On the impossibility of effectively using likely-invariants for software attestation purposes. Viticchié, A., Basile, C., Valenza, F., & Lioy, A. J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 9(2):1–25, 2018.
On the impossibility of effectively using likely-invariants for software attestation purposes [pdf]Paper  doi  abstract   bibtex   
Invariants monitoring is a software attestation technique that aims at proving the integrity of a run-ning application by checking likely-invariants, which are statistically significant predicates inferred on variables’ values. Being very promising, according to the software protection literature, we de-veloped a technique to remotely monitor invariants. This paper presents the analysis we performed to assess the effectiveness of our technique and the effectiveness of likely-invariants for software attestation purposes. Moreover, it illustrates the identified limitations and our attempts to improve the detection abilities of this technique. Our results suggest that, although further studies and future results might increase its effectiveness and reduce the side effects, software attestation based on likely-invariants is not yet ready for the real world. Software developers should be warned of these limitations, if they would be tempted by adopting this technique, and companies developing software protections should not invest in development without investing in further research too. © 2018, Innovative Information Science and Technology Research Group.

Downloads: 0