On the impossibility of effectively
using likely-invariants for software attestation purposes 1Politecnico
di Torino, DAUIN, corso duca degli Abruzzi 24, Turin, Italy 2CNR-IEIIT, corso duca degli Abruzzi 24, Turin, Italy first.last@polito.it
Abstract Invariants monitoring is a software attestation technique that aims at proving the integrity of a running application by checking likely-invariants, which are statistically significant predicates inferred on variables’ values. Being very promising, according to the software protection literature, we developed a technique to remotely monitor invariants. This paper presents the analysis we have performed to assess the effectiveness of our technique and the effectiveness of likely-invariants for software attestation purposes. Moreover, it illustrates the identified limitations and our studies to improve the detection abilities of this technique. Our results suggest that, despite further studies and future results may increase the efficacy and reduce the side effects, software attestation based on likely-invariants is not yet ready for the real world. Software developers should be warned of these limitations, if they could be tempted by adopting this technique, and companies developing software protections should not invest in development without also investing in further research. Keywords: invariants monitoring, software
attestation, likely-invariants, software protection +: Corresponding author: Fulvio Valenza Vol. 9, No. 2,
pp. 1-25, June 2018 [pdf] |