Search papers, labs, and topics across Lattice.
This paper instantiates a statistical effort modeling method to quantify the effort required for game resource localization attacks, a type of Man-At-The-End (MATE) attack. The method automates the process of building statistical models of attack effort, addressing limitations of prior empirical research. Results from two game use cases demonstrate the feasibility and utility of the approach for evaluating software protection tools.
Automating the modeling of human-in-the-loop attacks on software reveals the quantifiable impact of software protections, moving beyond limited empirical studies.
Evidence on the effectiveness of Man-At-The-End (MATE) software protections, such as code obfuscation, has mainly come from limited empirical research. Recently, however, an automatable method was proposed to obtain statistical models of the required effort to attack (protected) software. The proposed method was sketched for a number of attack strategies but not instantiated, evaluated, or validated for those that require human interaction with the attacked software. In this paper, we present a full instantiation of the method to obtain statistical effort models for game resource localisation attacks, which represent a major step towards creating game cheats, a prime example of MATE attacks. We discuss in detail all relevant aspects of our instantiation and the results obtained for two game use cases. Our results confirm the feasibility of the proposed method and its utility for decision support for users of software protection tools. These results open up a new avenue for obtaining models of the impact of software protections on reverse engineering attacks, which will scale much better than empirical research involving human participants.
