Industrial Keynote

Software Protection and Reverse Engineering

Yuan Xiang Gu Irdeto Research Ottawa, Canada

yuan.gu@irdeto.com

Abstract— What’s the most important security challenge for current application systems? Un-trusted environments have become mainstream, such as consumer devices, cloud computing hosts and HTML5 environments, and security is a moving target! Digital content consumed via commodity devices is penetrating every aspect of life, along with other advanced internet-based and wireless technologies. But as the value of content and services deployed on many real-life and modern server-client delivery systems grows, so does the attraction to attackers. Modern security is facing new challenges because traditional perimeter defenses against man-in-the-middle attacks are inadequate protection against the man-at-the-end white-box attacks favored by many attackers.

Increasingly, companies rely on security technologies to protect their business model and assets, while users expect their assets to remain protected. Accordingly, security of application systems must be dynamically developed, deployed, maintained, and updated. We have no choice but to make security agile and rapidly deployable, and to employ dynamically and flexibly renewable protection technologies.

Reverse engineering (RE) has an interesting connection to software protection because RE techniques are widely used not only for developing white-box attacks but also providing support to software security assessment and evaluation. Software protection (SP) still is a young field and facing many open issues and challenges. Definitely, SP brings up new opportunities to bridge new research to RE.

In this presentation, we would like to discuss white-box attacks and vulnerability in real world and why software protection is important, introduction to software protection technology and software security lifecycle management.

Index Terms—Security, Reverse Enineering.

BIOGRAPHY Yuan Xiang Gu was the co-founder of Cloakware

Corporation and is a co-inventor of world leading edge software security and protection technology. As a chief architect, Mr. Gu is responsible for Cloakware product architectures as well as technology development and evolution. In 2007, Cloakware was acquired by Irdeto. Since then, as a senior director of Irdeto research, Mr. Gu is also leading the development of advanced software protection technology, and research collaboration with research communities worldwide. In 2010, Mr. Gu is invited being a guest professor of Northwest University in China. Mr. Gu has been invited and visited over 30 universities and research institutes in North American, Europe and Asia, and cofounded and is organizing a number of international security forums including digital asset protection association and becomes an active speaker at many international conferences and workshops to promote software security and protection. Prior to joining Cloakware, he worked as a senior scientist and architect at Nortel Networks, a visiting professor at McGill University’s School of Computer Science, Canada, and a professor in the Department of Computer Sci-ence of Northwest University of China.

xviii