500-Word Summary of Article About Software Protection

To: Professor Ellis
From: Roshel Babayev
Date: 10/5/2021
Subject: 500-Word Summary of Article About Software Protection

Computer systems have many vulnerable points with the most vulnerable aspect being the system administrators. A very common attack is known as a man-at-the-end attack (MATE) is performed via tampering based on information obtained by reverse engineering (which is highly illegal). To stop these types of attacks from occurring, we try our best to ensure all items are in proper order by verifying their signature. We implement obfuscation to prevent (or at least slow down) the reverse engineering process and to preserve integrity of the software. For a MATE attack to process, the malicious user must get their hands on the software and is required to reverse engineer it but with software protection being implemented, it makes their task much harder. Utilizing a MATE attack could be just something to assist you from paying your bills to something catastrophic especially when is it utilized as a terroristic attack. 

Today, the video gaming market is one of the most significant aspects of the US economy but with cheaters producing their own virtual in-game item (which has value in the real world), they essentially devalue the economy. The major issue with these attacks is that all our information is stored digitally including military secrets and if someone could get their hands on this information especially if it is an outside party, could cause severe damage to us. Software protection isn’t a full-proof way to stop these sorts of attacks, it only delays the inevitable. There are four basic categories in which software protection falls under: code obfuscation, tamper-proofing, watermarking and birthmarking. Code obfuscation makes it much harder to reverse-engineer software. Tamper-proofing has the basic purpose of ensuring the file has not been modified in any such way via implemented checks. Watermarking allows for a fingerprint on the software indicating who is the owner of said reverse-engineered software and is often combined with tamper-proofing. 

In a sequence of articles, Mariano Ceccato and Paolo Tonella wrote an article detailing a concept which allow the client to have a stub which when ran would stream the real code from the server to the client but each time it would be streamed, it would be mutated so that you could never pull the original code out. Following that article’s release, another article was developed showcasing the new Trusted Platform Module chips which are found regularly on computers these days and allow for more effective use of tamper-resistance. As a method to avoid others from stealing proprietary code, open-source development allowed for a license in-place to prevent others from stealing your code. Since code didn’t have a proper means to be copyrighted, a new license was introduced which was a service license based on ODRL-S. While software protection is a must these days, the major downside is performance taking a hit when using many security methods. 

[1] Falcarin, Paolo et al. “Software Protection.” IEEE software 28.2 (2011): 24–27.

Leave a Reply