Author_Institution :
Sch. of Inf. Sci. & Technol., Northwest Univ., Xi´an, China
Abstract :
In recent years, software faces more and more security threats, such as software piracy, malicious reverse engineering, software tampering, which make much loss to software users or software manufacturers. The idea and process of attacking software can give us guidance on how to prevent the attack and protect software effectively. In this paper, we understand software attack (in the paper software attack mostly means software Reverse Engineering attack) process by modeling it. We model software attack process based on the Marked Petri Net, called SAMMPN, which is a six-tuple (P, T, F, Path, Rate, Cost). Then, based on the SAMMPN, we propose methods to guide software attacks, to evaluate software protection and to improve protection techniques. At last, we verify the SAMMPN by a case, which shows unpacking guidance, evaluates four kinds of Packers and gives improving suggestions for these Packers. The case shows that SAMMPN can help us effectively understand the software attack process and improve software protection.
Keywords :
Petri nets; reverse engineering; security of data; SAMMPN; malicious reverse engineering; marked Petri net; security threats; software attack modeling; software attack process modeling; software piracy; software protection evaluation; software reverse engineering attack; software tampering; unpacking guidance; Automation; Complexity theory; Firing; Reverse engineering; Security; Software; Software protection; attack guidance; attack model; effectiveness evaluation; software attack; software protection;
