1st Software Security and Protection Workshop
July 11, 2011 Beijing, China
THEME: Tools, Techniques,and Procedures for Modeling and Evaluation of Man-at-the-end attacks and Defenses
Software Security and Protection research has been hampered by a lack of evaluation standards and benchmarks that would allow uniform comparison of different protection algorithms. Such evaluation procedures would be of benefit to vendors of software protection tools who can argue that their tools are better than those of their competitors, for users of software protection tools who can make informed decisions on which tools to use, as well as for software protection researchers who can argue that new algorithms are in fact an improvement over previous ones.
A successful evaluation procedure will be able to determine mechanistically the "goodness" of a software protection algorithm. Specifically, the outcome of an evaluation should express a set of properties about the algorithm, such as how it trades off between level of protection and performance, how much information it leaks (stealth), and how difficult it is for an adversary to disable (resilience).
The purpose of this workshop is to get world class experts in software security and protection together to brainstorm on how to develop metrics, tools, and procedures for evaluating tamperproofing, watermarking, obfuscation, and birthmarking algorithms. Since evaluation procedures must be designed with respect to some class of attacks, strides will also be made towards a universally accepted attack model for software protection research.
The ultimate goal of the workshop is to produce recognized and agreed-upon research areas and ideas for future exploration on attack models and evaluation procedures, and a plan for how to move forward in further developing such ideas. A whitepaper will be produced collectively by participants to document the important results and conclusions from this workshop. The whitepaper will be published in order to further advance research and technology development in this field.
- Morning session: Short presentations by invited and selected experts
- Afternoon session:Structuring a whitepaper and deciding on a research roadmap.
- Evening session: Round-table discussions
- Detailed Information
- Christian Collberg (Chair), Collberg@gmail.com, University of Arizona, USA
- Yuan Xiang Gu, firstname.lastname@example.org, Irdeto, Canada
- Jack Davidson, email@example.com, University of Virginia, USA
- Roberto Giacobazzi, firstname.lastname@example.org, University of Verona, Italy
- Chuan-Kun Wu, email@example.com, SKLOIS, CAS, China
- Moti Yung, firstname.lastname@example.org, Google, USA
Scope of Topics
- Security modeling
- Theoretical models
- Protection metrics and measurements
- Diversity metrics and measurements
- Protection profiling
- Protection verification
- Protection evaluation procedures and methodology
- Man-at-the-end attack analysis
- Man-at-the-end attack detection
- Security patterns
- Security lifecycle management
- Security and performance trade-off
- User interface design for controlling protection
- Static security and dynamic security
- Secure software interaction to computer architecture and run-time environment
- Platform dependency and impact on software protection techniques
- Software protection supporting technologies
- Future challenges and trends
- New cutting-edge protection technologies
Prospective participants should submit a title and abstract (up to 1000 words) to email@example.com using the 2-column IEEE conference format.
- Abstract submission: May 30, 2011
- Notification of acceptance: June 15, 2011