Software Protection Decision Support and Evaluation Methodologies

This report documents the program and the outcomes of Dagstuhl Seminar 19331 “Software Protection Decision Support and Evaluation Methodologies”. The seminar is situated in the domain of software protection against so-called man-at-the-end attacks, in which attackers have white-box access to the software that embeds valuable assets with security requirements such as confidentiality and integrity. The attackers try to compromise those by reverse-engineering the software and by tampering with it. Within this domain, the seminar focused mainly on three aspects: 1) how to evaluate newly proposed protections and attackers thereon; 2) how to create an appropriate benchmark suite to be used in such evaluations; 3) how to build decision support to aid users of protection tool with the selection of appropriate protections. The major outcomes are a structure for a white-paper on software protection evaluation methodologies, with some concrete input collected on the basis of four case studies explored during the seminar, and a plan for creating a software protection benchmark suite. Seminar August 11–16, 2019 – http://www.dagstuhl.de/19331 2012 ACM Subject Classification Security and privacy → Software and application security