Ce diaporama a bien été signalé.

Product Lines Can Jeopardize Their Trade Secrets

0

Partager

26 nov. 2015
0 j’aime 929 vues
Prochain SlideShare
Automating the Formalization of Product Comparison Matrices
Automating the Formalization of Product Comparison Matrices
Chargement dans…3
×
1 sur 17
1 sur 17

Product Lines Can Jeopardize Their Trade Secrets

26 nov. 2015
0 j’aime 929 vues

0

Partager

Télécharger pour lire hors ligne

Sciences

What do you give for free to your competitor when you ex-
hibit a product line? This paper addresses this question
through several cases in which the discovery of trade secrets
of a product line is possible and can lead to severe conse-
quences. That is, we show that an outsider can understand
the variability realization and gain either confidential busi-
ness information or even some economical direct advantage.
For instance, an attacker can identify hidden constraints and
bypass the product line to get access to features or copy-
righted data. This paper warns against possible naive mod-
eling, implementation, and testing of variability leading to
the existence of product lines that jeopardize their trade se-
crets. Our vision is that defensive methods and techniques
should be developed to protect specifically variability – or
at least further complicate the task of reverse engineering it.

What do you give for free to your competitor when you ex-
hibit a product line? This paper addresses this question
through several cases in which the discovery of trade secrets
of a product line is possible and can lead to severe conse-
quences. That is, we show that an outsider can understand
the variability realization and gain either confidential busi-
ness information or even some economical direct advantage.
For instance, an attacker can identify hidden constraints and
bypass the product line to get access to features or copy-
righted data. This paper warns against possible naive mod-
eling, implementation, and testing of variability leading to
the existence of product lines that jeopardize their trade se-
crets. Our vision is that defensive methods and techniques
should be developed to protect specifically variability – or
at least further complicate the task of reverse engineering it.

Sciences

Suggestions

Plus De Contenu Connexe

À la une

Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
Shorter ER Wait Times
Knowledge@Wharton
Asia's Artificial Intelligence Agenda. MIT Technology Review
Alexander Jarvis
Martin Luther King's Pearl Of Wisdom!
SurveyCrest
Teaching Students with Emojis, Emoticons, & Textspeak
Shelly Sanchez Terrell
Inaugural Addresses
Booz Allen Hamilton
How to think like a startup
Loic Le Meur
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
Barry Feldman

Livres associés

Gratuit avec un essai de 14 jours de Scribd

Tout voir
Magnétisme Personnel ou Psychique: Éducation de la Pensée, développement de la Volonté, pour être Heureux, Fort, Bien Portant et réussir en tout. Hector Durville
(0/5)
Gratuit
L'univers est intelligent. L'âme existe. Mystères quantiques, multivers, intrication, synchronicité. Au-delà de la matérialité, pour une vision spirituelle du cosmos. François Aroche
(0/5)
Gratuit
Hypnotisme et Magnétisme, Somnambulisme, Suggestion et Télépathie, Influence personnelle: Cours Pratique complet Jean Filiatre
(4.5/5)
Gratuit
Force Mentale et Maîtrise de la Discipline: Renforcez votre Confiance en vous pour Débloquer votre Courage et votre Résilience ! (Comprend un Manuel Pratique en 10 Étapes et 15 Puissants Exercices) Master Today
(4.5/5)
Gratuit
Comment développer l’autodiscipline: Résiste aux tentations et atteins tes objectifs à long terme Martin Meadows
(4.5/5)
Gratuit
Ma vie et la psychanalyse Sigmund Freud
(5/5)
Gratuit
Anatomie & 100 étirements essentiels: Techniques, Bénéfices attendus, Précautions à prendre, Conseils, Tableaux de séries, Douleurs Guillermo Seijas Albir
(0/5)
Gratuit
Transformez votre vie: Utilisez le pouvoir créateur qui est en vous pour construire votre vie à l'image de ce que vous voulez qu'elle soit Laure Zanella
(4/5)
Gratuit
L'art de magnétiser Gérard Cent-Garde
(3/5)
Gratuit
Réfléchissez et devenez riche: Le grand livre de l’esprit maître Napoleon Hill
(4/5)
Gratuit
Le CODE DE DIEU: Le secret de notre passé, la promesse de notre avenir Gregg Braden
(5/5)
Gratuit
Maîtrise de Soi Hector Durville
(3/5)
Gratuit
La vie des abeilles: Prix Nobel de littérature Maurice Maeterlinck
(0/5)
Gratuit
Le coaching des émotions et de l'estime de soi Majed Chambah
(4/5)
Gratuit
Harmonisation Energétique des Lieux: Habitat et haut-lieux sacrés 2020 Jacques Largeaud
(2.5/5)
Gratuit
La pensée dirigée: Traité sur le raisonnement et les logiques Claire Wagner-Rémy
(5/5)
Gratuit

Livres audio associés

Gratuit avec un essai de 14 jours de Scribd

Tout voir
Les 5 blessures qui emp^chent d'être soi-même Bourbeau Lise
(5/5)
Gratuit
Comment se faire des amis et influencer les autres Dale Carnegie
(4.5/5)
Gratuit
La voix de l'intuition Catherine Balance
(5/5)
Gratuit
Réfléchissez et devenez riche Napoleon Hill
(5/5)
Gratuit
L'intelligence autonome du corps: Votre corps et votre principal cerveau Stéphane Drouet
(5/5)
Gratuit
La peur d'avoir peur: guide de traitement du trouble panique et de l'agoraphobie André Marchand
(0/5)
Gratuit
La Méthode Coué : La maîtrise de soi-même par l'autosuggestion consciente Émile Coué
(5/5)
Gratuit
Dark Psychology: Apprenez à influencer n’importe qui en utilisant le contrôle mental, la manipulation et la déception avec les secrets techniques de la persuasion sombre, le contrôle de l’esprit dissimulé, les jeux d’esprit, l’hypnose et le lavage de Adam Brown
(4.5/5)
Gratuit
La puissance de la pensée positive Norman Vicent Peale
(4.5/5)
Gratuit
Cessez d'être gentil, soyez vrai Thomas D'Ansembourg
(4.5/5)
Gratuit
Pensouillard le hamster Serge Marquis
(5/5)
Gratuit
La puissance de votre subconscient Joseph Murphy
(4.5/5)
Gratuit
L'amour, la haine et le cerveau: Au temps des médias sociaux, des changements climatiques, de la COVID-19 et du terrorisme. Michel Rochon
(4.5/5)
Gratuit
S'affirmer et communiquer Jean-Maris Boisvert
(5/5)
Gratuit
Les hommes viennent de mars, les femmes viennent de Ve?nus John Gray
(4.5/5)
Gratuit
Les 10 secrets du succès et de la paix intérieure Wayne W. Dyer
(5/5)
Gratuit

Product Lines Can Jeopardize Their Trade Secrets

  1. 1. Product Lines Can Jeopardize Their Trade Secrets Mathieu Acher, Guillaume Bécan, Benoit Combemale, Benoit Baudry and Jean-Marc Jézéquel IRISA, Inria, University of Rennes 1, France
  2. 2. Product Lines Can Jeopardize Their Trade Secrets 2 Motivating example Configurator Final product Options
  3. 3. Product Lines Can Jeopardize Their Trade Secrets 3 Motivating example Configurator Final product Options Different configuration Different car
  4. 4. Product Lines Can Jeopardize Their Trade Secrets 4 Motivating example ● Customers – Activate/deactivate options ● Competitors – Understand the options and their constraints – Create a “better” product line ● Contractors – Create, change or extend options – Access software without specialized tools (e.g. for diagnostic) What if the product line is not protected?
  5. 5. Product Lines Can Jeopardize Their Trade Secrets 5 Trade secrets are in...
  6. 6. Product Lines Can Jeopardize Their Trade Secrets 6 Security for sofware product lines ● Software Product Lines (SPL) are everywhere ! ● Naive implementation of SPL – No security – Trade secrets become available to attackers – Need to secure implementation mechanisms ● New research domain: security for SPL ● What's different from traditional software security? – Combinatorial explosion – Restrict access or hide some options of the SPL – Hide marketing/business constraints – Open world: new and unplanned options to protect – Protect the significant effort to create an SPL
  7. 7. Product Lines Can Jeopardize Their Trade Secrets 7 Concrete example: online video generator ● 3 steps – Enter your name – Choose your 3 favorite shows of Canal+ – Watch YOUR episode of Bref (famous humorous TV show of Canal+) ● This is a product line (French TV channel)
  8. 8. Product Lines Can Jeopardize Their Trade Secrets 8 Online video generator Configurator Final product (Complete video) Options (Chunks of videos) random choices+ ...
  9. 9. Product Lines Can Jeopardize Their Trade Secrets 9 Let's hack it ! ● 3 days of work ● Manual analysis of HTTP request – Videos are made of 18 sequences – For each sequence, there are several possible variants – Video variants are directly accessible ● Ask for many episodes (bash script, wget) – List possible variants for each sequence – Download all video variants ● Statistics (R script) – Detect mandatory variants – 0.1% chance of getting a special variant
  10. 10. Product Lines Can Jeopardize Their Trade Secrets 10 Let's reengineer a configurator ! ● 2 days of work ● Complete configurator ● No random choices ● Videos are hosted on the original service
  11. 11. Product Lines Can Jeopardize Their Trade Secrets 11 Threats ● Only one week of work ● Download all video sequences which are protected by copyright ● Re-engineer a new configurator – Kill the original idea (e.g. no random choices) – No advertising ● Find all the codes hidden in the video sequences and win the contest !
  12. 12. Product Lines Can Jeopardize Their Trade Secrets 12 Trade secrets are in...
  13. 13. Product Lines Can Jeopardize Their Trade Secrets 13 RD1: Protection of positive variability ● Compositional approach – Options are composed on demand – Clean modular design ● Ease the identification of options and how they can be composed ● How to secure positive variability? – Obfuscate the variability and modularity in the source code or data – Obfuscate the mapping between options and corresponding artifacts ● Challenge: develop techniques for diversifying the mapping – non intrusive for the developers – agnostic to a domain
  14. 14. Product Lines Can Jeopardize Their Trade Secrets 14 RD2: Protection of negative variability ● Exhibit all variants and content at once ● Activate/deactivate variants depending on some conditions ● How to secure negative variability? – Improve mechanism used to remove or activate variants – Obfuscate pre-defined variants
  15. 15. Product Lines Can Jeopardize Their Trade Secrets 15 RD3: Barriers to master configuration space ● A configuration set can also contain trade secrets ● Crawling the configuration space reveals these secrets ● A comprehensive visit offers a global view of the options and their constraints ● Challenge: develop barriers to limit the exploration of the configuration space
  16. 16. Product Lines Can Jeopardize Their Trade Secrets 16 Conclusion ● Variability should be protected ● Usual cost/benefit tradeoff ● New research domain: security in SPL ● Cross-fertilize research results in software product line and security ● Challenge: diversify or vary variability
  17. 17. Product Lines Can Jeopardize Their Trade Secrets 17 Questions?

×