Software Protections: Theory, practice, and recent advances
Sebastian Schrittwieser, Ph.D.
University of Vienna, Vienna, Austria
Sebastian Schrittwieser is a postdoc at the Security and Privacy research group (SEC) at the Faculty of Computer Science of the University of Vienna. From 2015 to 2020 he headed the Josef Ressel Center on Unified Threat Intelligence on Targeted Attacks. His research primarily focuses on software protections, mobile security, and psychological aspects of information security.
The area of Man-At-The-End (MATE) software protection is a battlefield on which an arms race and white-box attacks take place: Attackers control the devices and environments in which they use a range of tools to inspect, analyze and alter the software’s static representation and its dynamic state.
Both defensive and offensive techniques are developed and deployed for benign reasons as well as with malicious intents. Obfuscation techniques are deployed for protecting the confidentiality and integrity of software assets (e.g., algorithms and secret keys) but also for hiding malware injected into software. Vice versa, de-obfuscation techniques are developed by criminals attacking software assets as well as by security experts developing malware protections such as anti-virus scanners and malware analyzers. However, in contrast to another well-known protection methods, such as cryptography, it is very difficult to make a statement about the strength of an obfuscation protection.
This talk gives an overview on the practical use of software protections, its measurability as well as recent advances in obfuscation theory (indistinguishability obfuscation).