# How Professional Hackers Understand Protected Code while Performing   Attack Tasks

**Authors:** Mariano Ceccato, Paolo Tonella, Cataldo Basile, Bart Coppens, Bjorn De, Sutter, Paolo Falcarin, Marco Torchiano

arXiv: 1704.02774 · 2017-05-29

## TL;DR

This paper analyzes how professional hackers understand and attack protected code by examining penetration test reports, leading to a model of hacker activities and insights for stronger software protections.

## Contribution

It provides a qualitative analysis of real-world hacker activities on protected code and proposes a model of their attack process to inform better defenses.

## Key findings

- Identified main hacker activities: understanding, building attack, tool customization, defeating protections.
- Developed a model of hacker behavior during attacks.
- Suggested research directions for improving code protections.

## Abstract

Code protections aim at blocking (or at least delaying) reverse engineering and tampering attacks to critical assets within programs. Knowing the way hackers understand protected code and perform attacks is important to achieve a stronger protection of the software assets, based on realistic assumptions about the hackers' behaviour. However, building such knowledge is difficult because hackers can hardly be involved in controlled experiments and empirical studies. The FP7 European project Aspire has given the authors of this paper the unique opportunity to have access to the professional penetration testers employed by the three industrial partners. In particular, we have been able to perform a qualitative analysis of three reports of professional penetration test performed on protected industrial code. Our qualitative analysis of the reports consists of open coding, carried out by 7 annotators and resulting in 459 annotations, followed by concept extraction and model inference. We identified the main activities: understanding, building attack, choosing and customizing tools, and working around or defeating protections. We built a model of how such activities take place. We used such models to identify a set of research directions for the creation of stronger code protections.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1704.02774/full.md

## Figures

14 figures with captions in the complete paper: https://tomesphere.com/paper/1704.02774/full.md

## References

27 references — full list in the complete paper: https://tomesphere.com/paper/1704.02774/full.md

---
Source: https://tomesphere.com/paper/1704.02774