• PDF / 710,848 Bytes
• 16 Pages / 439.37 x 666.142 pts Page_size
• 7 Downloads / 214 Views

DOWNLOAD

REPORT

Abstract. This paper proposes a novel semi-automatic risk analysis approach that not only identifies the threats against the assets in a software application, but it is also able to quantify their risks and to suggests the software protections to mitigate them. Built on a formal model of the software, attacks, protections and their relationships, our implementation has shown promising performance on real world applications. This work represents a first step towards a user-friendly expert system for the protection of software applications. Keywords: Software protection attacks

1

·

Software risk analysis

·

Software

Introduction

Software is pervasive in our life. We rely on software applications for our leisure and to ease our work, regardless of our fields of activity. In addition, software is one of the pillars of the world economy that moves billions to trillions of dollars. Developers have to protect their applications from tampering and avoid that confidential data in their software are disclosed. In short, companies have to protect the assets in their software, assets that are exposed to very powerful attacks, known as Man-at-the-End (MatE) attacks, from crackers that fully control the execution environment of the software to protect. When the software must be protected, the human experience is the leading factor and almost the only one. While big companies have ad hoc teams to decide how to protect their applications or they can pay specialized companies, small and medium enterprises cannot afford the costs for properly protecting their software. By remaining vulnerable, it can damage the companies themselves, generating monetary losses, and all of us, becoming a vector for various kind of malware. Automatic or assisted techniques are needed to help software developers in protecting their applications. In this paper we propose a novel risk analysis approach to (1) identify the threats against the assets in target applications, (2) quantify their risks against them and (3) suggest potential mitigations. In this context, the mitigations are c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing Switzerland 2016. All Rights Reserved S. Foresti and J. Lopez (Eds.): WISTP 2016, LNCS 9895, pp. 120–135, 2016. DOI: 10.1007/978-3-319-45931-8 8

Towards Automatic Risk Analysis and Mitigation of Software Applications

121

the protections applied to each asset in order to reduce their exposure to the identified risks. This work represents a first step towards an expert system that can drive the software developers in all the delicate phases of software protection. While the ambition is to make software protection another standard, almost push-button activity like the compilation, in the short term, our approach can be an interesting solution for small and medium enterprises. A preliminary version of this work has been already published [1], focusing only on the automatic threats identification. With respect to our previous approach, the main improvements in this pap

Recommend Documents

Towards Automatic Verification of Web-Based SOA Applications

151 20 32MB

Data-Centric Business and Applications Towards Software Development

166 12 11MB

Towards a software quality certification of master data-based applications

169 25 1MB

Risk Mitigation and Resilience of Human Settlement

180 104 2MB

Towards Automatic Fingerprinting of Groundwater Aquifers

145 51 19MB

Towards the Generalization of Distributed Software Communication

139 95 58MB

Mitigation of ARP Cache Poisoning in Software-Defined Networks

169 18 39MB

Risk Bias Externalization for Offshore Software Outsourcing by Conjoint Analysis

149 77 552KB

A Risk Analysis and Sustainability Approach to Natural Disaster Assessment and Mitigation Philosophy in the World

173 67 3MB

Interoperability of Enterprise Software and Applications

156 39 7MB

Attitudes Towards Risk

189 90 147MB

TANet: Towards Fully Automatic Tooth Arrangement

200 10 136MB