Final dissemination and exploitation report v2re-trust.dit.unitn.it/files/deliverable/D5.4.1-y3.pdf · 2011-09-13 · Final report on Dissemination and Exploitation of Knowledge 7

Sixth Framework Programme

Information Society Technology

RE-TRUST

Remote EnTrusting by RUn-time Software auThentication

Project Number: FP6 - 021186

Final report on Dissemination and Exploitation of Knowledge


2

Summary

Project Number: FP6-021186

Project Title: RE-TRUST: Remote EnTrusting by RUn-time Software

authentication

Deliverable Type: RP

Deliverable Number: D5.4

Contractual Date of Delivery: October 2009

Actual Date of Delivery: December 2009

Title of Deliverable: Project Dissemination

Workpackage Contributing to the

Deliverable:

Nature of the Deliverable: Report

Author(s): Yoram Ofek (UniTN)

Alessandro Zorat (UniTN)

Cataldo Basile (UniTN)

Brecht Wyseur (KUL)

Dries Schellekens (KUL)

Jerome D’Anoville (GTO)

Igor Kotenko (SPIIRAS)

Stefano Di Carlo (POLITO)

Mario Baldi (POLITO)

Reviewer(s): Yoram Ofek, Alessandro Zorat

Abstract: Outlines the dissemination plan for the outcomes of the RE-

TRUST project targeting academic, industrial and general user

communities.

Keywords: Dissemination plan, target community, information transfer

Classification: N/A

Name of Client: European Commission

Distribution List: European Commission Project Partners

Authorised by: Yoram Ofek, Alessandro Zorat - University of Trento

Issue: 1.0

Reference: RE-TRUST Deliverable

Total Number of Pages: 21

Contact Details: Prof. Alessandro ZORAT

University of Trento

Dept. of Ingegneria e Scienza dell’Informazione (DISI)

Trento, Italy

Phone: +39 0461 28 2031 (office)

Fax +39 0461 28 3786

E-mail: [email protected]


3

Table of Contents

1. Purpose of this document ........................................................................................4

2. Target Audience Identification and Dissemination Strategies ............................5

2.1 Identification of target audiences for dissemination..........................................5

2.2 Identification of specific Journals, Workshops, and Conferences targeted for

dissemination .........................................................................................................................5

3. Work Currently in Progress ...................................................................................7

3.1 List of papers accepted for publication or being submitted...............................7

4. Future Plans for Dissemination and Exploitation of Results...............................9

4.1 University of Trento - UNITN...........................................................................9

4.2 Politecnico di Torino - POLITO........................................................................9

4.3 Gemalto - GTO ..................................................................................................9

4.4 Katholieke Universiteit Leuven - KUL..............................................................9

4.5 St .Petersburg Institute for Informatics and Automation of the Russian

Academy of Sciences - SPIIRAS.........................................................................................10

5. Past Dissemination Activities (D5.4) ....................................................................12

5.1 Papers, Conferences and Workshops...............................................................12

5.2 Invited talks......................................................................................................12

5.3 RE-TRUST international workshops...............................................................13

5.4 Special Session “On the Interrelationships between Trust and Security” at

FET09 13

5.5 Special session .................................................................................................13

5.6 Internal Dissemination .....................................................................................14

5.7 Presentations to International Standard Bodies ...............................................14

5.8 Additional Dissemination Activities................................................................14

6. List of Publications ................................................................................................15

6.1 Summary..........................................................................................................21

6.2 Reports .............................................................................................................21


4

1. Purpose of this document

The purpose of this document is threefold:

• to outline the activities that were undertaken within the RE-TRUST project to

bring the results of the project to the attention of the widest possible audience,

• to list the dissemination activities that are still “in the publication pipeline” and

are regarded as “work in progress”,

• to illustrate the future plans for further dissemination and exploitation of the

results of the project.

The activities that took place during the three years of the project have already been

described in the Dissemination Report (deliverable D5.4) and this document will amply take

information from that report for the past activities.

This document is structured as follows: First, the target audiences for the dissemination

of results is identified, together with the workshops, conferences, and journals that were

deemed most important as venues to reach such target audiences. After that, the current

“work-in-progress” will be listed.

Following that, the plans by each partner for future dissemination and/or exploitation of

the results of the projects are outlined. Finally, the past activities are reported, in accordance

to D5.4.


5

2. Target Audience Identification and Dissemination Strategies

2.1 Identification of target audiences for dissemination

The overall target audience for the dissemination was identified with the academic and

industrial communities, in addition to international standard bodies and, finally, the general

public. In particular, the intent was to reach the community of researchers and practitioners

that operate in the area of software engineering at large, with special attention to the areas of

security, software protection, software engineering, reverse engineering, and including the

area of hardware-based security.

The activities targeted to academic audiences were centred primarily on presentations

and article submissions to conferences, workshops, and journals, as these venues, being

subject to rigorous peer-review, give increased credibility and visibility to the outcomes of

the project that, in turn, encourages their adoption.

The activities targeted to industrial audiences have been also driven partly by exposure

to industrial members during conferences and workshops. In addition, direct contact with

industry by all project partners was considered as a valid channel to disseminate the project’s

result and general approach.

Activities targeted to dissemination to the international standard bodies were mostly

carried out by the industrial partner Gemalto who had the possibility of being invited to

present the project results to international bodies such as the Trusted Computing Group

(TCG) and the Open Mobile Terminal Platform (OMTP).

For the dissemination to a more general audience the use of the project website

(http://www.RE-TRUST.org/) was deemed the most adequate and effective venue to reach a

large number of potentially interested people. The website was designed to introduce the

objectives and results of the project to persons and organizations of varying background and

has attracted a fair number of visitors. The website was regularly updated to provide feedback

on the project progress, discoveries and events.

Finally, presentations during EU-sponsored events such as the “EuroTRUST AmI”

workshops in Sophie Antipolis (France) and the “Science beyond Fiction” FET’09

conference in Prague (Czech Republic) were considered as a very good venue to reach wide

academic, industrial and general public audiences.

2.2 Identification of specific Journals, Workshops, and Conferences targeted for

dissemination

During the meeting in Paris (March 2009) several conferences and journals were

identified as representing the primary means of dissemination of the results obtained in the

RE-TRUST project.

For publication on archival journals, the preference was given to highly respected and

influential journals, with peer review and international audience, such as those of the ACM

and IEEE. Considered of particular interest and desirability were the Communications to the

ACM, the ACM Transactions on Information and System Security, the IEEE Transactions of

Software Engineering, the IEEE Transactions on Systems, Man, and Cybernetics, and the

Software Practice and Experience published by Wiley.

Additional journals were selected for their reputation and readership within specific

areas, in an attempt to reach the specific audiences outlined earlier on. In this category, the


6

list of target journal included the IEEE Security and Privacy magazine, the IEEE Journal on

Selected Areas of Communications, the International Journal of Computer Science &

Network Security.

Since one of the project partners (SPIIRAS) is based in Russia, the Russian journal

Information Security - Inside (in Russian) was also considered.

Among the international conferences and workshops, the list included the IEEE

Symposium on Security & Privacy, the European Symposium on Research in Computer

Security (ESORICS’09), the Annual ACM Symposium on “Applied Computing” (SAC), the

ACM Conference on Computer and Communications Security (CCS), the workshop on

Cryptographic Hardware and Embedded Systems (CHES).

Once again, conferences in Russian were also included in the list.

Finally, as mentioned earlier, participation to “EuroTRUST AmI” workshops and to the

“Science beyond Fiction” FET’09 conference were considered as a good way of

disseminating the results of the project to specialists and non-specialists alike.


7

3. Work Currently in Progress

3.1 List of papers accepted for publication or being submitted

1 S. Dicarlo, P. Falcarin, A. Cabutto, “Exploiting continuous replacement to

increase reverse engineering complexity”, submitted to IEEE Transactions on

Systems, Man, and Cybernetics

The paper has been currently rejected. The main concern of the reviewers where

about the scalability of the proposed approach, and also the presentation of the work

need to be improved. We are going to perform additional analysis, and an improved

version of the paper will be submitted shortly to a journal

2 C. Basile, S. Di Carlo, T. Herlea, J. Nagra, and B. Wyseur, “Towards a Formal

Model for Software Tamper Resistance”, 16 pages, 2009.

3 S. Dicarlo, A. Scionti, A. Basile, “MobHaT: code mobility and reconfigurable

computing joining forces for software protection”, submitted to the IEEE Transactions

on Systems, Man, and Cybernetics for a special issue on security and dependability of

embedded systems.

The paper got positive comments from the reviewers and has been judged as

"potentially publishable". However, the reviewers asked for some improvement and

modification. We are going to submit a revised version shortly and a final decision will

be probably given by the end of 2009.

4 S. Dicarlo, A. Basile, D. Barberis, “Remote Entrusting via Program Invariants

Monitoring”, to be submitted to IEEE Software

The paper is almost ready and will be submitted by the end of the year

5 Vasiliy Desnitsky, “Scalability and Security of Remote Entrusting Protection”, VI

St.Petersburg Interregional Conference “Information Security of Russian Regions

(ISRR-2009)”. St.Petersburg, Russia. October 28-30, 2009. Conference Proceedings.

St.Petersburg, 2009. In Russian.

6 Vasiliy Desnitsky, “Configuration of software protection mechanism by using

security policies”, VI St.Petersburg Interregional Conference “Information Security of

Russian Regions (ISRR-2009)”. St.Petersburg, Russia. October 28-30, 2009.

Conference Proceedings. St.Petersburg, 2009. In Russian.

7 Vasiliy Desnitsky, Igor Kotenko, “Software protection based on Remote

Entrusting”, Materials of the Forth International Scientific Conference on Security

Issues and Counter Terrorism. Moscow State University. 2010. In Russian.

8 Vasiliy Desnitsky, Igor Kotenko, “Security and Performance of Remote

Entrusting Protection”, Risks and security management. Proceedings of Institute of

System Analysis of Russian Academy of Science. Moscow, URSS, 2010.

9 Vasiliy Desnitsky, Igor Kotenko, “Technique for selecting the optimal

combination of software protection mechanisms”, News of High schools, Instrument

making, 2010. In Russian.

10 Vasiliy Desnitsky, Igor Kotenko, “Methods of software protection based on

remote entrusting”, Information Security - Inside, No.1, 2010. In Russian.

11 Vasiliy Desnitsky, “Combined method for software protection against malicious

impacts”, PhD thesis, SPIIRAS, I. Kotenko (Supervisor), 2010. In Russian.


8

12 Sergey Reznik, “Security Protocol Verification”, PhD thesis, SPIIRAS, I.

Kotenko (Supervisor), 2010. In Russian.

13 S. Faust et al. “Leakage Resilient Signatures”, (submitted to TCC 2010)

14 S. Faust et al. “Protecting Circuits from Leakage: the Computational and Noisy

Cases”, (submitted to Eurocrypt 2010)

15 B. Wyseur et al. “Towards security notions for WBC”,

(to be submitted to a journal)

16 J. Cappaert et al. “A general model for hiding program control flow”,

(presented at RE-TRUST workshop, to be submitted to a conference

17 D. Schellekens, “Design and analysis of trusted computing platforms”,

(doctoral dissertation in preparation)

18

J. Cappaert, B. Wyseur, and C. Basile, “Software Security Techniques”,

(to be submitted to a journal)


9

4. Future Plans for Dissemination and Exploitation of Results

4.1 University of Trento - UNITN

UNITN intends to promote the dissemination of the results of the project through the

usual publication in scientific papers and journals. In addition, UNITN plans to maintain and

keep up to date the RE-Trust web site that has worked as a repository of links to papers and

conferences, both for internal and for external researchers and practitioners.

The University of Trento is participating to the advisory board to a new “King Arthur”

research proposal that has been submitted to the European Union under the STREP

programme. The consortium that submitted the King Arthur proposal includes the partners

that were in the RE-TRUST project. It can be considered as a prosecution of the RE-TRUST

project as it builds upon the results of the latter to tackle security and trust problem in ICT.

4.2 Politecnico di Torino - POLITO

POLITO has several papers currently being prepared or that have been submitted for

publication (see table above).

In addition, there has been considerable interest in the software and tools that were

developed during the project and that were part of the final demonstrator shown in the review

session at Riva del Garda, Italy in October 2009. The software and related tools developed by

the Politecnico di Torino will be published on the project's website, as well as on the website

of the TestGroup of Politecnico di Torino (www.testgroup.polito.it). Further ongoing work is

aimed to provide additional capabilities to the available tools. To this end, there will be a

follow-up on possibilities of cooperation between POLITO and the companies that have

shown interest in the implementation of the techniques developed within the project.

4.3 Gemalto - GTO

In order to exploit the results of the project Gemalto is promoting the USB dongle

among potential client. It is currently proposed as a product. At present the main application

protected by the USB dongle is a Voice Over IP (VoIP) softphone and it appears that there

are already many VoIP solutions available.

Gemalto is considering putting a security application to be hosted by the USB dongle

next to the softphone. The purpose is to emphasis the differentiating extra security brought by

the USB dongle compared to other available softphone applications. Development is under

way and a prototype should by available in January 2010. There is a major exhibition (GSM

World Congress) in February 2010. The plan is to demonstrate during this exhibition the

feature of this future product.

4.4 Katholieke Universiteit Leuven - KUL

The deliverables of the RE-TRUST project, both publications and prototype

implementations, provided several conclusions which will have an impact on the KUL plans

for future research directions and that can be summarized by the following list:

Theoretic versus practical. It is still clear that there is a considerable gap between

theoretic software security research and the corresponding practical solutions. For example,


10

white-box cryptography and code obfuscation both try to hide internals of a piece of

software. The former does this in a stronger, more mathematical way, which usually comes

with full or partial security proofs. While the latter typically relies on heuristic techniques

which are considered less secure, but more practical to deploy and to trade-off with

performance. It is obvious that the best of both worlds would lead to a both qualitative and

secure solution for software protection.

Hardware versus software. The last decade, many publications on software protection

techniques have been published. However, secure standalone solutions which only rely on

software seem hard to achieve in a white-box scenario where the attacker has full privileges.

This was also indicated in several RE-TRUST deliverables. This problem has always been

present in the areas of code obfuscation, software watermarking, tamper resistance, remote

attestation, etc. The hardware world, on the other hand, offers secure micro systems (e.g.

smartcards), which can be used as a building block to base software solutions on.

Diversity and self-modifying code. The RE-TRUST solution indicates that to fully

protect against attacks at all time, it is required that an attacker breaking one instance of (a

part of) a program learns very little from the next version. Therefore, the concept “dynamic

replacement” was set up. Furthermore, self-modifying code proves to be a very promising

and challenging technique to protect against analysis and tampering attacks. For example, it

has been shown that self-modifying code can detect, and thus protect, against the memory

duplication attack.

The research directions mentioned above have already found partial realization in the

following two projects currently being pursued at KUL:

• SEC SODA: Security of Software for Distributed Applications (accepted)

The SEC SODA project contributes to the global security of software via three

strategic research activities: 1) supporting development of security-aware

software architectures, 2) providing programming models that provably

guarantee the absence of particular security problems, and 3) enabling the

trustworthy deployment of secure software. COSIC’s main focus is on the

trustworthy deployment. This research includes self-checking and self-

modifying code techniques, synergies between code obfuscation and white-box

cryptography, remote attestation in both hardware and software, and several

other software protection techniques.

• TENSE: Trustworthy Embedded Networked Systems (proposal)

The goal of this research project proposal is to enhance the security of

networked, embedded computing devices. A networked, embedded computing

device consists of a hardware part and a software part; both components play

an essential role in the overall security of a device. In this project COSIC will

build on the knowledge gained in the RE-TRUST project, specifically in the

area of software tamper resistance, obfuscation, white-box cryptography and

attestation protocols.

4.5 St. Petersburg Institute for Informatics and Automation of the Russian Academy

of Sciences - SPIIRAS

SPIIRAS is planning to develop the software for calculation of security and performance

metrics of Remote Entrusting protection techniques as well as optimal combining of software

protection techniques against malicious impacts. This software will be made available

through the RE-Trust project site, as well as other web-distribution sites.


11


12

5. Past Dissemination Activities (D5.4)

5.1 Papers, Conferences and Workshops

During the three years of the RE-TRUST project a number of activities were carried out

to disseminate the results of the project and to promote the knowledge regarding the “basic

philosophy” and approach of the project. Primarily, the activities have been centred on

presentation at conferences and workshops, submissions to journal and magazines, and

making the non-confidential material that was developed during the course of the project

available through the project’s web site.

The detailed lists of publications can be found in the appendix to this document. The

following table shows a summary of the various publications during the project duration.

Year Workshops Conferences Journals

2007 4 2

2008 12 5 7

2009 5 1 2

In progress 18

The publications above, either in workshops, conferences or journals, were primarily

aimed at reaching the academic and industrial communities. In addition, industrial

researchers and practitioners were reached by direct contact by the project partners.

Controlled access to knowledge generated within the project was provided through the

project’s web site, allowing for interaction among project members and industrial participants

and for disseminating information to persons and organizations interested in the project

outcomes.

5.2 Invited talks

The following speakers were invited to present the RE-TRUST project:

• Yoram Ofek “Remote-Entrusting Paradigm for Protecting and Entrusting the

Internet Infrastructure and Applications”, Israel-Italy Scientific Meeting, Tel-

Aviv, Israel – May 2008

• Brecht Wyseur, “Introduction to White-Box Cryptography”. At Special Summer

School hosted by the ECRYPT Network of Excellence, May 16th, 2008, Crete,

Greece

• Brecht Wyseur, “White-Box Cryptography”. At AscureTV customer business

seminar 2008, May 8, 2008, Brussels, Belgium.

• Brecht Wyseur, “Software Security”. International Course on Computer Security

and Cryptography, Leuven, Belgium, June 8, 2009.

• Mario Baldi, “Trusted Remote Execution: Relevance, Possible Solutions, and the

RE-TRUST Project”, keynote speech presented at the 3-rd Workshop of the

International Society for Scientific Inventions (ISSI), Beijing, China, October 24-

25, 2009.


13

5.3 RE-TRUST international workshops

During the course of the project, two international workshops (RE-Trust’07 and RE-

TRUST’08) were organized. These workshops attracted a good number of scientists

interested in related issues and topics and presented their own results, in addition to being

exposed to the results stemming from the RE-TRUST project. The detailed descriptions of

these meetings can be found in the previous annual reports and in the project’s web site.

The final international RE-TRUST’09 workshop took place from September 30 to

October 1, 2009, in Riva del Garda (Trento), Italy. This is an International Open Workshop

for presenting the project results together with other related research activity performed

elsewhere. Specific invitations have been sent to leading researchers in the area of security

and software engineering and the response has been very good. The event has been widely

advertised on relevant mailing lists and institutional interest groups, thus reaching a wide and

qualified audience.

5.4 Special Session “On the Interrelationships between Trust and Security” at

FET09

During the third year of the RE-TRUST project a proposal was submitted to the program

committee of the Science beyond Fiction conference FET’09 for the organization of a special

session On the Interrelationship between Trust and Security. The conference organizers

accepted the proposal and the session was structured as follows:

Moderator:

Alessandro Zorat – Univ. of Trento – Italy – RE-TRUST project

Speakers:

Yoram Ofek – Univ. of Trento - Italy– RE-TRUST project

Antonio Maña – Univ. of Malaga - Spain

Amir Herzberg - Bar-Ilan University - Israel

Brecht Wyseur – KU Leuven - Belgium– RE-TRUST project

Ahmad-Reza Sadeghi – Ruhr-University Bochum - Germany

The speakers involved in the RE-TRUST project presented the concepts that are at the

base of the project itself, the approaches adopted and the solutions that were developed

within the project, taking into account the aspects of security and comparing them to those

more related to security issues.

A knowledgeable audience that interacted with the panellists with questions, comments

and interesting thought-provoking insights attended the special session.

5.5 Special session

Special Session on "Security in Networked and Distributed Systems" on 17th Euromicro

International Conference on Parallel, Distributed and network-based Processing (PDP 2009).

Weimar, Germany. February 18-20, 2009. IEEE Computer Society. 2009.

Session chair:

Igor Kotenko

Speakers:

Gernot Bauer - Graz University of Technology - Austria

Igor Kotenko- SPIIRAS – Russia - RE-TRUST project

Magdalena Payeras- University of the Balearic Islands - Spain


14

Daniele Sgandurra - Universit`a di Pisa - Italy

The speakers involved in the RE-TRUST project presented the main concepts of RE-

TRUST project, especially the issues of using ideas from RE-TRUST for development of

secure protocols.

5.6 Internal Dissemination

Although the following activities should be more correctly counted as part of the

(internal) coordination activities, one should not forget the activities that were required for

the internal dissemination of the progress and results, to synchronize the efforts and make the

various partners of the RE-TRUST project aware of software that has been made available by

one group to be used within the project. These activities – that are reported elsewhere –

included the weekly conference calls and the face-to-face meetings that took place whenever

the need arose, in addition to the quarterly meetings.

5.7 Presentations to International Standard Bodies

A presentation of the results achieved within the RE-TRUST project to the Trusted

Computing Group (TCG) during their meeting that took place on June 16-18, 2009 in San

Diego, USA.

The results were also communicated to members of the Open Mobile Terminal Platform

(OMTP) during a conference call in August 2009.

5.8 Additional Dissemination Activities

Additional functionalities have been added to the RE-TRUST website and the BSCW

repository to allow regulated access to external people interested in trusted computing and the

RE- TRUST project in particular: Links to other projects and relevant conferences in this area

have been added so that interested people will have a quick way of reaching the current

developments in this field of research.

The fruitful cooperation with Prof. Amir Herzberg and Prof. Christian Collberg started in

the previous years of the project has continued during the third year of the project. The

cooperation took the form of seminars by professors Herzberg and Collberg, discussions, and

“brainstorm sessions”, leading to the publication of joint papers.

A description of the aims, goals, and achievements of the RE-TRUST project has been

published on EU-Profile, a publication targeted to researchers, scientists and practitioners

interested or involved in EU-supported projects.


15

6. List of Publications

Year 2007

W1.1 Brecht Wyseur, Wil Michiels, Paul Gorissen and Bart Preneel,

“Cryptanalysis of White-Box DES Implementations with Arbitrary External

Encodings”, SAC 2007 - Workshop on Selected Areas of Cryptography, Ottawa,

Canada, August 16-17, 2007.

W1.2 Dries Schellekens, Brecht Wyseur and Bart Preneel, “Remote Attestation

on Legacy Operating Systems with Trusted Platform Modules,” REM 2007 -

International Workshop on Run Time Enforcement for Mobile and Distributed

Systems, Dresden, Germany, September 27, 2007.

C1.1 Mariano Ceccato, Mila Preda, Jasvir Nagra, Christian Collberg and Paolo

Tonella, “Barrier Slicing for Remote Software Trusting”, in proceedings of

IEEE International Working Conference on Source Code Analysis and

Manipulation (SCAM 2007), Paris, France, pp.27-36, Sept. 30-Oct. 1 2007

C1.2 Christian Collberg, Jasvir Nagra and Fei-Yue Wang, “Surreptitious

Software: Models from Biology and History,” MMM-ACNS 2007 -

International Conference Mathematical Methods, Models and Architectures for

Computer Networks Security, St. Petersburg, Russia, September 13-15, 2007.

C1.3 Jean-Daniel Aussel, “Smart Cards and Digital Security,” MMM-ACNS

2007 - International Conference Mathematical Methods, Models and

Architectures for Computer Networks Security, St. Petersburg, Russia,

September 13-15, 2007.

R1.1

C1.4

Vasiliy Desnitsky, Igor Kotenko, “Models of Remote Authentication for

Software Protection”, Proceedings of International Conferences AIS'07 -

Intelligent systems and CAD-2007 - Intelligent CAD, pp. 43-50, Moscow,

Fizmatlit, 2007. In Russian.

TOTAL for 2007: 2 workshops, 4 conferences, 0 journals


16

Year 2008

C2.1 Jasvir Nagra, Mariano Ceccato and Paolo Tonella, “Distributing Trust

Verification to Increase Application Performance,” Proceeding of the 16th

Euromicro Conference on Parallel, Distributed and Network-based, D. E. Baz,

J. Bourgeois and F. Spies (Eds), Toulouse, France, pp.604-610, February 2008

C2.2 Riccardo Scandariato, Yoram Ofek, Paolo Falcarin and Mario Baldi,

“Application-oriented trust in distributed computing”. ARES 2008 -

International Conference on Availability, Reliability and Security, Barcelona

(Spain), March 2008.

C2.3 Mariano Ceccato, Yoram Ofek and Paolo Tonella, “Remote entrusting by run-

time software authentication”, Proceedings of the 34th

Conference on Current

Trends in Theory and Practice of Computer Science (SOFSEM 2008),,Tatras,

Slovakia, January, 2008. V. Geffert, J. Karhumaki, A. Bertoni, B. Preneel, P.

Navrat, and M. Bielikova, (Eds),Vol. 4910 of Lecture Notes in Computer

Science, pp. 83-97, Springer, January 2008.

W2.1 Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo

Ricca, Marco Torchiano, Paolo Tonella,

“Towards Experimental Evaluation of Code Obfuscation Techniques”,

QoP2008 - 4th Workshop on Quality of Protection, colocated with CCS2008 -

15th

ACM Conference on Computer and Communications Security, pp. 39-46,

2008

C2.4 A. Ali, Jean-Daniel Aussel, L. Castillo, Jerome D'Annoville, S. Durand, K. Lu,

“Smart Cards and remote entrusting”, Future of Trust in Computing, 2nd

conference - Berlin, Germany, June 30 - July 02, 2008.

R2.1

C2.5

Vasiliy Desnitsky, Igor Kotenko, “Model of software protection based on

remote entrusting mechanism”, 5th

Inter-regional Conference Information

Security of Russia Regions, Selected papers proceedings, St. Petersburg, 2008.

In Russian.

R2.2

J2.1

Igor Kotenko, Vasiliy Desnitsky, “Aspect-oriented approach to mobile module

realization in security model based on remote entrusting mechanism”,

Information Technologies and Computing Systems, 2008. In Russian.

R2.3

J2.2

Vasiliy Desnitsky, Igor Kotenko, “Software protection based on remote

entrusting mechanism”, News of High schools, Instrument making, Vol.51,

No.11, ISSN 0021-3454, 2008. In Russian.

R2.4

J2.3

Vasiliy Desnitsky, Igor Kotenko, Sergey Reznik, “Development and

verification of message exchange protocol for protection of programs based on

remote entrusting mechanism”, Information Security - Inside, No.4-5, 2008. In

Russian.

R2.5

C2.6

Vasiliy Desnitsky, Igor Kotenko, Sergey Reznik, “Development and analysis of

message exchange protocol for remote entrusting mechanism”, Proceedings of

International Conferences AIS'08 - Intelligent systems and CAD-2008 -

Intelligent CAD, Moscow, Fizmatlit, 2008. In Russian.


17

Amir Herzberg, Haya Shulman, “Robust Combiners for White-Box Secutity”,

E-print version available at: http://eprint.iacr.org/2008/150

Amir Herzberg, Haya Shulman, Amitabh Saxena, Bruno Crispo, “Towards a

Theory of White-Box Security”, E-print version available at:

http://www.springerlink.com/content/650j31551pm517p2/

C2.7 J. Cappaert, B. Preneel, B. Anckaert, M. Madou, and K. De Bosschere,

“Towards Tamper Resistant Code Encryption: Practice and Experience”, In

Information Security Practice and Experience Conference LNCS 4991, L.

Chen, Y. Mu, and W. Susilo (eds.), pp. 86-100, 2008

W2.2 D. Schellekens, B. Wyseur, and B. Preneel,

“Remote attestation on legacy operating systems with trusted platform

modules”, 1st International Workshop on Run Time Enforcement for Mobile and

Distributed Systems (REM 2007), Electronic Notes in Theoretical Computer

Science197(1), F. Massacci, and F. Piessens (eds.), Elsevier, pp. 59-72, 2008.

J2.4 D. Schellekens, B. Wyseur, and B. Preneel,

“Remote attestation on legacy operating systems with trusted platform

modules”, in Special Issue on Science of Computer Programming, Vol. 74(1-2),

pp. 13-22, 2008.

C2.8 Mariano Ceccato, Jasvir Nagra and Paolo Tonella.

“Distributing trust verification to increase application performance”.

<http://selab.fbk.eu/ceccato/papers/2008/pdp2008.html>

In D. E. Baz, J. Bourgeois and F. Spies editors, Proc. of the 16th

Euromicro

Conference on Parallel, Distributed and Network-based Processing (PDP

2008), pp. 604-610. IEEE Computer Society, February 2008

C2.9 Riccardo Scandariato, Yoram Ofek, Paolo Falcarin and Mario Baldi,

“Application-oriented trust in distributed computing”,

ARES 2008 - International Conference on Availability, Reliability and

Security, Barcelona (Spain), March 2008

W2.3 Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo

Ricca, Marco Torchiano and Paolo Tonella.

“Towards experimental evaluation of code obfuscation techniques”,

<http://selab.fbk.eu/ceccato/papers/2008/qop2008.html>

In Proceedings of the 4th

ACM workshop on Quality of Protection (QoP 08),

Alexandria (Virginia), USA, pp. 39-46, 27 October 2008.

R2.6

C2.10

Vasiliy Desnitsky, Igor Kotenko, “Model of software protection based on

remote entrusting mechanism”, 5th

Inter-regional Conference Information

Security of Russia Regions, Selected papers proceedings, St. Petersburg, 2008,

in Russian.

J2.5 Igor Kotenko, Vasiliy Desnitsky, “Aspect-oriented approach to mobile module

realization in security model based on remote entrusting mechanism”,

Information Technologies and Computing Systems, 2008, in Russian.

J2.6 Vasiliy Desnitsky, Igor Kotenko, “Software protection based on remote

entrusting mechanism”, News of High schools, Instrument Making, Vol. 51,

N.11, ISSN 0021-3454, 2008, in Russian.


18

R2.7

J2.7

Vasiliy Desnitsky, Igor Kotenko, Sergey Reznik, “Development and

verification of message exchange protocol for protection of programs based on

remote entrusting mechanism”, Information Security - Inside, No.4-5, 2008, in

Russian.

C2.11 Vasiliy Desnitsky, Igor Kotenko, Sergey Reznik, “Development and analysis of

message exchange protocol for remote entrusting mechanism”, Proceedings of

International Conferences AIS'08 - Intelligent systems and CAD-2008 -

Intelligent CAD, Moscow, Fizmatlit, 2008, in Russian.

W2.4 Yoram Ofek; “Remote-Entrusting Paradigm for Protecting and Entrusting the

Internet Infrastructure and Applications”, 2008 EuroTRUSTAmI 2nd

edition;

Sophie Antipolis, France, 2008

W2.5 Special Session on “Security in Networked and Distributed Systems” (Chair -

Igor Kotenko) on 16th

Euromicro International Conference on Parallel,

Distributed and Network-based Processing (PDP 2008). Toulouse, France.

February 13-15 2008. IEEE Computer Society, 2008.



19

Year 2009

C3.1 A. Saxena, B. Wyseur, and B. Preneel,

“Towards Security Notions for White-Box Cryptography”,

In Information Security - 12th International Conference, ISC 2009, Lecture

Notes in Computer Science, Springer-Verlag, 11 pages, 2009

C3.2 Mariano Ceccato, Massimiliano Di Penta, Jasvir Nagra, Paolo Falcarin, Filippo

Ricca, Marco Torchiano and Paolo Tonella.

“The Effectiveness of Source Code Obfuscation: an Experimental Assessment”.

In proceedings of IEEE International Conference on Program Comprehension

(ICPC2009), May 2009.

J3.1 Mariano Ceccato, Mila Dalla Preda, Jasvir Nagra, Christian Collberg, Paolo

Tonella, “Trading-off Security and Performance in Barrier Slicing for Remote

Software Entrusting”, JASE - Journal of Automated Software Engineering,

Springer, Netherlands. Vol.16, N. 12, pp. 235-261, June 2009.

C3.3 Vasiliy Desnitsky, Igor Kotenko.

“Analysis and Design of Entrusting Protocol for Distributed Software

Protection”.

Proceedings of the 17th

Euromicro International Conference on Parallel,

Distributed and network-based Processing (PDP 2009). Weimar, Germany.

SEA-Publications: SEA-SR-21. 2009. pp. 8-9. (Extended abstract), February

2009

W3.1 Vasily Desnitsky, Igor Kotenko.

“Design of Entrusting Protocols for Software Protection”. 4th

International

Workshop on Information Fusion and Geographical Information Systems

(IF&GIS’09). St. Petersburg, Russia. Lecture Notes in Geoinformation and

Cartography. Springer-Verlag, May 17-20, 2009.

R3.1

J3.2

Sergey Reznik, Igor Kotenko.

“Analysis of methods and tools of security protocol verification for their

combined usage”, Information Security - Inside, No.3, 2009.

C3.4 Vasily Desnitsky, Igor Kotenko. “An Approach for Software Protection based

on Remote Entrusting”.

11th

Conference “RusCrypto” on Cryptology, Steganography, Digital Signature

and Security Systems. Zvenigorod, Russia. (Extended abstract), April 2-5, 2009

C3.5 Mariano Ceccato, Mila Dalla Preda, Anirban Majumdar, Paolo Tonella.

“Remote software protection by orthogonal client replacement”,

<http://selab.fbk.eu/ceccato/papers/2009/sac2009.html> In D. Shin, editor,

Proceedings of the 24th

ACM Symposium on Applied Computing (SAC 2009),

pp. 448-455, March 9-12, 2009

C3.6 B. Wyseur, “RE-TRUST: Trustworthy Execution of SW on Remote

UntrustedPlatforms”, In Highlights of the Information Security Solutions

Europe 2009 Conference (ISSE 2009), Vieweg, 8 pages, 2009.


20

C3.7 S. Faust, L. Reyzin, and E. Tromer, “Protecting Circuits from

Computationally-Bounded Leakage”, http://eprint.iacr.org/2009/379, pp.

1-48, 2009.

C3.8 S. Faust, E. Kiltz, K. Pietrzak, and G. Rothblum, “Leakage Reislient

Signatures”, http://eprint.iacr.org/2009/282.pdf, pp. 1-21, 2009.

R 3.1 B. Wyseur, “White-Box Cryptography”, PhD thesis, Katholieke

Universiteit Leuven, B. Preneel (promotor), 169+32 pages, 2009.



21

6.1 Summary

Year Workshops Conferences Journals

2007 2 4 0

2008 5 11 7

2009 1 8 2

6.2 Reports

R1 N. Kisserli, and B. Preneel, “Surgical fuzzing of open source applications

using static analysis,” COSIC internal report, 5 pages, 2008.

R2 Yoram Ofek “Remote-Entrusting Paradigm for Protecting and Entrusting the

Internet Infrastructure and Applications”, Israel-Italy Scientific Meeting, Tel-

Aviv, Israel – May 2008

Documents

Final dissemination and exploitation report v2re-trust.dit.unitn.it/files/deliverable/D5.4.1-y3.pdf · 2011-09-13 · Final report on Dissemination and Exploitation of Knowledge 7