When a piece of software is loaded on an untrusted machine it can be analyzed by an attacker who could discover any secret information hidden in the code. Software protection by continuously updating the components deployed in an untrusted environment forces a malicious user to restart her or his analyses, thus reducing the time window in which the attack is feasible. In this setting, both the attacker and the defender need to know how to direct their(necessarily limited) efforts. In this paper, we analyze the problem from a game theoretical perspective in order to devise a rational strategy to decide when and which orthogonal updates have to be scheduled in order to minimize the security risks of tampering. We formalize the problem of protecting a set of software modules and we cast it as a game. Since the update strategy is observable by the attacker, we show that the Leader-Follower equilibrium is the proper solution concept for such a game and we describe the basic method to compute it.
A security game model for remote software protection / N. Basilico, A. Lanzi, M. Monga - In: Availability, Reliability and Security (ARES), 2016 11th International Conference on[s.l] : IEEE, 2016 Dec. - ISBN 9781509009909. - pp. 437-443 (( Intervento presentato al 11. convegno ARES tenutosi a Salzburg nel 2016.
A security game model for remote software protection
N. Basilico;A. Lanzi;M. Monga
2016
Abstract
When a piece of software is loaded on an untrusted machine it can be analyzed by an attacker who could discover any secret information hidden in the code. Software protection by continuously updating the components deployed in an untrusted environment forces a malicious user to restart her or his analyses, thus reducing the time window in which the attack is feasible. In this setting, both the attacker and the defender need to know how to direct their(necessarily limited) efforts. In this paper, we analyze the problem from a game theoretical perspective in order to devise a rational strategy to decide when and which orthogonal updates have to be scheduled in order to minimize the security risks of tampering. We formalize the problem of protecting a set of software modules and we cast it as a game. Since the update strategy is observable by the attacker, we show that the Leader-Follower equilibrium is the proper solution concept for such a game and we describe the basic method to compute it.
| File | Dimensione | Formato | |
|---|---|---|---|
|
ares2016.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
167.93 kB
Formato
Adobe PDF
|
167.93 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
