Advanced search
1 file | 712.08 KB Add to list

Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge

(2019) EMPIRICAL SOFTWARE ENGINEERING. 24(1). p.240-286
Author
Organization
Abstract
When critical assets or functionalities are included in a piece of software accessible to the end users, code protections are used to hinder or delay the extraction or manipulation of such critical assets. The process and strategy followed by hackers to understand and tamper with protected software might differ from program understanding for benign purposes. Knowledge of the actual hacker behaviours while performing real attack tasks can inform better ways to protect the software and can provide more realistic assumptions to the developers, evaluators, and users of software protections. Within Aspire, a software protection research project funded by the EU under framework programme FP7, we have conducted three industrial case studies with the involvement of professional penetration testers and a public challenge consisting of eight attack tasks with open participation. We have applied a systematic qualitative analysis methodology to the hackers' reports relative to the industrial case studies and the public challenge. The qualitative analysis resulted in 459 and 265 annotations added respectively to the industrial and to the public challenge reports. Based on these annotations we built a taxonomy consisting of 169 concepts. They address the hacker activities related to (i) understanding code; (ii) defining the attack strategy; (iii) selecting and customizing the tools; and (iv) defeating the protections. While there are many commonalities between professional hackers and practitioners, we could spot many fundamental differences. For instance, while industrial professional hackers aim at elaborating automated and reproducible deterministic attacks, practitioners prefer to minimize the effort and try many different manual tasks. This analysis allowed us to distill a number of new research directions and potential improvements for protection techniques. In particular, considering the critical role of analysis tools, protection techniques should explicitly attack them, by exploiting analysis problems and complexity aspects that available automated techniques are bad at addressing.
Keywords
Software protection, Software hacking, Attack process, Attack model, Attack taxonomy, Empirical study, Hacker model, Reverse engineering, Analysis tools, Code understanding, Defeat protections, SOURCE CODE OBFUSCATION, COMPREHENSION, MAINTENANCE, PROGRAMMERS

Downloads

  • main.pdf
    • full text
    • |
    • open access
    • |
    • PDF
    • |
    • 712.08 KB

Citation

Please use this url to cite or link to this publication:

MLA
Ceccato, Mariano, et al. “Understanding the Behaviour of Hackers While Performing Attack Tasks in a Professional Setting and in a Public Challenge.” EMPIRICAL SOFTWARE ENGINEERING, vol. 24, no. 1, 2019, pp. 240–86, doi:10.1007/s10664-018-9625-6.
APA
Ceccato, M., Tonella, P., Basile, C., Falcarin, P., Torchiano, M., Coppens, B., & De Sutter, B. (2019). Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge. EMPIRICAL SOFTWARE ENGINEERING, 24(1), 240–286. https://doi.org/10.1007/s10664-018-9625-6
Chicago author-date
Ceccato, Mariano, Paolo Tonella, Cataldo Basile, Paolo Falcarin, Marco Torchiano, Bart Coppens, and Bjorn De Sutter. 2019. “Understanding the Behaviour of Hackers While Performing Attack Tasks in a Professional Setting and in a Public Challenge.” EMPIRICAL SOFTWARE ENGINEERING 24 (1): 240–86. https://doi.org/10.1007/s10664-018-9625-6.
Chicago author-date (all authors)
Ceccato, Mariano, Paolo Tonella, Cataldo Basile, Paolo Falcarin, Marco Torchiano, Bart Coppens, and Bjorn De Sutter. 2019. “Understanding the Behaviour of Hackers While Performing Attack Tasks in a Professional Setting and in a Public Challenge.” EMPIRICAL SOFTWARE ENGINEERING 24 (1): 240–286. doi:10.1007/s10664-018-9625-6.
Vancouver
1.
Ceccato M, Tonella P, Basile C, Falcarin P, Torchiano M, Coppens B, et al. Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge. EMPIRICAL SOFTWARE ENGINEERING. 2019;24(1):240–86.
IEEE
[1]
M. Ceccato et al., “Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge,” EMPIRICAL SOFTWARE ENGINEERING, vol. 24, no. 1, pp. 240–286, 2019.
@article{8608296,
  abstract     = {{When critical assets or functionalities are included in a piece of software accessible to the end users, code protections are used to hinder or delay the extraction or manipulation of such critical assets. The process and strategy followed by hackers to understand and tamper with protected software might differ from program understanding for benign purposes. Knowledge of the actual hacker behaviours while performing real attack tasks can inform better ways to protect the software and can provide more realistic assumptions to the developers, evaluators, and users of software protections. Within Aspire, a software protection research project funded by the EU under framework programme FP7, we have conducted three industrial case studies with the involvement of professional penetration testers and a public challenge consisting of eight attack tasks with open participation. We have applied a systematic qualitative analysis methodology to the hackers' reports relative to the industrial case studies and the public challenge. The qualitative analysis resulted in 459 and 265 annotations added respectively to the industrial and to the public challenge reports. Based on these annotations we built a taxonomy consisting of 169 concepts. They address the hacker activities related to (i) understanding code; (ii) defining the attack strategy; (iii) selecting and customizing the tools; and (iv) defeating the protections. While there are many commonalities between professional hackers and practitioners, we could spot many fundamental differences. For instance, while industrial professional hackers aim at elaborating automated and reproducible deterministic attacks, practitioners prefer to minimize the effort and try many different manual tasks. This analysis allowed us to distill a number of new research directions and potential improvements for protection techniques. In particular, considering the critical role of analysis tools, protection techniques should explicitly attack them, by exploiting analysis problems and complexity aspects that available automated techniques are bad at addressing.}},
  author       = {{Ceccato, Mariano and Tonella, Paolo and Basile, Cataldo and Falcarin, Paolo and Torchiano, Marco and Coppens, Bart and De Sutter, Bjorn}},
  issn         = {{1382-3256}},
  journal      = {{EMPIRICAL SOFTWARE ENGINEERING}},
  keywords     = {{Software protection,Software hacking,Attack process,Attack model,Attack taxonomy,Empirical study,Hacker model,Reverse engineering,Analysis tools,Code understanding,Defeat protections,SOURCE CODE OBFUSCATION,COMPREHENSION,MAINTENANCE,PROGRAMMERS}},
  language     = {{eng}},
  number       = {{1}},
  pages        = {{240--286}},
  title        = {{Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge}},
  url          = {{http://dx.doi.org/10.1007/s10664-018-9625-6}},
  volume       = {{24}},
  year         = {{2019}},
}

Altmetric
View in Altmetric
Web of Science
Times cited: