The goal of this lab is to teach students how to protect software applications against so called Man-At-The-End (MATE) attackers. MATE attackers control the system on which the application is running and their goals include but are not limited to: reverse engineering a proprietary algorithm, bypassing license checks or extracting secret keys. MATE attackers have capabilities that exceed those of remote attackers, e.g. MATE attackers can perform step-by-step debugging of the application and modify its code and/or memory values during execution without exploiting any vulnerability. The course will focus on native applications in written in C/C++ since MATE attacks are often performed at binary level. In order to defend against MATE attackers we will present tools and techniques for software protection. We will cover an array of techniques employed in state-of-the-art software protection such as: obfuscation, tamper-proofing, watermarking, anti-disassembly, anti-decompiling, anti-debugging, etc. This lab will be accompanied by hands-on project that will span over the entire duration of the semester.
New WiSe 2016/17 practical course: Secure Coding