A reputation mechanism for layered communities
ACM SIGecom Exchanges
Privacy guaranteeing execution containers: one time use of personal data by location based services
Proceedings of the 1st international conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications
Privacy from promises to protection: privacy guaranteeing execution container
Mobile Networks and Applications
A Mechanism to Avoid Collusion Attacks Based on Code Passing in Mobile Agent Systems
WISTP '09 Proceedings of the 3rd IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks
Remote entrusting by run-time software authentication
SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
Advances in Software Engineering
Towards secure agent computing for ubiquitous computing and ambient intelligence
UIC'07 Proceedings of the 4th international conference on Ubiquitous Intelligence and Computing
Trusted code execution in JavaCard
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Hi-index | 0.00 |
The protection of software applications is one of the most important problems to solve in information security because it has a crucial effect on other security issues. We can find in the literature many research initiatives that have tried to solve this problem, many of them based on the use of tamperproof hardware tokens. This type of solution depends on two basic premises: (i) increasing the physical security by using tamperproof devices and (ii) increasing the complexity of the analysis of the software. The first premise is reasonable. The second one is certainly related to the first one. In fact, its main goal is that the pirate user not be able to modify the software to bypass an operation that is crucial: checking the presence of the token. However, experience shows that the second premise is not realistic because analysis of the executable code is always possible. Moreover, the techniques used to obstruct the analysis process are not enough to discourage an attacker with average resources. In this paper, we review the most relevant works related to software protection, present a taxonomy of those works, and, most important, introduce a new and robust software protection scheme. This solution, called SmartProt, is based on the use of smart cards and cryptographic techniques, and its security relies only on the first of the premises given above; that is, SmartProt has been designed to avoid attacks based on code analysis and software modification. The entire system is described following a lifecycle approach, explaining in detail the card setup, production, authorization, and execution phases. We also present some interesting applications of SmartProt as well as the protocols developed to manage licences. Finally, we provide an analysis of its implementation details.