Saved in:
Bibliographic Details
Main Authors: De Sutter, Bjorn, Schrittwieser, Sebastian, Coppens, Bart, Kochberger, Patrick
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2307.07300
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916230050349056
author De Sutter, Bjorn
Schrittwieser, Sebastian
Coppens, Bart
Kochberger, Patrick
author_facet De Sutter, Bjorn
Schrittwieser, Sebastian
Coppens, Bart
Kochberger, Patrick
contents Man-at-the-end (MATE) attackers have full control over the system on which the attacked software runs, and try to break the confidentiality or integrity of assets embedded in the software. Both companies and malware authors want to prevent such attacks. This has driven an arms race between attackers and defenders, resulting in a plethora of different protection and analysis methods. However, it remains difficult to measure the strength of protections because MATE attackers can reach their goals in many different ways and a universally accepted evaluation methodology does not exist. This survey systematically reviews the evaluation methodologies of papers on obfuscation, a major class of protections against MATE attacks. For 571 papers, we collected 113 aspects of their evaluation methodologies, ranging from sample set types and sizes, over sample treatment, to performed measurements. We provide detailed insights into how the academic state of the art evaluates both the protections and analyses thereon. In summary, there is a clear need for better evaluation methodologies. We identify nine challenges for software protection evaluations, which represent threats to the validity, reproducibility, and interpretation of research results in the context of MATE attacks and formulate a number of concrete recommendations for improving the evaluations reported in future research papers.
format Preprint
id arxiv_https___arxiv_org_abs_2307_07300
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Evaluation Methodologies in Software Protection Research
De Sutter, Bjorn
Schrittwieser, Sebastian
Coppens, Bart
Kochberger, Patrick
Cryptography and Security
Man-at-the-end (MATE) attackers have full control over the system on which the attacked software runs, and try to break the confidentiality or integrity of assets embedded in the software. Both companies and malware authors want to prevent such attacks. This has driven an arms race between attackers and defenders, resulting in a plethora of different protection and analysis methods. However, it remains difficult to measure the strength of protections because MATE attackers can reach their goals in many different ways and a universally accepted evaluation methodology does not exist. This survey systematically reviews the evaluation methodologies of papers on obfuscation, a major class of protections against MATE attacks. For 571 papers, we collected 113 aspects of their evaluation methodologies, ranging from sample set types and sizes, over sample treatment, to performed measurements. We provide detailed insights into how the academic state of the art evaluates both the protections and analyses thereon. In summary, there is a clear need for better evaluation methodologies. We identify nine challenges for software protection evaluations, which represent threats to the validity, reproducibility, and interpretation of research results in the context of MATE attacks and formulate a number of concrete recommendations for improving the evaluations reported in future research papers.
title Evaluation Methodologies in Software Protection Research
topic Cryptography and Security
url https://arxiv.org/abs/2307.07300