A Taxonomy of Software Integrity Protection Techniques

Mohsen Ahmadvand, Alexander Pretschner, Florian Kelbert

Publikation: Beitrag in Buch/Bericht/KonferenzbandKapitelBegutachtung

20 Zitate (Scopus)

Abstract

Tampering with software by man-at-the-end (MATE) attackers is an attack that can lead to security circumvention, privacy violation, reputation damage, and revenue loss. In this model, adversaries are end users who have full control over software as well as its execution environment. This full control enables them to tamper with programs to their benefit and to the detriment of software vendors or other end users. Software integrity protection research seeks for means to mitigate those attacks. Since the seminal work of Aucsmith, a great deal of research effort has been devoted to fight MATE attacks, and many protection schemes were designed by both academia and industry. Advances in trusted hardware, such as TPM and Intel SGX, have also enabled researchers to utilize such technologies for additional protection. Despite the introduction of various protection schemes, there is no comprehensive comparison study that points out advantages and disadvantages of different schemes. Constraints of different schemes and their applicability in various industrial settings have not been studied. More importantly, except for some partial classifications, to the best of our knowledge, there is no taxonomy of integrity protection techniques. These limitations have left practitioners in doubt about effectiveness and applicability of such schemes to their infrastructure. In this work, we propose a taxonomy that captures protection processes by encompassing system, defense and attack perspectives. Later, we carry out a survey and map reviewed papers on our taxonomy. Finally, we correlate different dimensions of the taxonomy and discuss observations along with research gaps in the field.

OriginalspracheEnglisch
TitelAdvances in Computers
Redakteure/-innenAtif M. Memon
Herausgeber (Verlag)Academic Press Inc.
Seiten413-486
Seitenumfang74
ISBN (Print)9780128151211
DOIs
PublikationsstatusVeröffentlicht - 1 Jan. 2019

Publikationsreihe

NameAdvances in Computers
Band112
ISSN (Print)0065-2458

Fingerprint

Untersuchen Sie die Forschungsthemen von „A Taxonomy of Software Integrity Protection Techniques“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren