This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Security Strength Measurement for Dongle-Protected Software
November/December 2007 (vol. 5 no. 6)
pp. 32-40
ASCII Text
x 
 
Ugo Piazzalunga, Paolo Salvaneschi, Francesco Balducci, Pablo Jacomuzzi, Cristiano Moroncelli, "Security Strength Measurement for Dongle-Protected Software," IEEE Security & Privacy, vol. 5, no. 6, pp. 32-40, November/December, 2007.
 
 
BibTex
x
 
@article{ 10.1109/MSP.2007.176,
author = {Ugo Piazzalunga and Paolo Salvaneschi and Francesco Balducci and Pablo Jacomuzzi and Cristiano Moroncelli},
title = {Security Strength Measurement for Dongle-Protected Software},
journal ={IEEE Security & Privacy},
volume = {5},
number = {6},
issn = {1540-7993},
year = {2007},
pages = {32-40},
doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2007.176},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - MGZN
JO - IEEE Security & Privacy
TI - Security Strength Measurement for Dongle-Protected Software
IS - 6
SN - 1540-7993
SP32
EP40
EPD - 32-40
A1 - Ugo Piazzalunga,
A1 - Paolo Salvaneschi,
A1 - Francesco Balducci,
A1 - Pablo Jacomuzzi,
A1 - Cristiano Moroncelli,
PY - 2007
KW - hacking
KW - phreaking
KW - hardware
KW - software
KW - security
VL - 5
JA - IEEE Security & Privacy
ER -
 
Ugo Piazzalunga, Eutronsec Infosecurity
Paolo Salvaneschi, University of Bergamo
Francesco Balducci, Turin Polytechnic
Pablo Jacomuzzi, Turin Polytechnic
Cristiano Moroncelli, Turin Polytechnic
Many people consider dongles to be among the strongest forms of copy protection, but how much security do they actually offer? The model presented here aims to monetize the security strength of dongle-protected software by forecasting the amount of time a hypothetical attacker would take to break it.

1. C.S. Collberg and C. Thomborson, "Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection," IEEE Trans. Software Eng., vol. 28, no. 8, 2002, pp. 735–746.
2. Worldwide Hardware Authentication Token 2004–2008 Forecast and 2003 Vendor Shares, IDC document #31432, IDC, June 2004.
3. J. Viega and G. McGraw, Building Secure Software, Addison-Wesley, 2001.
4. P. Cerven, Crackproof Your Software, No Starch Press, 2002.
5. S.E. Schechter, "Toward Econometric Models of the Security Risk from Remote Attack," IEEE Security &Privacy, vol. 3, no. 1, 2005, pp. 40–44.
6. F. Balducci, P. Jacomuzzi, and C. Moroncelli, Security Measure of Protected Software: A Methodology and an Application to Dongles, MS thesis (in Italian), Dept. of Electronics, Turin Polytechnic, 2005.
7. R. Anderson, Security Engineering, Wiley, 2001.
8. S. Ring and E. Cole, "Taking a Lesson from Stealthy Rootkits," IEEE Security &Privacy, vol. 2, no. 4, 2004, pp. 38–45.
9. M. Howard and D. LeBlanc, Writing Secure Code, Microsoft Press, 2003.
10. G. Hoglund and G. McGraw, Exploiting Software, Addison-Wesley, 2004.
11. S. Chow et al., "A White-Box DES Implementation for DRM Applications," ACM CCS-9 DRM Workshop, 2002
12. B. Schneier, "Attack Trees: Modeling Security Threats," Dr. Dobb's J., vol. 24, no. 12, 1999, pp. 21–29.
13. M. Andrews and J.A. Whittaker, How to Break Web Software, Addison-Wesley, 2006.
14. Open Web Application Security Project Foundation, "A Guide to Building Secure Web Applications and Web Services, 2.1" (DRAFT 3), Feb. 2006; www.owasp.org/index.phpCategory:OWASP_Guide_Project .
1. C. Collberg, G. Myles, and A. Huntwork, "Sandmark—A Tool for Software Protection Research," IEEE Security &Privacy, vol. 1, no. 4, 2003, pp. 40–49.
2. D.M. Nicol, "Modeling and Simulation in Security Evaluation," IEEE Security &Privacy, vol. 3, no. 5, 2005, pp. 71–74.
3. S.E. Schechter, "Toward Econometric Models of the Security Risk from Remote Attack," IEEE Security &Privacy, vol. 3, no. 1, 2005, pp. 40–44.
4. V.S. Sharma and K.S. Trivedi, "Architecture-Based Analysis of Performance, Reliability and Security of Software Systems," Proc. 5th Int'l Workshop on Software and Performance, ACM Press, 2005, pp. 217–227.
5. M. Sahinoglu, "Security Meter: A Practical Decision-Tree Model to Quantify Risk," IEEE Security &Privacy, vol. 3, no. 3, 2005, pp. 18–24.
6. S. Barnum and G. McGraw, "Knowledge for Software Security," IEEE Security &Privacy, vol. 3, no. 2, 2005, pp. 74–78.
7. J.A. Whittaker and H.H. Thompson, How to Break Software Security, Addison-Wesley, 2004.
8. F. Balducci, P. Jacomuzzi, and C. Moroncelli, Security Measure of Protected Software: A Methodology and an Application to Dongles, MS thesis (in Italian), Dept. of Electronics, Turin Polytechnic, 2005.
9. ISO/IEC 9126-1, "Information Technology—Software Product Quality—Part 1: Quality Model," 1999.
10. J. Voas, "Trusted Software's Holy Grail," Software Quality J., vol. 11 no. 1, 2003, pp. 9–17.
11. R. Bache and G. Bazzana, Software Metrics for Product Assessment, McGraw-Hill, 1994.
12. P. Clements, R. Kazman, and M. Klein, Evaluating Software Architectures: Methods and Case Studies, Addison-Wesley, 2002.

Index Terms:
hacking, phreaking, hardware, software, security
Citation:
Ugo Piazzalunga, Paolo Salvaneschi, Francesco Balducci, Pablo Jacomuzzi, Cristiano Moroncelli, "Security Strength Measurement for Dongle-Protected Software," IEEE Security & Privacy, vol. 5, no. 6, pp. 32-40, Nov.-Dec. 2007, doi:10.1109/MSP.2007.176
Usage of this product signifies your acceptance of the Terms of Use.