Reverse Engineering

Software Protection via Composable Process-level Virtual Machines

Contact Info

Product

Resources

About