Security Strength Measurement for Dongle-Protected Software

This article's objective is to develop a model for measuring the security strength of dongle-protected software. We believe such a measure is important because it can attach a clear, simple, and understandable monetization number to security. Dongles are USB keys or small boxes attached to the host parallel port. The copy-protected application interacts with the dongle and progresses its execution only if the dongle answers appropriately. The interaction between the software and the dongle takes place through calls to the dongle API.

[1]  Mehmet Sahinoglu,et al.  Security meter: a practical decision-tree model to quantify risk , 2005, IEEE Security & Privacy Magazine.

[2]  Paul C. van Oorschot,et al.  A White-Box DES Implementation for DRM Applications , 2002, Digital Rights Management Workshop.

[3]  David M. Nicol Modeling and Simulation in Security Evaluation , 2005, IEEE Secur. Priv..

[4]  James A. Whittaker,et al.  How to Break Software Security , 2003 .

[5]  Jeffrey M. Voas Trusted Software's Holy Grail , 2004, Software Quality Journal.

[6]  Pavol Červeň Crackproof your software : the best ways to protect your software against crackers , 2002 .

[7]  Gary McGraw,et al.  Building Secure Software : ソフトウェアセキュリティについて開発者が知っているべきこと , 2006 .

[8]  Christian S. Collberg,et al.  Sandmark--A Tool for Software Protection Research , 2003, IEEE Secur. Priv..

[9]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[10]  Gary McGraw,et al.  Knowledge for Software Security , 2005, IEEE Secur. Priv..

[11]  Rick Kazman,et al.  Evaluating Software Architectures: Methods and Case Studies , 2001 .

[12]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[13]  Kishor S. Trivedi,et al.  Architecture based analysis of performance, reliability and security of software systems , 2005, WOSP '05.

[14]  Stuart E. Schechter Toward econometric models of the security risk from remote attacks , 2005, IEEE Security & Privacy.

[15]  Eric Cole,et al.  Taking a lesson from stealthy rootkits , 2004, IEEE Security & Privacy Magazine.

[16]  Richard Bache,et al.  Software Metrics for Product Assesment , 1993 .