Volume 9 - Issue 2
On the impossibility of effectively using likely-invariants for software attestation purposes
- Alessio Viticchie
Politecnico di Torino, Dip. Automatica e Informatica, c. Duca degli Abruzzi 24, Turin, Italy
alessio.viticchie@polito.it
- Cataldo Basile
Politecnico di Torino, Dip. Automatica e Informatica, c. Duca degli Abruzzi 24, Turin, Italy
cataldo.basile@polito.it
- Fulvio Valenza
Politecnico di Torino, Dip. Automatica e Informatica, c. Duca degli Abruzzi 24, Turin, Italy, CNR-IEIIT, c. Duca degli Abruzzi 24, Turin, Italy
fulvio.valenza@polito.it
- Antonio Lioy
Politecnico di Torino, Dip. Automatica e Informatica, c. Duca degli Abruzzi 24, Turin, Italy
antonio.lioy@polito.it
Keywords: invariants monitoring, software attestation, likely-invariants, software protection
Abstract
Invariants monitoring is a software attestation technique that aims at proving the integrity of a running
application by checking likely-invariants, which are statistically significant predicates inferred
on variables’ values. Being very promising, according to the software protection literature, we developed
a technique to remotely monitor invariants. This paper presents the analysis we performed
to assess the effectiveness of our technique and the effectiveness of likely-invariants for software
attestation purposes. Moreover, it illustrates the identified limitations and our attempts to improve
the detection abilities of this technique. Our results suggest that, although further studies and future
results might increase its effectiveness and reduce the side effects, software attestation based on
likely-invariants is not yet ready for the real world. Software developers should be warned of these
limitations, if they would be tempted by adopting this technique, and companies developing software
protections should not invest in development without investing in further research too.