|Notification of acceptance:||Thu 1 September 2016|
|Camera-ready papers:||Thu 15 September 2016|
|Workshop date:||Fri 28 October 2016|
Software Protection techniques aim to defend the confidentiality and integrity of software applications that are exposed to an adversary that shares the execution host and access privileges of the application. This is often denoted as protection against MATE (Man-At-The-End) attacks. This is an area of growing importance. For industry, in many cases the deployment of such techniques is crucial for the survival of their business.
The aim of SPRO workshop is to bring together researchers and industrial practitioners both from software protection and the wider software engineering community to discuss software protection techniques, evaluation methodologies, and practical aspects such as tooling. The objective is to stimulate the community working in this growing area of security, and to increase the synergies between the research areas of software protection engineering and their practical deployment.
Questions that we aim to address include:
- What protection techniques can be designed to protect given assets in software applications?
- Which threats need to be considered, and how can we evaluate the robustness of protected applications with respect thereto?
- How can different protection techniques be efficiently combined and what do we gain?
- What can we learn from existing use cases?
- How can protection techniques be efficiently tooled and integrated into a build process?
These are only a few of the many questions that practitioners face recurrently.
Desired articles should aim to address these questions. We seek articles that present new software protection techniques and novel insights into the evaluation thereof; and articles that aim to discuss industrial aspects.
Desired articles should cover one or several of the following topics:
1. Software Protection techniques
- Code Obfuscation, Anti-reverse engineering
- Data obfuscation, White-box Cryptography
- Binary Rewriting, Binary Instrumentation
- Remote Attestation
- Code Virtualization, Software Dynamic Translation
- Software Tamper Resistance, Code Guards
- Software Diversity
- Software Renewability, Mobile Code
- Software Licensing, Watermarking, Fingerprinting
- Self-modifying Code
2. Software Evaluation
- Evaluation Methodologies
- Malware Analysis
- Tools for static and dynamic software analysis
- Threat modeling, Petri nets, attack graphs
- Empirical studies
3. Industry aspects
- Protection technique tooling and tool chains
- Architectures and build process integration
- IDEs and tools for integration and deployment
- Best practices from industrial use cases
- Software protection on heterogeneous devices
Proceedings of the workshops will be available to the workshop attendees. The workshop will also have online proceedings through the ACM Digital Library, with a separate ISBN. Authors are invited to submit original papers: They must not substantially duplicate work that any of the authors have published elsewhere or have submitted in parallel to any other conferences that have proceedings. The submission of must occur through the workshop submission system (EasyChair).
Submissions must be at most 12 pages in double-column ACM format including the bibliography and well-marked appendices. Only PDF files will be accepted.
Submissions not meeting these guidelines risk rejection without consideration of their merits. Each accepted paper must be presented by an author, who will have to be registered by the early-bird registration deadline.
For informal queries about the submission contact the workshop chairs.