pith. sign in

arxiv: 2506.18470 · v1 · pith:M3HS4Q7Qnew · submitted 2025-06-23 · 💻 cs.CR · cs.SE

Automatic Selection of Protections to Mitigate Risks Against Software Applications

Daniele Canavese , Leonardo Regano , Bjorn De Sutter , Cataldo Basile This is my paper

Pith reviewed 2026-05-21 23:55 UTC · model grok-4.3

classification 💻 cs.CR cs.SE
keywords software protectionMATE attacksgame-theoretic modelSoftware Protection Indexautomated defense selectionrisk mitigationattack resistance
0
0 comments X

The pith

A game model lets software automatically pick protections that resist attacks while keeping overhead low.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper frames the choice of software protections as a game in which a defender applies measures to code artifacts to counter an attacker who repeatedly targets the confidentiality and integrity of key assets. It introduces the Software Protection Index to score how effectively each protection blocks entire attack paths, combining code metrics with expert judgment. A mini-max depth-first search with dynamic programming finds selections that raise resistance without exceeding allowed performance costs. A working implementation plus expert review shows the process can run without constant human oversight and still produce usable protected applications.

Core claim

The defender chooses protections on code artifacts to maximize resistance against repeated attacks on asset confidentiality and integrity while capping overhead. The game is solved by a mini-max depth-first exploration strategy with dynamic programming. The Software Protection Index measures protection effectiveness on attack paths by merging software metrics and expert assessments.

What carries the argument

The Software Protection Index, which scores how well protections block attack paths by combining software metrics with expert assessments.

If this is right

  • Protection decisions become a repeatable computation instead of repeated manual analysis.
  • Applications gain measurable resistance to attacks while staying within acceptable slowdown limits.
  • Risk mitigation for critical assets can be applied early in the development process without expert intervention for every case.
  • The same model supports repeated re-evaluation when new attack techniques appear.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The approach could be embedded in compilers or build systems so protections are chosen and applied during normal compilation.
  • Similar game models might help select defenses in other settings such as hardware IP protection or cloud service hardening.
  • Testing whether the Software Protection Index correlates with actual attacker time-to-break on real code would strengthen the method.

Load-bearing premise

The mini-max search with dynamic programming finds near-optimal protection choices and the Software Protection Index accurately predicts real protection strength against attacks.

What would settle it

Compare attack success rates and required effort on an application before and after applying the automatically selected protections, while also measuring runtime overhead against the chosen limit.

Figures

Figures reproduced from arXiv: 2506.18470 by Bjorn De Sutter, Cataldo Basile, Daniele Canavese, Leonardo Regano.

Figure 3
Figure 3. Figure 3: The ESP workflow. The ESP can also be used in two additional modes. It can be configured to propose a set of solutions that experts can manually edit to control the SP deployment fully. Moreover, it can be used to evaluate the effectiveness of solutions manually proposed by experts. 6.1. Risk Framing in the ESP This tasks’ purpose is to initialize all the constructs and their relations as needed for risk a… view at source ↗
Figure 2
Figure 2. Figure 2: The ApplicationPart class in the SP meta-model [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Search tree example, computed with a mini-max approach and dynamic programming optimizations enabled. [PITH_FULL_IMAGE:figures/full_fig_p006_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Optimization time vs. number of POs. 4 32 64 128 256 512 0 1 2 3 4 concrete attack path count optimization time [min] depth 3 4 5 6 [PITH_FULL_IMAGE:figures/full_fig_p013_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Optimization time vs. number of attack paths. [PITH_FULL_IMAGE:figures/full_fig_p013_5.png] view at source ↗
read the original abstract

This paper introduces a novel approach for the automated selection of software protections to mitigate MATE risks against critical assets within software applications. We formalize the key elements involved in protection decision-making - including code artifacts, assets, security requirements, attacks, and software protections - and frame the protection process through a game-theoretic model. In this model, a defender strategically applies protections to various code artifacts of a target application, anticipating repeated attack attempts by adversaries against the confidentiality and integrity of the application's assets. The selection of the optimal defense maximizes resistance to attacks while ensuring the application remains usable by constraining the overhead introduced by protections. The game is solved through a heuristic based on a mini-max depth-first exploration strategy, augmented with dynamic programming optimizations for improved efficiency. Central to our formulation is the introduction of the Software Protection Index, an original contribution that extends existing notions of potency and resilience by evaluating protection effectiveness against attack paths using software metrics and expert assessments. We validate our approach through a proof-of-concept implementation and expert evaluations, demonstrating that automated software protection is a practical and effective solution for risk mitigation in software.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper introduces a game-theoretic model for automated selection of software protections against MATE risks. It formalizes code artifacts, assets, security requirements, attacks, and protections. The defender applies protections to maximize resistance (measured by the Software Protection Index) while constraining overhead. The model is solved using a mini-max depth-first exploration strategy with dynamic programming optimizations. The approach is validated via a proof-of-concept implementation and expert evaluations, claiming it demonstrates automated software protection as practical and effective.

Significance. If the heuristic and SPI can be shown to be reliable, this could provide a systematic framework for protection selection in software security, reducing reliance on manual expert decisions. The formalization of the protection decision process and the composite SPI metric represent a novel extension of existing potency and resilience ideas, with potential for practical tools if supported by stronger evidence.

major comments (3)
  1. [Validation] Validation section: the claim that the PoC implementation and expert evaluations demonstrate practicality and effectiveness is unsupported because no quantitative results, error analysis, or details on collection/aggregation of expert assessments are provided, making it impossible to verify whether the data support the central practicality claim.
  2. [Algorithm] Algorithm section: the mini-max DFS+DP strategy is asserted to identify near-optimal protection selections, but no exhaustive enumeration on small instances (e.g., ≤8 artifacts) is reported to measure approximation ratio, and no ablation of the DP pruning or optimizations is included.
  3. [SPI] Software Protection Index definition: the SPI is presented as reliably capturing protection effectiveness against attack paths by combining software metrics with expert assessments, but no controlled experiments correlating SPI values with measured attack success rates or resistance are described.
minor comments (2)
  1. [SPI] Clarify the exact definition and computation of the SPI, including how expert scores are normalized and combined with metrics.
  2. [Related Work] Add discussion of related work on game-theoretic approaches to software protection and existing metrics for potency/resilience.

Simulated Author's Rebuttal

3 responses · 1 unresolved

We thank the referee for the constructive feedback on our manuscript. We address each major comment below and describe the revisions we will make to improve clarity and support for our claims.

read point-by-point responses

  1. Referee: [Validation] Validation section: the claim that the PoC implementation and expert evaluations demonstrate practicality and effectiveness is unsupported because no quantitative results, error analysis, or details on collection/aggregation of expert assessments are provided, making it impossible to verify whether the data support the central practicality claim.

    Authors: We agree that the validation section requires more detail to substantiate the practicality claims. In the revised manuscript we will add quantitative results from the proof-of-concept implementation (e.g., runtime measurements and selected protection configurations on the evaluated applications). We will also describe the expert evaluation procedure, including the number of experts involved, the assessment format, and the method used to aggregate their inputs. Any available measures of variability or agreement among experts will be reported. revision: yes

  2. Referee: [Algorithm] Algorithm section: the mini-max DFS+DP strategy is asserted to identify near-optimal protection selections, but no exhaustive enumeration on small instances (e.g., ≤8 artifacts) is reported to measure approximation ratio, and no ablation of the DP pruning or optimizations is included.

    Authors: We acknowledge the benefit of empirical validation for the heuristic. Exhaustive enumeration remains computationally prohibitive even for modest instance sizes because of the exponential growth in protection combinations and attack paths. In the revision we will add a complexity discussion and report exhaustive results on the smallest tractable cases where feasible. We will also include an ablation study that isolates the contribution of the dynamic-programming optimizations by comparing performance with and without them. revision: partial

  3. Referee: [SPI] Software Protection Index definition: the SPI is presented as reliably capturing protection effectiveness against attack paths by combining software metrics with expert assessments, but no controlled experiments correlating SPI values with measured attack success rates or resistance are described.

    Authors: The SPI extends established potency and resilience concepts by integrating quantitative metrics with expert judgment along attack paths. While the current manuscript does not contain new controlled experiments that directly correlate SPI scores with observed attack success rates, we will expand the SPI section with additional justification for the chosen formulation and will outline concrete plans for future empirical studies that could establish such correlations. revision: partial

standing simulated objections not resolved
  • Exhaustive enumeration on instances with up to 8 artifacts to compute approximation ratios, as this remains computationally intractable for all but the most trivial cases.

Circularity Check

0 steps flagged

No significant circularity in the game-theoretic model or SPI construction

full rationale

The paper defines the protection selection problem via an independent game-theoretic formulation in which the defender's objective (maximize resistance subject to overhead constraints) is stated directly from the problem elements (artifacts, assets, attacks, protections) without reference to the solver's outputs. The mini-max DFS+DP heuristic is introduced as an algorithmic approximation technique for solving this model, not as a redefinition or self-consistent fit of the optimum itself. The Software Protection Index is explicitly constructed by combining software metrics with external expert assessments, rather than being fitted to or derived from the optimization results or attack-path predictions within the paper. No equations or definitions reduce the claimed predictions to the inputs by construction, and no load-bearing self-citations or uniqueness theorems from prior author work are invoked to justify the central claims. Validation rests on PoC implementation and separate expert evaluations, keeping the derivation self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The central claim rests on the assumption that expert assessments combined with software metrics produce a valid effectiveness score and that the chosen heuristic finds sufficiently good solutions within acceptable computation time; no free parameters or invented physical entities are explicitly listed in the abstract.

axioms (1)
  • domain assumption Expert assessments provide reliable input for measuring protection effectiveness against attack paths
    The SPI definition depends on these assessments as stated in the abstract description of the index.
invented entities (1)
  • Software Protection Index no independent evidence
    purpose: To quantify protection effectiveness by extending potency and resilience using metrics and expert input
    Presented as an original contribution central to the decision model.

pith-pipeline@v0.9.0 · 5726 in / 1288 out tokens · 38636 ms · 2026-05-21T23:55:31.975040+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

63 extracted references · 63 canonical work pages

  1. [1]

    Guest editors’ introduction: Software protection,

    P . Falcarin, C. Collberg, M. Atallah, and M. Jakubowski, “Guest editors’ introduction: Software protection,” IEEE Software, vol. 28, pp. 24–27, March 2011

    work page 2011

  2. [2]

    Design, implementation, and automation of a risk management approach for man-at-the-end software protection,

    C. Basile, B. De Sutter, D. Canavese, L. Regano, and B. Coppens, “Design, implementation, and automation of a risk management approach for man-at-the-end software protection,” Computers & Security, vol. 132, p. 103321, 2023

    work page 2023

  3. [3]

    Towards understanding the skill gap in cybersecu- rity,

    F. Goupil, P . Laskov, I. Pekaric, M. Felderer, A. D ¨urr, and F. Thiesse, “Towards understanding the skill gap in cybersecu- rity,” 2022

    work page 2022

  4. [4]

    Assessment of source code obfuscation techniques,

    A. Viticchi ´e, L. Regano, M. Torchiano, C. Basile, M. Ceccato, P . Tonella, and R. Tiella, “Assessment of source code obfuscation techniques,” in 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM) , pp. 11–20, IEEE, 2016

    work page 2016

  5. [5]

    How professional hackers understand protected code while performing attack tasks,

    M. Ceccato, P . Tonella, C. Basile, B. Coppens, B. De Sutter, P . Fal- carin, and M. Torchiano, “How professional hackers understand protected code while performing attack tasks,” in 2017 IEEE/ACM 25th International Conference on Program Comprehension (ICPC) , pp. 154–164, IEEE Computer Society, 5 2017

    work page 2017

  6. [6]

    Empirical assessment of the effort needed to attack programs protected with client/server code splitting,

    A. Viticchi ´e, L. Regano, C. Basile, M. Torchiano, M. Ceccato, and P . Tonella, “Empirical assessment of the effort needed to attack programs protected with client/server code splitting,” Empirical Software Engineering, vol. 25, no. 1, p. 1 – 48, 2020

    work page 2020

  7. [7]

    A taxonomy of obfus- cating transformations,

    C. Collberg, C. Thomborson, and D. Low, “A taxonomy of obfus- cating transformations,” Computer Science Technical Reports 148, Dep. of Computer Science, University of Auckland, New Zealand, 7 1997

    work page 1997

  8. [8]

    SP 800-39. managing information security risk: Organization, mission, and information system view,

    Joint Task Force Transformation Initiative, “SP 800-39. managing information security risk: Organization, mission, and information system view,” tech. rep., National Institute of Standards & Tech- nology, 2011

    work page 2011

  9. [9]

    ASPIRE Framework Report,

    C. Basile et al., “ASPIRE Framework Report,” Deliverable D5.11, ASPIRE EU FP7 Project, 2016

    work page 2016

  10. [10]

    ASPIRE Open Source Manual,

    B. Coppens et al. , “ASPIRE Open Source Manual,” Deliverable D5.13, ASPIRE EU FP7 Project, 2016

    work page 2016

  11. [11]

    A meta-model for software protections and reverse engineering attacks,

    C. Basile, D. Canavese, L. Regano, P . Falcarin, and B. De Sutter, “A meta-model for software protections and reverse engineering attacks,” Journal of Systems and Software , vol. 150, pp. 3–21, 2019

    work page 2019

  12. [12]

    A graph-based system for network- vulnerability analysis,

    C. Phillips and L. P . Swiler, “A graph-based system for network- vulnerability analysis,” in Proceedings of the 1998 Workshop on New Security Paradigms, NSPW ’98, pp. 71–79, ACM, 1998

    work page 1998

  13. [13]

    Method to evaluate software protection based on attack modeling,

    H. Wang, D. Fang, N. Wang, Z. Tang, F. Chen, and Y. Gu, “Method to evaluate software protection based on attack modeling,” in Int’l Conf. on High Performance Computing and Communications (HPCC) & Int’l Conf. on Embedded and Ubiquitous Computing (EUC), pp. 837–844, IEEE Computer Society, nov 2013

    work page 2013

  14. [14]

    Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge,

    M. Ceccato, P . Tonella, C. Basile, P . Falcarin, M. Torchiano, B. Cop- pens, and B. De Sutter, “Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge,” Empirical Software Engineering , vol. 24, no. 1, pp. 240–286, 2019

    work page 2019

  15. [15]

    Automatic discovery of software attacks via backward reason- ing,

    C. Basile, D. Canavese, J. d’Annoville, B. De Sutter, and F. Valenza, “Automatic discovery of software attacks via backward reason- ing,” in Proc. 1st Int’l Workshop on Software Protection , SPRO ’15, pp. 52–58, IEEE Press, 2015

    work page 2015

  16. [16]

    Towards automatic risk analysis and mitigation of software applications,

    L. Regano, D. Canavese, C. Basile, A. Viticchi ´e, and A. Lioy, “Towards automatic risk analysis and mitigation of software applications,” in Information Security Theory and Practice , pp. 120– 135, Springer International Publishing, 2016

    work page 2016

  17. [17]

    Regano, An Expert System for Automatic Software Protection

    L. Regano, An Expert System for Automatic Software Protection. PhD thesis, Politecnico di Torino, 2019

    work page 2019

  18. [18]

    A complexity measure,

    T. J. McCabe, “A complexity measure,” IEEE Transactions on software Engineering, vol. SE-2, no. 4, pp. 308–320, 1976

    work page 1976

  19. [19]

    Mea- suring the psychological complexity of software maintenance tasks with the Halstead and McCabe metrics,

    B. Curtis, S. Sheppard, P . Milliman, M. Borst, and T. Love, “Mea- suring the psychological complexity of software maintenance tasks with the Halstead and McCabe metrics,” IEEE Transactions on Software Engineering , vol. SE-5, no. 2, pp. 96–104, 1979

    work page 1979

  20. [20]

    M. H. Halstead, Elements of Software Science . Elsevier, 1977

    work page 1977

  21. [21]

    Pushing Java type obfuscation to the limit,

    C. Foket, B. De Sutter, and K. De Bosschere, “Pushing Java type obfuscation to the limit,” IEEE Trans. on Dependable and Secure Computing, vol. 11, pp. 553–567, 2 2014

    work page 2014

  22. [22]

    Obfuscation of executable code to im- prove resistance to static disassembly,

    C. Linn and S. Debray, “Obfuscation of executable code to im- prove resistance to static disassembly,” in Proceedings 10th ACM conference on Computer and communications security, (New York, NY, USA), pp. 290–299, ACM, 2003

    work page 2003

  23. [23]

    Obfuscated integration of software protections,

    J. Van den Broeck, B. Coppens, and B. De Sutter, “Obfuscated integration of software protections,” Int’l Journal of Information Security, vol. 20, pp. 73–101, 2 2021

    work page 2021

  24. [24]

    Estimating software obfuscation potency with artificial neural networks,

    D. Canavese, L. Regano, C. Basile, and A. Viticchi ´e, “Estimating software obfuscation potency with artificial neural networks,” in Security and Trust Management (G. Livraga and C. Mitchell, eds.), (Cham), pp. 193–202, Springer International Publishing, 2017

    work page 2017

  25. [25]

    Evaluation methodologies in software protection research,

    B. De Sutter, S. Schrittwieser, B. Coppens, and P . Kochberger, “Evaluation methodologies in software protection research,” ACM Comput. Surv. , vol. 57, Dec. 2024

    work page 2024

  26. [26]

    Towards opti- mally hiding protected assets in software applications,

    L. Regano, D. Canavese, C. Basile, and A. Lioy, “Towards opti- mally hiding protected assets in software applications,” in Proc. Int’l Conf. on Software Quality, Reliability and Security , pp. 374–385, IEEE Computer Society, 2017

    work page 2017

  27. [27]

    Software protection with code mobility,

    A. Cabutto, P . Falcarin, B. Abrath, B. Coppens, and B. De Sutter, “Software protection with code mobility,” in Proc. of the 2nd ACM Workshop on Moving Target Defense , MTD ’15, pp. 95–103, ACM, 2015

    work page 2015

  28. [28]

    Reactive attestation: Automatic detection and re- action to software tampering attacks,

    A. Viticchi ´e, C. Basile, A. Avancini, M. Ceccato, B. Abrath, and B. Coppens, “Reactive attestation: Automatic detection and re- action to software tampering attacks,” in Proceedings of the 2016 ACM Workshop on Software PROtection , SPRO ’16, p. 73–84, ACM, 2016

    work page 2016

  29. [29]

    Obfuscating c++ programs via control flow flattening,

    T. L ´aszl´o and ´Akos Kiss, “Obfuscating c++ programs via control flow flattening,” Annales Universitatis Scientiarum Budapestinensis de Rolando E¨ otv¨ os Nominatae. Sectio Computatorica, vol. 30, 06 2007

    work page 2007

  30. [30]

    The obfuscation executive,

    K. Heffner and C. Collberg, “The obfuscation executive,” in Information Security (K. Zhang and Y. Zheng, eds.), (Berlin, Hei- delberg), pp. 428–440, Springer Berlin Heidelberg, 2004

    work page 2004

  31. [31]

    Barrier slicing for remote software trusting,

    M. Ceccato, M. Dalla Preda, J. Nagra, C. Collberg, and P . Tonella, “Barrier slicing for remote software trusting,” in 7th IEEE Int’l Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 27–36, IEEE Computer Society, 2007. 18

    work page 2007

  32. [32]

    Tightly-coupled self-debugging software protection,

    B. Abrath, B. Coppens, S. Volckaert, J. Wijnant, and B. De Sutter, “Tightly-coupled self-debugging software protection,” in Proc. of the 6th Workshop on Software Security, Protection, and Reverse Engineering, SSPREW ’16, pp. 7:1–7:10, ACM, 2016

    work page 2016

  33. [33]

    DIABLO: a reliable, retargetable and extensible link- time rewriting framework,

    L. Van Put, D. Chanet, B. De Bus, B. De Sutter, and K. De Bosschere, “DIABLO: a reliable, retargetable and extensible link- time rewriting framework,” in Proc. Fifth IEEE Int’l Symposium on Signal Processing and Information Technology , pp. 7–12, IEEE Computer Society, 12 2005

    work page 2005

  34. [34]

    Towards the prediction of performance degradation of obfuscated code,

    S. Alberto, “Towards the prediction of performance degradation of obfuscated code,” Master’s thesis, Politecnico di Torino, 2021

    work page 2021

  35. [35]

    La th ´eorie du jeu et les equation int ´egrales `a noyau sym´etrique gauche

    E. Borel, “La th ´eorie du jeu et les equation int ´egrales `a noyau sym´etrique gauche.” comptes rendus de l’acad ´emie des sciences, 173: 1304–08. translated by lj savage in,” Econometrica, vol. 21, pp. 97–100, 1921

    work page 1921

  36. [36]

    Programming a computer for playing chess,

    S. Claude, “Programming a computer for playing chess,” Philo- sophical Magazine, Ser , vol. 7, no. 41, p. 314, 1950

    work page 1950

  37. [37]

    Experiments with some programs that search game trees,

    J. R. Slagle and J. E. Dixon, “Experiments with some programs that search game trees,” J. ACM, vol. 16, p. 189–207, apr 1969

    work page 1969

  38. [38]

    Minimax search algo- rithms with and without aspiration windows,

    H. Kaindl, R. Shams, and H. Horacek, “Minimax search algo- rithms with and without aspiration windows,” IEEE Trans. Pattern Anal. Mach. Intell. , vol. 13, p. 1225–1235, dec 1991

    work page 1991

  39. [39]

    Information in transposition tables,

    D. Breuker, J. Uiterwijk, and H. Van Den Herik, “Information in transposition tables,” Advances in Computer Chess , vol. 8, pp. 199– 211, 1997

    work page 1997

  40. [40]

    Schaeffer, Experiments in search and knowledge

    J. Schaeffer, Experiments in search and knowledge . University of Waterloo, 1986

    work page 1986

  41. [41]

    Extended futility pruning,

    E. A. Heinz, “Extended futility pruning,” ICGA Journal , vol. 21, no. 2, pp. 75–83, 1998

    work page 1998

  42. [42]

    Tree-searching and tree-pruning techniques,

    J. Birmingham and P . Kent, “Tree-searching and tree-pruning techniques,” in Computer chess compendium, pp. 123–128, Springer, 1988

    work page 1988

  43. [43]

    D. E. Knuth, The Art of Computer Programming, Volume 4A: Com- binatorial Algorithms, Part 1 . Addison-Wesley, 2011

    work page 2011

  44. [44]

    RE- Mind: a first look inside the mind of a reverse engineer,

    A. Mantovani, S. Aonzo, Y. Fratantonio, and D. Balzarotti, “RE- Mind: a first look inside the mind of a reverse engineer,” in Proc. 32st Usenix Security Symposium , 2022. To appear

    work page 2022

  45. [45]

    An observational investigation of reverse engineers’ process and mental models,

    D. Votipka, S. Rabin, K. Micinski, J. S. Foster, and M. L. Mazurek, “An observational investigation of reverse engineers’ process and mental models,” in Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems , 2019

    work page 2019

  46. [46]

    Design science in information systems research,

    A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design science in information systems research,” MIS quarterly, pp. 75–105, 2004

    work page 2004

  47. [47]

    ASPIRE Validation,

    C. Basile, D. Canavese, and L. Regano, “ASPIRE Validation,” Deliverable D1.06, ASPIRE EU FP7 Project, 2016

    work page 2016

  48. [48]

    ASPIRE Security Evaluation Methodology,

    M. Ceccato, “ASPIRE Security Evaluation Methodology,” Deliv- erable D4.06, ASPIRE EU FP7 Project, 2016

    work page 2016

  49. [49]

    Nagra and C

    J. Nagra and C. Collberg, Surreptitious Software: Obfuscation, Wa- termarking, and Tamperproofing for Software Protection. London, UK: Pearson Education, 2009

    work page 2009

  50. [50]

    Risk analysis and computer security: bridging the cultural gaps,

    L. J. Hoffman, “Risk analysis and computer security: bridging the cultural gaps,” in Proceedings of the 9th National Computer Security Conference , pp. 156–161, National Institute of Standards and Technology, 1986

    work page 1986

  51. [51]

    Requirements and model for ides – a real-time intrusion-detection expert system,

    D. Denning and P . G. Neumann, “Requirements and model for ides – a real-time intrusion-detection expert system,” tech. rep., SRI International, Menlo Park, CA, USA, 08 1985

    work page 1985

  52. [52]

    An intel- ligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks,

    O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, “An intel- ligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks,” Expert Systems with Applications, vol. 29, no. 4, pp. 713–722, 2005

    work page 2005

  53. [53]

    An integrated model of intrusion detection based on neural network and expert system,

    Z. S. Pan, H. Lian, G. Y. Hu, and G. Q. Ni, “An integrated model of intrusion detection based on neural network and expert system,” in 17th Int’l Conf. on Tools with Artificial Intelligence , pp. 672–673, IEEE Computer Society, 11 2005

    work page 2005

  54. [54]

    Artificial intelligence for cybersecurity: Literature review and future research directions,

    R. Kaur, D. Gabrijel ˇciˇc, and T. Klobuˇcar, “Artificial intelligence for cybersecurity: Literature review and future research directions,” Information Fusion, vol. 97, p. 101804, 2023

    work page 2023

  55. [55]

    Crusoe: A toolset for cyber situational awareness and decision support in incident handling,

    M. Hus ´ak, L. Sadlek, S. ˇSpaˇcek, M. La ˇstoviˇcka, M. Javorn ´ık, and J. Kom ´arkov´a, “Crusoe: A toolset for cyber situational awareness and decision support in incident handling,” Computers & Security, vol. 115, p. 102609, 2022

    work page 2022

  56. [56]

    Towards better program obfuscation: Optimization via language models,

    H. Liu, “Towards better program obfuscation: Optimization via language models,” in Proc. 38th Int’l Conference on Software Engi- neering Companion , ICSE ’16, pp. 680–682, Association for Com- puting Machinery, 2016

    work page 2016

  57. [57]

    Stochastic optimization of program obfuscation,

    H. Liu, C. Sun, Z. Su, Y. Jiang, M. Gu, and J. Sun, “Stochastic optimization of program obfuscation,” in Proceedings of the 39th International Conference on Software Engineering , ICSE ’17, pp. 221– 231, IEEE Press, 2017

    work page 2017

  58. [58]

    Feedback-driven binary code diversification,

    B. Coppens, B. De Sutter, and J. Maebe, “Feedback-driven binary code diversification,” ACM Transactions on Architecture and Code Optimization (TACO), vol. 9, no. 4, pp. 1–26, 2013

    work page 2013

  59. [59]

    Epona and the obfuscation paradox: Transparent for users and developers, a pain for reversers,

    P . Brunet, B. Creusillet, A. Guinet, and J. M. Martinez, “Epona and the obfuscation paradox: Transparent for users and developers, a pain for reversers,” in Proceedings of the 3rd ACM Workshop on Soft- ware Protection, pp. 41–52, Association for Computing Machinery, 2019

    work page 2019

  60. [60]

    Evaluating optimal phase ordering in obfuscation executives,

    W. Holder, J. T. McDonald, and T. R. Andel, “Evaluating optimal phase ordering in obfuscation executives,” in Proceedings of the 7th Software Security, Protection, and Reverse Engineering / Software Security and Protection Workshop, SSPREW-7, Association for Com- puting Machinery, 2017

    work page 2017

  61. [61]

    Obfuscator- LLVM – software protection for the masses,

    P . Junod, J. Rinaldini, J. Wehrli, and J. Michielin, “Obfuscator- LLVM – software protection for the masses,” in Proceedings of the IEEE/ACM 1st International Workshop on Software Protection, SPRO’15, Firenze, Italy, May 19th, 2015 (B. Wyseur, ed.), pp. 3– 9, IEEE, 2015

    work page 2015

  62. [62]

    Glamdring: Automatic Application Partitioning for Intel SGX,

    J. Lind, C. Priebe, D. Muthukumaran, D. O’Keeffe, P . L. Aublin, F. Kelbert, T. Reiher, D. Goltzsche, D. Eyers, R. Kapitza, C. Fetzer, and P . Pietzuch, “Glamdring: Automatic Application Partitioning for Intel SGX,” in Proceedings of USENIX Annual Technical Confer- ence, pp. 285–298, USENIX Association, July 2017

    work page 2017

  63. [63]

    Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX,

    Y. Shen, H. Tian, Y. Chen, K. Chen, R. Wang, Y. Xu, Y. Xia, and S. Yan, “Occlum: Secure and Efficient Multitasking Inside a Single Enclave of Intel SGX,” in Proceedings of APLOS 2020: International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 955–970, ACM, March 2020

    work page 2020