Scope of the Workshop

Software Protection techniques aim to defend the confidentiality and integrity of software applications exposed to man-at-the-end (MATE) attacks, performed by a user that shares the execution host and access privileges of the application on a computer system.

MATE attacks can take many forms – with positive and negative intentions. In a tampering attack, the user violates the integrity of the code, by modifying it in ways the software vendor didn’t intend. In a malicious reverse-engineering attack, he violates the vendor’s confidentiality rights by extracting intellectual property from the code; in a cloning attack (software piracy), he violates copyright laws by distributing illegal copies. On the other side, not all software has good intentions. Not all code executed on a machine was invited by the owner. Malicious code attempts to hide its real intentions and uses protection techniques to achieve this goal. Consequently advances in reverse engineering help to discover these bad intentions and protect the user. All of this together makes this an area of growing importance for industry.

The aim of SPRO workshop is to bring together researchers and industrial practitioners both from software protection, software analysis and the wider software engineering community to discuss software protection techniques, evaluation methodologies, and practical aspects such as tooling. The objective is to stimulate the community working in this growing area of security, and to increase the synergies between the research areas of software protection and their practical deployment.

Questions that we aim to address include

What protection techniques can be designed to protect given assets in software applications?

Which impact have innovative approaches in reverse engineering, like for example applying machine learning, on the security?

Which threats need to be considered, and how can we evaluate the robustness of protected applications with respect thereto?

How can different protection techniques be efficiently combined and what do we gain?

What can we learn from existing use cases?

How can protection techniques be efficiently tooled and integrated into a build process?

These are only a few of the many questions that practitioners face recurrently.

Desired articles should aim to address these questions. We seek articles that present new software protection and analysis techniques and novel insights into the evaluation thereof; and articles that aim to discuss industrial aspects.