Expanded Definition of Protection

To: Prof. Jason Ellis
From: Roshel Babayev
Date: 10/26/2021
Subject: Expanded Definition of Protection

Introduction


I’m writing to elaborate on the definition of the word protection. Protection is a very valuable thing in today’s day and we must understand where it came from and how it works. There will also be valuable examples of how it is used via real world examples and the main purpose of protection. Following will be discussed the context in which it is most commonly used in the use case of computer security.

Definition


The generic definition of the word protection is to stop something but that’s not how it’s classified everywhere. Merriam webster defines this word as “to cover or shield from exposure, injury, damage, or destruction : GUARD” [1] while others define it as “the action of protecting”. This word has been around since the beginning of time but in many different forms either being utilized as a means to define protection for a person or today where we use it as a means to describe computer security. The article provides some additional insight on the word “Historically, software protection first appeared as (often feeble) attempts at adding license-checking code to computer games, followed by algorithms for white-box cryptography used for digital-media piracy protection” [3]. Protection has shifted from initially being used in real world situations to digital scenarios as the world gradually moves into the digital age. While protection does have the same meaning behind its definition, the use case in which the definition is applied does in fact change.

Context


Security has always been an issue when it comes to software. Most software developers may not even know this but as they proceed in their development process, some vulnerabilities may be in place. A good way to hide these issues is to prevent others from seeing how the code works and functions as a whole. As long as the software is utilized in its intentional manner, there are no real issues to worry about. But there are always people who seek to break and destroy for their own reasons and for these purposes, protection for software was created. Not only doe protection prevents piracy of software, it also attempts to prevent others from reversing it and discovering vulnerabilities within it. Malicious users often times use these methods as a means to gain access to other people’s systems via a vulnerability they never even knew about.
There are many ways to protect a piece of software. There are means through tamper-proof the software which allows software to verify its own integrity to prevent any sort of unauthorized modification from occurring which can lead to malicious purposes for either reversing of said software or preventing hijacked software from executing. Watermarking is also a possibility to keep your software out of the wrong hands so that if it ever does get publicly exposed, you’ll know where the origin came from and you can handle the problem and prevent it from happening again. There are many methods that you can use to ensure software security via protection but protection has multiple uses either for anti-piracy means or for preventing reversing for malicious purposes. Using software protection may be expensive at times but more than often the cost of security provided by such services is just worth it.
Some people decide to store valuable information within their software such as including a login to their remote server to perform some action on user login or other events. This login is shipped to everyone who obtains access to this software and nothing is really stopping them from just obtaining this login especially when more than often, it’s stored in plain text. Using software protection ensures that even if someone has your software, it protects valuable pieces of information such as this. In practical usage this is obviously a terrible idea to ship software with such valuable information but things like this do happen quite often in the real development world.

Working Definition


A software developer should always be aware of any and all issues that may arise from their code. As a secondary means to prevent any sort of malicious execution, applying protection to your code will ensure an additional level of security as the malicious user will first need to get passed that layer of protection before having the chance at manipulating your code. Protection comes in many forms and there are many ways to protect but in the end, it’s a never ending war.

References

[1] https://www.merriam-webster.com/dictionary/protection
[2] https://www.oxfordlearnersdictionaries.com/us/definition/american_english/protection
[3] Falcarin, Paolo et al. “Software Protection.” IEEE software 28.2 (2011): 24–27.

500-Word Summary of Article About Software Protection

To: Professor Ellis
From: Roshel Babayev
Date: 10/5/2021
Subject: 500-Word Summary of Article About Software Protection

Computer systems have many vulnerable points with the most vulnerable aspect being the system administrators. A very common attack is known as a man-at-the-end attack (MATE) is performed via tampering based on information obtained by reverse engineering (which is highly illegal). To stop these types of attacks from occurring, we try our best to ensure all items are in proper order by verifying their signature. We implement obfuscation to prevent (or at least slow down) the reverse engineering process and to preserve integrity of the software. For a MATE attack to process, the malicious user must get their hands on the software and is required to reverse engineer it but with software protection being implemented, it makes their task much harder. Utilizing a MATE attack could be just something to assist you from paying your bills to something catastrophic especially when is it utilized as a terroristic attack. 

Today, the video gaming market is one of the most significant aspects of the US economy but with cheaters producing their own virtual in-game item (which has value in the real world), they essentially devalue the economy. The major issue with these attacks is that all our information is stored digitally including military secrets and if someone could get their hands on this information especially if it is an outside party, could cause severe damage to us. Software protection isn’t a full-proof way to stop these sorts of attacks, it only delays the inevitable. There are four basic categories in which software protection falls under: code obfuscation, tamper-proofing, watermarking and birthmarking. Code obfuscation makes it much harder to reverse-engineer software. Tamper-proofing has the basic purpose of ensuring the file has not been modified in any such way via implemented checks. Watermarking allows for a fingerprint on the software indicating who is the owner of said reverse-engineered software and is often combined with tamper-proofing. 

In a sequence of articles, Mariano Ceccato and Paolo Tonella wrote an article detailing a concept which allow the client to have a stub which when ran would stream the real code from the server to the client but each time it would be streamed, it would be mutated so that you could never pull the original code out. Following that article’s release, another article was developed showcasing the new Trusted Platform Module chips which are found regularly on computers these days and allow for more effective use of tamper-resistance. As a method to avoid others from stealing proprietary code, open-source development allowed for a license in-place to prevent others from stealing your code. Since code didn’t have a proper means to be copyrighted, a new license was introduced which was a service license based on ODRL-S. While software protection is a must these days, the major downside is performance taking a hit when using many security methods. 

Reference:
[1] Falcarin, Paolo et al. “Software Protection.” IEEE software 28.2 (2011): 24–27.