Software Protection Effectiveness Assessment Method Based On Attack Modeling Research

Software protection technologies were born under the circumstance that software attacks occurred repeatedly and had threatened the legitimate rights of software developers and users for a long time, such as reverse engineering, cracking and etc. In order to defend software attacks, lots of researches have been done in software security area, whereas few works were focused on the effectiveness evaluation of those protection techniques. It brings lots of issues: for the unprotected software, it is hard for users to pick out the most appropriate protection techniques; for the protected software, there is a short of valid proof for the protection result; for the protection technologies, it is difficult for researchers to improve the techniques in a more efficient way. Therefore, one of burning problems in field of software security is how to evaluate the effectiveness of software protection in an agreed and persuasive way.The purpose of software protection is to resist attack, but a majority of software protection evaluation methods tried to measure the effectiveness of software protection based on the analysis of the protection technique itself, and could not directly testify whether the protected software would be safer or not; on the other hand, evaluating the effectiveness of software protection in the view of attack, which is considered as a meaningful way, lacks of unified metrics. This paper also puts attack forward:with the analysis on the attackers’ motivation, we consider attack cost as the metric; with the analysis of the relationship between software protection and software attack, we construct two software protection evaluation scenarios, and propose an evaluation method based on attack modeling; meanwhile, we also propose a software attack model based on Marked Petri Net, and deduce the formulas used for calculating attack cost; at the end of this paper, we present an experiment which treat control flow flattening as the technique needing to be evaluated, and discuss the results of this experiment.The idea proposed in this paper has been demonstrated to be a reasonable and feasible new way to evaluate and compare software protection techniques, and can be introduced as an instructive discussion for the effectiveness evaluation of software protection.