Software Protection Decision Support and Evaluation Methodologies (Dagstuhl Seminar 19331)

Abstract

This report documents the program and the outcomes of Dagstuhl Seminar 19331 ``Software Protection Decision Support and Evaluation Methodologies''. The seminar is situated in the domain of software protection against so-called man-at-the-end attacks, in which attackers have white-box access to the software that embeds valuable assets with security requirements such as confidentiality and integrity. The attackers try to compromise those by reverse-engineering the software and by tampering with it. Within this domain, the seminar focused mainly on three aspects: 1) how to evaluate newly proposed protections and attackers thereon; 2) how to create an appropriate benchmark suite to be used in such evaluations; 3) how to build decision support to aid users of protection tool with the selection of appropriate protections. The major outcomes are a structure for a white-paper on software protection evaluation methodologies, with some concrete input collected on the basis of four case studies explored during the seminar, and a plan for creating a software protection benchmark suite.