2016 Proceeding- General Chair:
- Brecht Wyseur,
- Program Chair:
- Bjorn De Sutter
It is our great pleasure to welcome you to the 2nd International Workshop on Software PROtection -- SPRO'16. For the second year, this one-day workshop hopes to bring researchers and practitioners from academies and from industry together in Europe to focus on all matters relevant to the protection of software against man-at-the-end attacks.
For this second edition, we received fourteen papers, of which eight were eventually selected for presentation and publication. The papers cover the research areas of white-box cryptography, integrity checking, obfuscation, and software vulnerabilities. We are sure the eight presentations, spread over three research paper sessions, will help you in acquiring new insights and will spark interesting discussions.
We also encourage attendees to attend the keynote presentation titled "Intel Software Guard Extensions - Introduction and Open Research Challenges" by Matthias Schunter (Intel), as well as the panel (and public!) discussion on the topic "Software Protection Research in Europe, where are we going?". Furthermore, we look forward to the tutorial on the ASPIRE Framework for Software Protection that will be presented by the ASPIRE project consortium.
This valuable and insightful talk, discussion, and hands-on demonstration will guide us to a better understanding of the current state-of-the-art and of the challenges our community should focus and collaborate on in the near future.
Proceeding Downloads
Intel Software Guard Extensions: Introduction and Open Research Challenges
Hardware-enhanced security is an important pillar of secure systems in general and software protection in particular. This presentation will survey the recently announced Intel Software Guard Extensions (Intel SGX) as well as innovative usages for ...
Beyond the Attack Surface: Assessing Security Risk with Random Walks on Call Graphs
When reasoning about software security, researchers and practitioners use the phrase ``attack surface'' as a metaphor for risk. Enumerate and minimize the ways attackers can break in then risk is reduced and the system is better protected, the metaphor ...
ROP Gadget Prevalence and Survival under Compiler-based Binary Diversification Schemes
Diversity has been suggested as an effective alternative to the current trend in rules-based approaches to cybersecurity. However, little work to date has focused on how various techniques generalize to new attacks. That is, there is no accepted ...
Defeating MBA-based Obfuscation
Mixed Boolean-Arithmetic expressions are presented as a strong protection in the context of data flow obfuscation. As there is very little literature on the analysis of such obfuscated expressions, two important subjects of interest are to define what ...
VOT4CS: A Virtualization Obfuscation Tool for C#
Software protection is a difficult task especially for managed code, which executes only on a runtime environment such as C# or Java. Applications developed in such languages can be accurately decompiled, as opposed to x86 machine code. This facilitates ...
Binary Permutation Polynomial Inversion and Application to Obfuscation Techniques
Whether it is for conditional statement, constant, opaque predicate or equation obfuscation, Mixed Boolean Arithmetics (MBA) technique is a powerful tool providing concrete ways to achieve obfuscation. Recent papers ([22,1]) presented ways to mix such ...
StIns4CS: A State Inspection Tool for C#
Software protection aims to prevent unauthorized use, analysis, modification and distribution of software. This goal is hard to achieve, especially for a program running on a platform (e.g. physical device) controlled by an adversary also known as man-...
Reactive Attestation: Automatic Detection and Reaction to Software Tampering Attacks
Anti-tampering is a form of software protection conceived to detect and avoid the execution of tampered programs. Tamper detection assesses programs' integrity with load or execution-time checks. Avoidance reacts to tampered programs by stopping or ...
Attacking White-Box AES Constructions
A white-box implementation of the Advanced Encryption Standard (AES) is a software implementation which aims to prevent recovery of the block cipher's master secret key. This paper refines the design criteria for white-box AES constructions by ...
The ASPIRE Framework for Software Protection
- Bjorn De Sutter,
- Cataldo Basile,
- Mariano Ceccato,
- Paolo Falcarin,
- Michael Zunke,
- Brecht Wyseur,
- Jerome d'Annoville
In the ASPIRE research project, a software protection tool flow was designed and prototyped that targets native ARM Android code. This tool flow supports the deployment of a number of protections against man-at-the-end attacks. In this tutorial, an ...
Index Terms
- Proceedings of the 2016 ACM Workshop on Software PROtection
Recommendations
ACM CoNEXT 2016 Student Workshop
CoNEXT '16: Proceedings of the 12th International on Conference on emerging Networking EXperiments and TechnologiesThe ACM CoNEXT 2016 Student Workshop is held in Irvine, California, USA on December 12, 2016 and co-located with the ACM 12th International Conference on emerging Networking Experiments and Technologies (CoNEXT 2016). The main objective of the workshop ...
Acceptance Rates
| Year | Submitted | Accepted | Rate |
|---|---|---|---|
| SPRO '16 | 14 | 8 | 57% |
| Overall | 14 | 8 | 57% |