Upload
others
View
7
Download
0
Embed Size (px)
Citation preview
Sixth Framework Programme
Information Society Technology
RE-TRUST
Remote EnTrusting by RUn-time Software auThentication
Project Number: FP6 - 021186
Final report on Dissemination and Exploitation of Knowledge
Final report on Dissemination and Exploitation of Knowledge
2
Summary
Project Number: FP6-021186
Project Title: RE-TRUST: Remote EnTrusting by RUn-time Software
authentication
Deliverable Type: RP
Deliverable Number: D5.4
Contractual Date of Delivery: October 2009
Actual Date of Delivery: December 2009
Title of Deliverable: Project Dissemination
Workpackage Contributing to the
Deliverable:
Nature of the Deliverable: Report
Author(s): Yoram Ofek (UniTN)
Alessandro Zorat (UniTN)
Cataldo Basile (UniTN)
Brecht Wyseur (KUL)
Dries Schellekens (KUL)
Jerome D’Anoville (GTO)
Igor Kotenko (SPIIRAS)
Stefano Di Carlo (POLITO)
Mario Baldi (POLITO)
Reviewer(s): Yoram Ofek, Alessandro Zorat
Abstract: Outlines the dissemination plan for the outcomes of the RE-
TRUST project targeting academic, industrial and general user
communities.
Keywords: Dissemination plan, target community, information transfer
Classification: N/A
Name of Client: European Commission
Distribution List: European Commission Project Partners
Authorised by: Yoram Ofek, Alessandro Zorat - University of Trento
Issue: 1.0
Reference: RE-TRUST Deliverable
Total Number of Pages: 21
Contact Details: Prof. Alessandro ZORAT
University of Trento
Dept. of Ingegneria e Scienza dell’Informazione (DISI)
Trento, Italy
Phone: +39 0461 28 2031 (office)
Fax +39 0461 28 3786
E-mail: [email protected]
Final report on Dissemination and Exploitation of Knowledge
3
Table of Contents
1. Purpose of this document ........................................................................................4
2. Target Audience Identification and Dissemination Strategies ............................5
2.1 Identification of target audiences for dissemination..........................................5
2.2 Identification of specific Journals, Workshops, and Conferences targeted for
dissemination .........................................................................................................................5
3. Work Currently in Progress ...................................................................................7
3.1 List of papers accepted for publication or being submitted...............................7
4. Future Plans for Dissemination and Exploitation of Results...............................9
4.1 University of Trento - UNITN...........................................................................9
4.2 Politecnico di Torino - POLITO........................................................................9
4.3 Gemalto - GTO ..................................................................................................9
4.4 Katholieke Universiteit Leuven - KUL..............................................................9
4.5 St .Petersburg Institute for Informatics and Automation of the Russian
Academy of Sciences - SPIIRAS.........................................................................................10
5. Past Dissemination Activities (D5.4) ....................................................................12
5.1 Papers, Conferences and Workshops...............................................................12
5.2 Invited talks......................................................................................................12
5.3 RE-TRUST international workshops...............................................................13
5.4 Special Session “On the Interrelationships between Trust and Security” at
FET09 13
5.5 Special session .................................................................................................13
5.6 Internal Dissemination .....................................................................................14
5.7 Presentations to International Standard Bodies ...............................................14
5.8 Additional Dissemination Activities................................................................14
6. List of Publications ................................................................................................15
6.1 Summary..........................................................................................................21
6.2 Reports .............................................................................................................21
Final report on Dissemination and Exploitation of Knowledge
4
1. Purpose of this document
The purpose of this document is threefold:
• to outline the activities that were undertaken within the RE-TRUST project to
bring the results of the project to the attention of the widest possible audience,
• to list the dissemination activities that are still “in the publication pipeline” and
are regarded as “work in progress”,
• to illustrate the future plans for further dissemination and exploitation of the
results of the project.
The activities that took place during the three years of the project have already been
described in the Dissemination Report (deliverable D5.4) and this document will amply take
information from that report for the past activities.
This document is structured as follows: First, the target audiences for the dissemination
of results is identified, together with the workshops, conferences, and journals that were
deemed most important as venues to reach such target audiences. After that, the current
“work-in-progress” will be listed.
Following that, the plans by each partner for future dissemination and/or exploitation of
the results of the projects are outlined. Finally, the past activities are reported, in accordance
to D5.4.
Final report on Dissemination and Exploitation of Knowledge
5
2. Target Audience Identification and Dissemination Strategies
2.1 Identification of target audiences for dissemination
The overall target audience for the dissemination was identified with the academic and
industrial communities, in addition to international standard bodies and, finally, the general
public. In particular, the intent was to reach the community of researchers and practitioners
that operate in the area of software engineering at large, with special attention to the areas of
security, software protection, software engineering, reverse engineering, and including the
area of hardware-based security.
The activities targeted to academic audiences were centred primarily on presentations
and article submissions to conferences, workshops, and journals, as these venues, being
subject to rigorous peer-review, give increased credibility and visibility to the outcomes of
the project that, in turn, encourages their adoption.
The activities targeted to industrial audiences have been also driven partly by exposure
to industrial members during conferences and workshops. In addition, direct contact with
industry by all project partners was considered as a valid channel to disseminate the project’s
result and general approach.
Activities targeted to dissemination to the international standard bodies were mostly
carried out by the industrial partner Gemalto who had the possibility of being invited to
present the project results to international bodies such as the Trusted Computing Group
(TCG) and the Open Mobile Terminal Platform (OMTP).
For the dissemination to a more general audience the use of the project website
(http://www.RE-TRUST.org/) was deemed the most adequate and effective venue to reach a
large number of potentially interested people. The website was designed to introduce the
objectives and results of the project to persons and organizations of varying background and
has attracted a fair number of visitors. The website was regularly updated to provide feedback
on the project progress, discoveries and events.
Finally, presentations during EU-sponsored events such as the “EuroTRUST AmI”
workshops in Sophie Antipolis (France) and the “Science beyond Fiction” FET’09
conference in Prague (Czech Republic) were considered as a very good venue to reach wide
academic, industrial and general public audiences.
2.2 Identification of specific Journals, Workshops, and Conferences targeted for
dissemination
During the meeting in Paris (March 2009) several conferences and journals were
identified as representing the primary means of dissemination of the results obtained in the
RE-TRUST project.
For publication on archival journals, the preference was given to highly respected and
influential journals, with peer review and international audience, such as those of the ACM
and IEEE. Considered of particular interest and desirability were the Communications to the
ACM, the ACM Transactions on Information and System Security, the IEEE Transactions of
Software Engineering, the IEEE Transactions on Systems, Man, and Cybernetics, and the
Software Practice and Experience published by Wiley.
Additional journals were selected for their reputation and readership within specific
areas, in an attempt to reach the specific audiences outlined earlier on. In this category, the
Final report on Dissemination and Exploitation of Knowledge
6
list of target journal included the IEEE Security and Privacy magazine, the IEEE Journal on
Selected Areas of Communications, the International Journal of Computer Science &
Network Security.
Since one of the project partners (SPIIRAS) is based in Russia, the Russian journal
Information Security - Inside (in Russian) was also considered.
Among the international conferences and workshops, the list included the IEEE
Symposium on Security & Privacy, the European Symposium on Research in Computer
Security (ESORICS’09), the Annual ACM Symposium on “Applied Computing” (SAC), the
ACM Conference on Computer and Communications Security (CCS), the workshop on
Cryptographic Hardware and Embedded Systems (CHES).
Once again, conferences in Russian were also included in the list.
Finally, as mentioned earlier, participation to “EuroTRUST AmI” workshops and to the
“Science beyond Fiction” FET’09 conference were considered as a good way of
disseminating the results of the project to specialists and non-specialists alike.
Final report on Dissemination and Exploitation of Knowledge
7
3. Work Currently in Progress
3.1 List of papers accepted for publication or being submitted
1 S. Dicarlo, P. Falcarin, A. Cabutto, “Exploiting continuous replacement to
increase reverse engineering complexity”, submitted to IEEE Transactions on
Systems, Man, and Cybernetics
The paper has been currently rejected. The main concern of the reviewers where
about the scalability of the proposed approach, and also the presentation of the work
need to be improved. We are going to perform additional analysis, and an improved
version of the paper will be submitted shortly to a journal
2 C. Basile, S. Di Carlo, T. Herlea, J. Nagra, and B. Wyseur, “Towards a Formal
Model for Software Tamper Resistance”, 16 pages, 2009.
3 S. Dicarlo, A. Scionti, A. Basile, “MobHaT: code mobility and reconfigurable
computing joining forces for software protection”, submitted to the IEEE Transactions
on Systems, Man, and Cybernetics for a special issue on security and dependability of
embedded systems.
The paper got positive comments from the reviewers and has been judged as
"potentially publishable". However, the reviewers asked for some improvement and
modification. We are going to submit a revised version shortly and a final decision will
be probably given by the end of 2009.
4 S. Dicarlo, A. Basile, D. Barberis, “Remote Entrusting via Program Invariants
Monitoring”, to be submitted to IEEE Software
The paper is almost ready and will be submitted by the end of the year
5 Vasiliy Desnitsky, “Scalability and Security of Remote Entrusting Protection”, VI
St.Petersburg Interregional Conference “Information Security of Russian Regions
(ISRR-2009)”. St.Petersburg, Russia. October 28-30, 2009. Conference Proceedings.
St.Petersburg, 2009. In Russian.
6 Vasiliy Desnitsky, “Configuration of software protection mechanism by using
security policies”, VI St.Petersburg Interregional Conference “Information Security of
Russian Regions (ISRR-2009)”. St.Petersburg, Russia. October 28-30, 2009.
Conference Proceedings. St.Petersburg, 2009. In Russian.
7 Vasiliy Desnitsky, Igor Kotenko, “Software protection based on Remote
Entrusting”, Materials of the Forth International Scientific Conference on Security
Issues and Counter Terrorism. Moscow State University. 2010. In Russian.
8 Vasiliy Desnitsky, Igor Kotenko, “Security and Performance of Remote
Entrusting Protection”, Risks and security management. Proceedings of Institute of
System Analysis of Russian Academy of Science. Moscow, URSS, 2010.
9 Vasiliy Desnitsky, Igor Kotenko, “Technique for selecting the optimal
combination of software protection mechanisms”, News of High schools, Instrument
making, 2010. In Russian.
10 Vasiliy Desnitsky, Igor Kotenko, “Methods of software protection based on
remote entrusting”, Information Security - Inside, No.1, 2010. In Russian.
11 Vasiliy Desnitsky, “Combined method for software protection against malicious
impacts”, PhD thesis, SPIIRAS, I. Kotenko (Supervisor), 2010. In Russian.
Final report on Dissemination and Exploitation of Knowledge
8
12 Sergey Reznik, “Security Protocol Verification”, PhD thesis, SPIIRAS, I.
Kotenko (Supervisor), 2010. In Russian.
13 S. Faust et al. “Leakage Resilient Signatures”, (submitted to TCC 2010)
14 S. Faust et al. “Protecting Circuits from Leakage: the Computational and Noisy
Cases”, (submitted to Eurocrypt 2010)
15 B. Wyseur et al. “Towards security notions for WBC”,
(to be submitted to a journal)
16 J. Cappaert et al. “A general model for hiding program control flow”,
(presented at RE-TRUST workshop, to be submitted to a conference
17 D. Schellekens, “Design and analysis of trusted computing platforms”,
(doctoral dissertation in preparation)
18
J. Cappaert, B. Wyseur, and C. Basile, “Software Security Techniques”,
(to be submitted to a journal)
Final report on Dissemination and Exploitation of Knowledge
9
4. Future Plans for Dissemination and Exploitation of Results
4.1 University of Trento - UNITN
UNITN intends to promote the dissemination of the results of the project through the
usual publication in scientific papers and journals. In addition, UNITN plans to maintain and
keep up to date the RE-Trust web site that has worked as a repository of links to papers and
conferences, both for internal and for external researchers and practitioners.
The University of Trento is participating to the advisory board to a new “King Arthur”
research proposal that has been submitted to the European Union under the STREP
programme. The consortium that submitted the King Arthur proposal includes the partners
that were in the RE-TRUST project. It can be considered as a prosecution of the RE-TRUST
project as it builds upon the results of the latter to tackle security and trust problem in ICT.
4.2 Politecnico di Torino - POLITO
POLITO has several papers currently being prepared or that have been submitted for
publication (see table above).
In addition, there has been considerable interest in the software and tools that were
developed during the project and that were part of the final demonstrator shown in the review
session at Riva del Garda, Italy in October 2009. The software and related tools developed by
the Politecnico di Torino will be published on the project's website, as well as on the website
of the TestGroup of Politecnico di Torino (www.testgroup.polito.it). Further ongoing work is
aimed to provide additional capabilities to the available tools. To this end, there will be a
follow-up on possibilities of cooperation between POLITO and the companies that have
shown interest in the implementation of the techniques developed within the project.
4.3 Gemalto - GTO
In order to exploit the results of the project Gemalto is promoting the USB dongle
among potential client. It is currently proposed as a product. At present the main application
protected by the USB dongle is a Voice Over IP (VoIP) softphone and it appears that there
are already many VoIP solutions available.
Gemalto is considering putting a security application to be hosted by the USB dongle
next to the softphone. The purpose is to emphasis the differentiating extra security brought by
the USB dongle compared to other available softphone applications. Development is under
way and a prototype should by available in January 2010. There is a major exhibition (GSM
World Congress) in February 2010. The plan is to demonstrate during this exhibition the
feature of this future product.
4.4 Katholieke Universiteit Leuven - KUL
The deliverables of the RE-TRUST project, both publications and prototype
implementations, provided several conclusions which will have an impact on the KUL plans
for future research directions and that can be summarized by the following list:
Theoretic versus practical. It is still clear that there is a considerable gap between
theoretic software security research and the corresponding practical solutions. For example,
Final report on Dissemination and Exploitation of Knowledge
10
white-box cryptography and code obfuscation both try to hide internals of a piece of
software. The former does this in a stronger, more mathematical way, which usually comes
with full or partial security proofs. While the latter typically relies on heuristic techniques
which are considered less secure, but more practical to deploy and to trade-off with
performance. It is obvious that the best of both worlds would lead to a both qualitative and
secure solution for software protection.
Hardware versus software. The last decade, many publications on software protection
techniques have been published. However, secure standalone solutions which only rely on
software seem hard to achieve in a white-box scenario where the attacker has full privileges.
This was also indicated in several RE-TRUST deliverables. This problem has always been
present in the areas of code obfuscation, software watermarking, tamper resistance, remote
attestation, etc. The hardware world, on the other hand, offers secure micro systems (e.g.
smartcards), which can be used as a building block to base software solutions on.
Diversity and self-modifying code. The RE-TRUST solution indicates that to fully
protect against attacks at all time, it is required that an attacker breaking one instance of (a
part of) a program learns very little from the next version. Therefore, the concept “dynamic
replacement” was set up. Furthermore, self-modifying code proves to be a very promising
and challenging technique to protect against analysis and tampering attacks. For example, it
has been shown that self-modifying code can detect, and thus protect, against the memory
duplication attack.
The research directions mentioned above have already found partial realization in the
following two projects currently being pursued at KUL:
• SEC SODA: Security of Software for Distributed Applications (accepted)
The SEC SODA project contributes to the global security of software via three
strategic research activities: 1) supporting development of security-aware
software architectures, 2) providing programming models that provably
guarantee the absence of particular security problems, and 3) enabling the
trustworthy deployment of secure software. COSIC’s main focus is on the
trustworthy deployment. This research includes self-checking and self-
modifying code techniques, synergies between code obfuscation and white-box
cryptography, remote attestation in both hardware and software, and several
other software protection techniques.
• TENSE: Trustworthy Embedded Networked Systems (proposal)
The goal of this research project proposal is to enhance the security of
networked, embedded computing devices. A networked, embedded computing
device consists of a hardware part and a software part; both components play
an essential role in the overall security of a device. In this project COSIC will
build on the knowledge gained in the RE-TRUST project, specifically in the
area of software tamper resistance, obfuscation, white-box cryptography and
attestation protocols.
4.5 St. Petersburg Institute for Informatics and Automation of the Russian Academy
of Sciences - SPIIRAS
SPIIRAS is planning to develop the software for calculation of security and performance
metrics of Remote Entrusting protection techniques as well as optimal combining of software
protection techniques against malicious impacts. This software will be made available
through the RE-Trust project site, as well as other web-distribution sites.
Final report on Dissemination and Exploitation of Knowledge
11
Final report on Dissemination and Exploitation of Knowledge
12
5. Past Dissemination Activities (D5.4)
5.1 Papers, Conferences and Workshops
During the three years of the RE-TRUST project a number of activities were carried out
to disseminate the results of the project and to promote the knowledge regarding the “basic
philosophy” and approach of the project. Primarily, the activities have been centred on
presentation at conferences and workshops, submissions to journal and magazines, and
making the non-confidential material that was developed during the course of the project
available through the project’s web site.
The detailed lists of publications can be found in the appendix to this document. The
following table shows a summary of the various publications during the project duration.
Year Workshops Conferences Journals
2007 4 2
2008 12 5 7
2009 5 1 2
In progress 18
The publications above, either in workshops, conferences or journals, were primarily
aimed at reaching the academic and industrial communities. In addition, industrial
researchers and practitioners were reached by direct contact by the project partners.
Controlled access to knowledge generated within the project was provided through the
project’s web site, allowing for interaction among project members and industrial participants
and for disseminating information to persons and organizations interested in the project
outcomes.
5.2 Invited talks
The following speakers were invited to present the RE-TRUST project:
• Yoram Ofek “Remote-Entrusting Paradigm for Protecting and Entrusting the
Internet Infrastructure and Applications”, Israel-Italy Scientific Meeting, Tel-
Aviv, Israel – May 2008
• Brecht Wyseur, “Introduction to White-Box Cryptography”. At Special Summer
School hosted by the ECRYPT Network of Excellence, May 16th, 2008, Crete,
Greece
• Brecht Wyseur, “White-Box Cryptography”. At AscureTV customer business
seminar 2008, May 8, 2008, Brussels, Belgium.
• Brecht Wyseur, “Software Security”. International Course on Computer Security
and Cryptography, Leuven, Belgium, June 8, 2009.
• Mario Baldi, “Trusted Remote Execution: Relevance, Possible Solutions, and the
RE-TRUST Project”, keynote speech presented at the 3-rd Workshop of the
International Society for Scientific Inventions (ISSI), Beijing, China, October 24-
25, 2009.
Final report on Dissemination and Exploitation of Knowledge
13
5.3 RE-TRUST international workshops
During the course of the project, two international workshops (RE-Trust’07 and RE-
TRUST’08) were organized. These workshops attracted a good number of scientists
interested in related issues and topics and presented their own results, in addition to being
exposed to the results stemming from the RE-TRUST project. The detailed descriptions of
these meetings can be found in the previous annual reports and in the project’s web site.
The final international RE-TRUST’09 workshop took place from September 30 to
October 1, 2009, in Riva del Garda (Trento), Italy. This is an International Open Workshop
for presenting the project results together with other related research activity performed
elsewhere. Specific invitations have been sent to leading researchers in the area of security
and software engineering and the response has been very good. The event has been widely
advertised on relevant mailing lists and institutional interest groups, thus reaching a wide and
qualified audience.
5.4 Special Session “On the Interrelationships between Trust and Security” at
FET09
During the third year of the RE-TRUST project a proposal was submitted to the program
committee of the Science beyond Fiction conference FET’09 for the organization of a special
session On the Interrelationship between Trust and Security. The conference organizers
accepted the proposal and the session was structured as follows:
Moderator:
Alessandro Zorat – Univ. of Trento – Italy – RE-TRUST project
Speakers:
Yoram Ofek – Univ. of Trento - Italy– RE-TRUST project
Antonio Maña – Univ. of Malaga - Spain
Amir Herzberg - Bar-Ilan University - Israel
Brecht Wyseur – KU Leuven - Belgium– RE-TRUST project
Ahmad-Reza Sadeghi – Ruhr-University Bochum - Germany
The speakers involved in the RE-TRUST project presented the concepts that are at the
base of the project itself, the approaches adopted and the solutions that were developed
within the project, taking into account the aspects of security and comparing them to those
more related to security issues.
A knowledgeable audience that interacted with the panellists with questions, comments
and interesting thought-provoking insights attended the special session.
5.5 Special session
Special Session on "Security in Networked and Distributed Systems" on 17th Euromicro
International Conference on Parallel, Distributed and network-based Processing (PDP 2009).
Weimar, Germany. February 18-20, 2009. IEEE Computer Society. 2009.
Session chair:
Igor Kotenko
Speakers:
Gernot Bauer - Graz University of Technology - Austria
Igor Kotenko- SPIIRAS – Russia - RE-TRUST project
Magdalena Payeras- University of the Balearic Islands - Spain
Final report on Dissemination and Exploitation of Knowledge
14
Daniele Sgandurra - Universit`a di Pisa - Italy
The speakers involved in the RE-TRUST project presented the main concepts of RE-
TRUST project, especially the issues of using ideas from RE-TRUST for development of
secure protocols.
5.6 Internal Dissemination
Although the following activities should be more correctly counted as part of the
(internal) coordination activities, one should not forget the activities that were required for
the internal dissemination of the progress and results, to synchronize the efforts and make the
various partners of the RE-TRUST project aware of software that has been made available by
one group to be used within the project. These activities – that are reported elsewhere –
included the weekly conference calls and the face-to-face meetings that took place whenever
the need arose, in addition to the quarterly meetings.
5.7 Presentations to International Standard Bodies
A presentation of the results achieved within the RE-TRUST project to the Trusted
Computing Group (TCG) during their meeting that took place on June 16-18, 2009 in San
Diego, USA.
The results were also communicated to members of the Open Mobile Terminal Platform
(OMTP) during a conference call in August 2009.
5.8 Additional Dissemination Activities
Additional functionalities have been added to the RE-TRUST website and the BSCW
repository to allow regulated access to external people interested in trusted computing and the
RE- TRUST project in particular: Links to other projects and relevant conferences in this area
have been added so that interested people will have a quick way of reaching the current
developments in this field of research.
The fruitful cooperation with Prof. Amir Herzberg and Prof. Christian Collberg started in
the previous years of the project has continued during the third year of the project. The
cooperation took the form of seminars by professors Herzberg and Collberg, discussions, and
“brainstorm sessions”, leading to the publication of joint papers.
A description of the aims, goals, and achievements of the RE-TRUST project has been
published on EU-Profile, a publication targeted to researchers, scientists and practitioners
interested or involved in EU-supported projects.
Final report on Dissemination and Exploitation of Knowledge
15
6. List of Publications
Year 2007
W1.1 Brecht Wyseur, Wil Michiels, Paul Gorissen and Bart Preneel,
“Cryptanalysis of White-Box DES Implementations with Arbitrary External
Encodings”, SAC 2007 - Workshop on Selected Areas of Cryptography, Ottawa,
Canada, August 16-17, 2007.
W1.2 Dries Schellekens, Brecht Wyseur and Bart Preneel, “Remote Attestation
on Legacy Operating Systems with Trusted Platform Modules,” REM 2007 -
International Workshop on Run Time Enforcement for Mobile and Distributed
Systems, Dresden, Germany, September 27, 2007.
C1.1 Mariano Ceccato, Mila Preda, Jasvir Nagra, Christian Collberg and Paolo
Tonella, “Barrier Slicing for Remote Software Trusting”, in proceedings of
IEEE International Working Conference on Source Code Analysis and
Manipulation (SCAM 2007), Paris, France, pp.27-36, Sept. 30-Oct. 1 2007
C1.2 Christian Collberg, Jasvir Nagra and Fei-Yue Wang, “Surreptitious
Software: Models from Biology and History,” MMM-ACNS 2007 -
International Conference Mathematical Methods, Models and Architectures for
Computer Networks Security, St. Petersburg, Russia, September 13-15, 2007.
C1.3 Jean-Daniel Aussel, “Smart Cards and Digital Security,” MMM-ACNS
2007 - International Conference Mathematical Methods, Models and
Architectures for Computer Networks Security, St. Petersburg, Russia,
September 13-15, 2007.
R1.1
C1.4
Vasiliy Desnitsky, Igor Kotenko, “Models of Remote Authentication for
Software Protection”, Proceedings of International Conferences AIS'07 -
Intelligent systems and CAD-2007 - Intelligent CAD, pp. 43-50, Moscow,
Fizmatlit, 2007. In Russian.
TOTAL for 2007: 2 workshops, 4 conferences, 0 journals
Final report on Dissemination and Exploitation of Knowledge
16
Year 2008
C2.1 Jasvir Nagra, Mariano Ceccato and Paolo Tonella, “Distributing Trust
Verification to Increase Application Performance,” Proceeding of the 16th
Euromicro Conference on Parallel, Distributed and Network-based, D. E. Baz,
J. Bourgeois and F. Spies (Eds), Toulouse, France, pp.604-610, February 2008
C2.2 Riccardo Scandariato, Yoram Ofek, Paolo Falcarin and Mario Baldi,
“Application-oriented trust in distributed computing”. ARES 2008 -
International Conference on Availability, Reliability and Security, Barcelona
(Spain), March 2008.
C2.3 Mariano Ceccato, Yoram Ofek and Paolo Tonella, “Remote entrusting by run-
time software authentication”, Proceedings of the 34th
Conference on Current
Trends in Theory and Practice of Computer Science (SOFSEM 2008),,Tatras,
Slovakia, January, 2008. V. Geffert, J. Karhumaki, A. Bertoni, B. Preneel, P.
Navrat, and M. Bielikova, (Eds),Vol. 4910 of Lecture Notes in Computer
Science, pp. 83-97, Springer, January 2008.
W2.1 Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo
Ricca, Marco Torchiano, Paolo Tonella,
“Towards Experimental Evaluation of Code Obfuscation Techniques”,
QoP2008 - 4th Workshop on Quality of Protection, colocated with CCS2008 -
15th
ACM Conference on Computer and Communications Security, pp. 39-46,
2008
C2.4 A. Ali, Jean-Daniel Aussel, L. Castillo, Jerome D'Annoville, S. Durand, K. Lu,
“Smart Cards and remote entrusting”, Future of Trust in Computing, 2nd
conference - Berlin, Germany, June 30 - July 02, 2008.
R2.1
C2.5
Vasiliy Desnitsky, Igor Kotenko, “Model of software protection based on
remote entrusting mechanism”, 5th
Inter-regional Conference Information
Security of Russia Regions, Selected papers proceedings, St. Petersburg, 2008.
In Russian.
R2.2
J2.1
Igor Kotenko, Vasiliy Desnitsky, “Aspect-oriented approach to mobile module
realization in security model based on remote entrusting mechanism”,
Information Technologies and Computing Systems, 2008. In Russian.
R2.3
J2.2
Vasiliy Desnitsky, Igor Kotenko, “Software protection based on remote
entrusting mechanism”, News of High schools, Instrument making, Vol.51,
No.11, ISSN 0021-3454, 2008. In Russian.
R2.4
J2.3
Vasiliy Desnitsky, Igor Kotenko, Sergey Reznik, “Development and
verification of message exchange protocol for protection of programs based on
remote entrusting mechanism”, Information Security - Inside, No.4-5, 2008. In
Russian.
R2.5
C2.6
Vasiliy Desnitsky, Igor Kotenko, Sergey Reznik, “Development and analysis of
message exchange protocol for remote entrusting mechanism”, Proceedings of
International Conferences AIS'08 - Intelligent systems and CAD-2008 -
Intelligent CAD, Moscow, Fizmatlit, 2008. In Russian.
Final report on Dissemination and Exploitation of Knowledge
17
Amir Herzberg, Haya Shulman, “Robust Combiners for White-Box Secutity”,
E-print version available at: http://eprint.iacr.org/2008/150
Amir Herzberg, Haya Shulman, Amitabh Saxena, Bruno Crispo, “Towards a
Theory of White-Box Security”, E-print version available at:
http://www.springerlink.com/content/650j31551pm517p2/
C2.7 J. Cappaert, B. Preneel, B. Anckaert, M. Madou, and K. De Bosschere,
“Towards Tamper Resistant Code Encryption: Practice and Experience”, In
Information Security Practice and Experience Conference LNCS 4991, L.
Chen, Y. Mu, and W. Susilo (eds.), pp. 86-100, 2008
W2.2 D. Schellekens, B. Wyseur, and B. Preneel,
“Remote attestation on legacy operating systems with trusted platform
modules”, 1st International Workshop on Run Time Enforcement for Mobile and
Distributed Systems (REM 2007), Electronic Notes in Theoretical Computer
Science197(1), F. Massacci, and F. Piessens (eds.), Elsevier, pp. 59-72, 2008.
J2.4 D. Schellekens, B. Wyseur, and B. Preneel,
“Remote attestation on legacy operating systems with trusted platform
modules”, in Special Issue on Science of Computer Programming, Vol. 74(1-2),
pp. 13-22, 2008.
C2.8 Mariano Ceccato, Jasvir Nagra and Paolo Tonella.
“Distributing trust verification to increase application performance”.
<http://selab.fbk.eu/ceccato/papers/2008/pdp2008.html>
In D. E. Baz, J. Bourgeois and F. Spies editors, Proc. of the 16th
Euromicro
Conference on Parallel, Distributed and Network-based Processing (PDP
2008), pp. 604-610. IEEE Computer Society, February 2008
C2.9 Riccardo Scandariato, Yoram Ofek, Paolo Falcarin and Mario Baldi,
“Application-oriented trust in distributed computing”,
ARES 2008 - International Conference on Availability, Reliability and
Security, Barcelona (Spain), March 2008
W2.3 Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo
Ricca, Marco Torchiano and Paolo Tonella.
“Towards experimental evaluation of code obfuscation techniques”,
<http://selab.fbk.eu/ceccato/papers/2008/qop2008.html>
In Proceedings of the 4th
ACM workshop on Quality of Protection (QoP 08),
Alexandria (Virginia), USA, pp. 39-46, 27 October 2008.
R2.6
C2.10
Vasiliy Desnitsky, Igor Kotenko, “Model of software protection based on
remote entrusting mechanism”, 5th
Inter-regional Conference Information
Security of Russia Regions, Selected papers proceedings, St. Petersburg, 2008,
in Russian.
J2.5 Igor Kotenko, Vasiliy Desnitsky, “Aspect-oriented approach to mobile module
realization in security model based on remote entrusting mechanism”,
Information Technologies and Computing Systems, 2008, in Russian.
J2.6 Vasiliy Desnitsky, Igor Kotenko, “Software protection based on remote
entrusting mechanism”, News of High schools, Instrument Making, Vol. 51,
N.11, ISSN 0021-3454, 2008, in Russian.
Final report on Dissemination and Exploitation of Knowledge
18
R2.7
J2.7
Vasiliy Desnitsky, Igor Kotenko, Sergey Reznik, “Development and
verification of message exchange protocol for protection of programs based on
remote entrusting mechanism”, Information Security - Inside, No.4-5, 2008, in
Russian.
C2.11 Vasiliy Desnitsky, Igor Kotenko, Sergey Reznik, “Development and analysis of
message exchange protocol for remote entrusting mechanism”, Proceedings of
International Conferences AIS'08 - Intelligent systems and CAD-2008 -
Intelligent CAD, Moscow, Fizmatlit, 2008, in Russian.
W2.4 Yoram Ofek; “Remote-Entrusting Paradigm for Protecting and Entrusting the
Internet Infrastructure and Applications”, 2008 EuroTRUSTAmI 2nd
edition;
Sophie Antipolis, France, 2008
W2.5 Special Session on “Security in Networked and Distributed Systems” (Chair -
Igor Kotenko) on 16th
Euromicro International Conference on Parallel,
Distributed and Network-based Processing (PDP 2008). Toulouse, France.
February 13-15 2008. IEEE Computer Society, 2008.
TOTAL for 2008: 5 workshops, 11 conferences, 7 journals
Final report on Dissemination and Exploitation of Knowledge
19
Year 2009
C3.1 A. Saxena, B. Wyseur, and B. Preneel,
“Towards Security Notions for White-Box Cryptography”,
In Information Security - 12th International Conference, ISC 2009, Lecture
Notes in Computer Science, Springer-Verlag, 11 pages, 2009
C3.2 Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo
Ricca, Marco Torchiano and Paolo Tonella.
“The Effectiveness of Source Code Obfuscation: an Experimental Assessment”.
In proceedings of IEEE International Conference on Program Comprehension
(ICPC2009), May 2009.
J3.1 Mariano Ceccato, Mila Dalla Preda, Jasvir Nagra, Christian Collberg, Paolo
Tonella, “Trading-off Security and Performance in Barrier Slicing for Remote
Software Entrusting”, JASE - Journal of Automated Software Engineering,
Springer, Netherlands. Vol.16, N. 12, pp. 235-261, June 2009.
C3.3 Vasiliy Desnitsky, Igor Kotenko.
“Analysis and Design of Entrusting Protocol for Distributed Software
Protection”.
Proceedings of the 17th
Euromicro International Conference on Parallel,
Distributed and network-based Processing (PDP 2009). Weimar, Germany.
SEA-Publications: SEA-SR-21. 2009. pp. 8-9. (Extended abstract), February
2009
W3.1 Vasily Desnitsky, Igor Kotenko.
“Design of Entrusting Protocols for Software Protection”. 4th
International
Workshop on Information Fusion and Geographical Information Systems
(IF&GIS’09). St. Petersburg, Russia. Lecture Notes in Geoinformation and
Cartography. Springer-Verlag, May 17-20, 2009.
R3.1
J3.2
Sergey Reznik, Igor Kotenko.
“Analysis of methods and tools of security protocol verification for their
combined usage”, Information Security - Inside, No.3, 2009.
C3.4 Vasily Desnitsky, Igor Kotenko. “An Approach for Software Protection based
on Remote Entrusting”.
11th
Conference “RusCrypto” on Cryptology, Steganography, Digital Signature
and Security Systems. Zvenigorod, Russia. (Extended abstract), April 2-5, 2009
C3.5 Mariano Ceccato, Mila Dalla Preda, Anirban Majumdar, Paolo Tonella.
“Remote software protection by orthogonal client replacement”,
<http://selab.fbk.eu/ceccato/papers/2009/sac2009.html> In D. Shin, editor,
Proceedings of the 24th
ACM Symposium on Applied Computing (SAC 2009),
pp. 448-455, March 9-12, 2009
C3.6 B. Wyseur, “RE-TRUST: Trustworthy Execution of SW on Remote
UntrustedPlatforms”, In Highlights of the Information Security Solutions
Europe 2009 Conference (ISSE 2009), Vieweg, 8 pages, 2009.
Final report on Dissemination and Exploitation of Knowledge
20
C3.7 S. Faust, L. Reyzin, and E. Tromer, “Protecting Circuits from
Computationally-Bounded Leakage”, http://eprint.iacr.org/2009/379, pp.
1-48, 2009.
C3.8 S. Faust, E. Kiltz, K. Pietrzak, and G. Rothblum, “Leakage Reislient
Signatures”, http://eprint.iacr.org/2009/282.pdf, pp. 1-21, 2009.
R 3.1 B. Wyseur, “White-Box Cryptography”, PhD thesis, Katholieke
Universiteit Leuven, B. Preneel (promotor), 169+32 pages, 2009.
TOTAL for 2009: 1 workshops, 8 conferences, 2 journals
Final report on Dissemination and Exploitation of Knowledge
21
6.1 Summary
Year Workshops Conferences Journals
2007 2 4 0
2008 5 11 7
2009 1 8 2
6.2 Reports
R1 N. Kisserli, and B. Preneel, “Surgical fuzzing of open source applications
using static analysis,” COSIC internal report, 5 pages, 2008.
R2 Yoram Ofek “Remote-Entrusting Paradigm for Protecting and Entrusting the
Internet Infrastructure and Applications”, Israel-Italy Scientific Meeting, Tel-
Aviv, Israel – May 2008