Publicité
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets
Product Lines Can Jeopardize Their Trade Secrets

Check these out next

Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit?
Tiberius Forrester
IoT Security – It’s in the Stars! 16_9 v201605241355
IoT Security – It’s in the Stars! 16_9 v201605241355
AndrewRJamieson
Se 20150507
Se 20150507
葵慶 李
20141111 tinker tuesday prototype to product
20141111 tinker tuesday prototype to product
Takeda Pharmaceuticals
Continuous Security for GitOps
Continuous Security for GitOps
Weaveworks
Getting Space Pirate Trainer* to Perform on Intel® Graphics
Getting Space Pirate Trainer* to Perform on Intel® Graphics
Intel® Software
Splunk All the Things: Our First 3 Months Monitoring Web Service APIs - Splun...
Splunk All the Things: Our First 3 Months Monitoring Web Service APIs - Splun...
Dan Cundiff
Dealing with Component Shortages That Impact Battery Packs Design
Dealing with Component Shortages That Impact Battery Packs Design
Epec Engineered Technologies
1 sur 17

Product Lines Can Jeopardize Their Trade Secrets

26 Nov 2015
Télécharger pour lire hors ligne
Sciences

What do you give for free to your competitor when you ex- hibit a product line? This paper addresses this question through several cases in which the discovery of trade secrets of a product line is possible and can lead to severe conse- quences. That is, we show that an outsider can understand the variability realization and gain either confidential busi- ness information or even some economical direct advantage. For instance, an attacker can identify hidden constraints and bypass the product line to get access to features or copy- righted data. This paper warns against possible naive mod- eling, implementation, and testing of variability leading to the existence of product lines that jeopardize their trade se- crets. Our vision is that defensive methods and techniques should be developed to protect specifically variability – or at least further complicate the task of reverse engineering it.

Guillaume Bécan
PhD student à INRIA - IRISA - University of Rennes 1
Publicité
Publicité
Publicité

Recommandé

Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskSource Code Control Limited1K vues26 diapositives
Leveraging Open Source Opportunity in the Public Sector Without the RiskLeveraging Open Source Opportunity in the Public Sector Without the Risk
Leveraging Open Source Opportunity in the Public Sector Without the RiskProtecode 995 vues26 diapositives
Develop a Killer Patent Strategy to Achieve Your End-GameDevelop a Killer Patent Strategy to Achieve Your End-Game
Develop a Killer Patent Strategy to Achieve Your End-GameMintz Levin839 vues33 diapositives
Security in open source projectsSecurity in open source projects
Security in open source projectsJose Manuel Ortega Candel466 vues79 diapositives
Software audit strategies: how often is enough? Software audit strategies: how often is enough?
Software audit strategies: how often is enough? Protecode 809 vues30 diapositives
Bai giang-se-17feb14Bai giang-se-17feb14
Bai giang-se-17feb14TRAN Khanh Dung, Khoa CNTT, Đại Học Xây Dựng871 vues18 diapositives

Contenu connexe

Similaire à Product Lines Can Jeopardize Their Trade Secrets(20)

Software Audit Strategies - How often is good enough for a software audit? Software Audit Strategies - How often is good enough for a software audit?
Software Audit Strategies - How often is good enough for a software audit?
Tiberius Forrester346 vues
IoT Security – It’s in the Stars! 16_9 v201605241355IoT Security – It’s in the Stars! 16_9 v201605241355
IoT Security – It’s in the Stars! 16_9 v201605241355
AndrewRJamieson3.2K vues
Se 20150507Se 20150507
Se 20150507
葵慶 李357 vues
20141111 tinker tuesday prototype to product20141111 tinker tuesday prototype to product
20141111 tinker tuesday prototype to product
Takeda Pharmaceuticals1.5K vues
Continuous Security for GitOpsContinuous Security for GitOps
Continuous Security for GitOps
Weaveworks656 vues
Getting Space Pirate Trainer* to Perform on Intel® GraphicsGetting Space Pirate Trainer* to Perform on Intel® Graphics
Getting Space Pirate Trainer* to Perform on Intel® Graphics
Intel® Software1.4K vues
Splunk All the Things: Our First 3 Months Monitoring Web Service APIs - Splun...Splunk All the Things: Our First 3 Months Monitoring Web Service APIs - Splun...
Splunk All the Things: Our First 3 Months Monitoring Web Service APIs - Splun...
Dan Cundiff3K vues
Dealing with Component Shortages That Impact Battery Packs DesignDealing with Component Shortages That Impact Battery Packs Design
Dealing with Component Shortages That Impact Battery Packs Design
Epec Engineered Technologies570 vues
Software Open Source in ambito industrialeSoftware Open Source in ambito industriale
Software Open Source in ambito industriale
Better Software644 vues
Powersoft19 Overview - 2013Powersoft19 Overview - 2013
Powersoft19 Overview - 2013
Huzaifa Saadat423 vues
SCM + PUF_Day 3.pptxSCM + PUF_Day 3.pptx
SCM + PUF_Day 3.pptx
nagarajan7404454 vues
Agile Network India | How to mess up a Product Backlog | Arunima ShekharAgile Network India | How to mess up a Product Backlog | Arunima Shekhar
Agile Network India | How to mess up a Product Backlog | Arunima Shekhar
AgileNetwork41 vues
Mastering FPGA Design through Debug, Adrian Hernandez, XilinxMastering FPGA Design through Debug, Adrian Hernandez, Xilinx
Mastering FPGA Design through Debug, Adrian Hernandez, Xilinx
FPGA Central2.5K vues
Agile Secure DevelopmentAgile Secure Development
Agile Secure Development
Bosnia Agile823 vues
Presentation Verification & ValidationPresentation Verification & Validation
Presentation Verification & Validation
Elmar Selbach1.1K vues
Experiencias Industriales con Programación DeclarativaExperiencias Industriales con Programación Declarativa
Experiencias Industriales con Programación Declarativa
Laura M. Castro432 vues
Open Source Software: What Are Your Obligations? Open Source Software: What Are Your Obligations?
Open Source Software: What Are Your Obligations?
Source Code Control Limited584 vues
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code Quality
Dmytro Patserkovskyi1.2K vues
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
Guidelines to Improve the Robustness of the OSGi Framework and Its Services A...
mfrancis335 vues
QA Process OverviewQA Process Overview
QA Process Overview
Deepak Rathod270 vues

Dernier(20)

MOLECULAR MARKERMOLECULAR MARKER
MOLECULAR MARKER
Needa 0 vue
Biology DiagramsBiology Diagrams
Biology Diagrams
BriannaBoggio0 vue
Cultivating Change: Collective Action for Future Water Security – Welcome and...Cultivating Change: Collective Action for Future Water Security – Welcome and...
Cultivating Change: Collective Action for Future Water Security – Welcome and...
Daugherty Water for Food Global Institute0 vue
RFLP ,RAPD ,AFLP, STS, SCAR ,SSCP & QTLRFLP ,RAPD ,AFLP, STS, SCAR ,SSCP & QTL
RFLP ,RAPD ,AFLP, STS, SCAR ,SSCP & QTL
Needa 0 vue
light part 1 (1).pptlight part 1 (1).ppt
light part 1 (1).ppt
DevikaMani30 vue
nephron-200328105815.pdfnephron-200328105815.pdf
nephron-200328105815.pdf
MuhammadSaadAli130 vue
FrictionFriction
Friction
ishaanshehrawat0 vue
PVDF_Composites.pdfPVDF_Composites.pdf
PVDF_Composites.pdf
MohamedSaadi420 vue
3. Lipids PPT,.pdf3. Lipids PPT,.pdf
3. Lipids PPT,.pdf
MuhammadSaadAli130 vue
Partnering to Promote Smallholder Irrigation in SS Africa – Supporting entrep...Partnering to Promote Smallholder Irrigation in SS Africa – Supporting entrep...
Partnering to Promote Smallholder Irrigation in SS Africa – Supporting entrep...
Daugherty Water for Food Global Institute0 vue
Irrigation-As-A-Service In East Africa – Supporting entrepreneurs in small-sc...Irrigation-As-A-Service In East Africa – Supporting entrepreneurs in small-sc...
Irrigation-As-A-Service In East Africa – Supporting entrepreneurs in small-sc...
Daugherty Water for Food Global Institute0 vue
The Vital Few and The Water Benefit Calculator – Sustainable solutions to wat...The Vital Few and The Water Benefit Calculator – Sustainable solutions to wat...
The Vital Few and The Water Benefit Calculator – Sustainable solutions to wat...
Daugherty Water for Food Global Institute0 vue
sugarcane crop improvment.pptxsugarcane crop improvment.pptx
sugarcane crop improvment.pptx
SayyedAadil10 vue
Albert EinsteinAlbert Einstein
Albert Einstein
ssuser03d3bd0 vue
linseed 1.pptxlinseed 1.pptx
linseed 1.pptx
SayyedAadil10 vue
Manage soil to manage water – Manage soil to Manage Water: Creating co-benefi...Manage soil to manage water – Manage soil to Manage Water: Creating co-benefi...
Manage soil to manage water – Manage soil to Manage Water: Creating co-benefi...
Daugherty Water for Food Global Institute0 vue
Reflection of Light (1) (1).pptxReflection of Light (1) (1).pptx
Reflection of Light (1) (1).pptx
DevikaMani30 vue
CHARACTERS AND TYPES OF RNA CHARACTERS AND TYPES OF RNA
CHARACTERS AND TYPES OF RNA
Needa 0 vue
Supporting farmer-led irrigation development in sub-Saharan Africa – Supporti...Supporting farmer-led irrigation development in sub-Saharan Africa – Supporti...
Supporting farmer-led irrigation development in sub-Saharan Africa – Supporti...
Daugherty Water for Food Global Institute0 vue
GASP XVII. HI imaging of the jellyfish galaxy JO206: gas stripping and enhanc...GASP XVII. HI imaging of the jellyfish galaxy JO206: gas stripping and enhanc...
GASP XVII. HI imaging of the jellyfish galaxy JO206: gas stripping and enhanc...
Sérgio Sacani0 vue
Publicité

Product Lines Can Jeopardize Their Trade Secrets

  1. Product Lines Can Jeopardize Their Trade Secrets Mathieu Acher, Guillaume Bécan, Benoit Combemale, Benoit Baudry and Jean-Marc Jézéquel IRISA, Inria, University of Rennes 1, France
  2. Product Lines Can Jeopardize Their Trade Secrets 2 Motivating example Configurator Final product Options
  3. Product Lines Can Jeopardize Their Trade Secrets 3 Motivating example Configurator Final product Options Different configuration Different car
  4. Product Lines Can Jeopardize Their Trade Secrets 4 Motivating example ● Customers – Activate/deactivate options ● Competitors – Understand the options and their constraints – Create a “better” product line ● Contractors – Create, change or extend options – Access software without specialized tools (e.g. for diagnostic) What if the product line is not protected?
  5. Product Lines Can Jeopardize Their Trade Secrets 5 Trade secrets are in...
  6. Product Lines Can Jeopardize Their Trade Secrets 6 Security for sofware product lines ● Software Product Lines (SPL) are everywhere ! ● Naive implementation of SPL – No security – Trade secrets become available to attackers – Need to secure implementation mechanisms ● New research domain: security for SPL ● What's different from traditional software security? – Combinatorial explosion – Restrict access or hide some options of the SPL – Hide marketing/business constraints – Open world: new and unplanned options to protect – Protect the significant effort to create an SPL
  7. Product Lines Can Jeopardize Their Trade Secrets 7 Concrete example: online video generator ● 3 steps – Enter your name – Choose your 3 favorite shows of Canal+ – Watch YOUR episode of Bref (famous humorous TV show of Canal+) ● This is a product line (French TV channel)
  8. Product Lines Can Jeopardize Their Trade Secrets 8 Online video generator Configurator Final product (Complete video) Options (Chunks of videos) random choices+ ...
  9. Product Lines Can Jeopardize Their Trade Secrets 9 Let's hack it ! ● 3 days of work ● Manual analysis of HTTP request – Videos are made of 18 sequences – For each sequence, there are several possible variants – Video variants are directly accessible ● Ask for many episodes (bash script, wget) – List possible variants for each sequence – Download all video variants ● Statistics (R script) – Detect mandatory variants – 0.1% chance of getting a special variant
  10. Product Lines Can Jeopardize Their Trade Secrets 10 Let's reengineer a configurator ! ● 2 days of work ● Complete configurator ● No random choices ● Videos are hosted on the original service
  11. Product Lines Can Jeopardize Their Trade Secrets 11 Threats ● Only one week of work ● Download all video sequences which are protected by copyright ● Re-engineer a new configurator – Kill the original idea (e.g. no random choices) – No advertising ● Find all the codes hidden in the video sequences and win the contest !
  12. Product Lines Can Jeopardize Their Trade Secrets 12 Trade secrets are in...
  13. Product Lines Can Jeopardize Their Trade Secrets 13 RD1: Protection of positive variability ● Compositional approach – Options are composed on demand – Clean modular design ● Ease the identification of options and how they can be composed ● How to secure positive variability? – Obfuscate the variability and modularity in the source code or data – Obfuscate the mapping between options and corresponding artifacts ● Challenge: develop techniques for diversifying the mapping – non intrusive for the developers – agnostic to a domain
  14. Product Lines Can Jeopardize Their Trade Secrets 14 RD2: Protection of negative variability ● Exhibit all variants and content at once ● Activate/deactivate variants depending on some conditions ● How to secure negative variability? – Improve mechanism used to remove or activate variants – Obfuscate pre-defined variants
  15. Product Lines Can Jeopardize Their Trade Secrets 15 RD3: Barriers to master configuration space ● A configuration set can also contain trade secrets ● Crawling the configuration space reveals these secrets ● A comprehensive visit offers a global view of the options and their constraints ● Challenge: develop barriers to limit the exploration of the configuration space
  16. Product Lines Can Jeopardize Their Trade Secrets 16 Conclusion ● Variability should be protected ● Usual cost/benefit tradeoff ● New research domain: security in SPL ● Cross-fertilize research results in software product line and security ● Challenge: diversify or vary variability
  17. Product Lines Can Jeopardize Their Trade Secrets 17 Questions?
Publicité