The CheckMATE Workshop Call for Papers

Research on offensive and defensive techniques in the context of Man At The End (MATE) attacks
The CheckMATE workshop will be co-located with the ACM Conference on Computer and Communications Security (CCS) 2022
MATE
(Man-At-The-End)
is an attacker model where an adversary has
access to the target software and/or hardware environment of his
victim and the ability to observe and modify it in order to extract
secrets such as cryptographic keys or sensitive information, possibly
with the subsequent goal of compromising code integrity or inserting
backdoors, among others. A typical example of such a scenario is the
case of an attack on a stolen smartphone or against software
leveraging protection to offer premium content and/or features such as
paid TV channels.
The main focus of CheckMATE is on new models and techniques to
defend software from tampering, reverse engineering, and piracy
as well as to the development of new attack strategies
that
highlight the need of more complete defenses. We include
both offensive
and defensive
techniques
because of their close and intertwined relationship
depending on the attack scenario. For instance, reverse engineering is
defensive when the goal is to analyse obfuscated malware, but it is
offensive when it is used to steal intellectual property and assets in
legitimate software. Likewise, obfuscation is defensive when it aims
for protecting a legitimate asset against reverse engineering, while
it is offensive if it is used to hide that malware is embedded in an
application. Both scenarios are of practical relevance, and therefore
CheckMATE includes all attacks on/defenses of the confidentiality and
integrity of software applications and assets embedded therein and
exposed to MATE attacks. In such scenarios, attackers have full
control over, and access to the hardware and/or software they are
attacking in a controlled environment.
CheckMATE will provide a discussion forum for researchers and industrial practitioners that are exploring theoretical definitions and frameworks, implementing and using practical methods and empirical studies, and those developing new tools or techniques in this unique area of security. Workshop communities have historically provided exchange of ideas and support for cooperative relationships among researchers in industry, academia, and government. Indeed, one of the objectives of CheckMATE is to stimulate the community working in this growing area of security, and to increase the synergies between the research areas of software protection engineering and their practical deployment.
Strongly
encouraged
are proposals of new, speculative ideas, metrics,
tools, and procedures for evaluating tamper-proofing, watermarking,
obfuscation, birthmarking, and software protection algorithms in
general. Assessment of new or known techniques in practical settings
and discussions of emerging threats, and problems are
expected. Likewise, reverse engineering of low-level constructs such
as machine code or gate-level circuit definitions through static and
dynamic analysis is geared to recover information to determine the
intent of programs and understand their inner workings as well as for
classifying them with respect to similar known code (which is
typically malicious). CheckMATE welcomes original work on the formal
investigation of software protection, where formal methods are used to
better understand the nature, relations, potentialities, and limits of
software security techniques.
Topics
Topics of interest include but are not limited to:
- Software attacks and defenses techniques
- Malware analysis
- Static and dynamic program analysis, symbolic execution
- Code obfuscation and de-obfuscation
- Side channel analysis
- Software attestation
- Anti-debugging and anti-simulation
- Software diversity, renewability, and moving target defenses
- Data obfuscation and white-box cryptography
- Software tampering and anti-tampering
- Online software protections
- Software similarity, plagiarism detection, authorship attribution, legal aspects
- Software licensing, watermarking, fingerprinting, anti-cloning
- Software steganography, information hiding and discovery
- Open source tools for software protection
- Man-at-the-end (MATE) attack technologies
- Security of AI and machine learning in the context of MATE
- Smart device software attacks and defenses
- Hardware-based software protection
- Formal methods for modelling security attacks and defenses
- Software security evaluation, decision support, industrial aspects
- Evaluation methodologies
- Threat modelling
- Decision support systems and security optimization
- Protection tool chains and Integrated Development Environments
- Protected software architectures and build process integration
- Security validation and best practices from industry
- Software protection on heterogeneous platforms (sensors, smartphones, cloud)
- Software protection benchmarks
Submission Guidelines
-
Papers must be submitted in a form suitable for anonymous review.
-
Papers must describe original work, be written and presented in English, and must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with refereed proceedings.
-
Submissions must be a PDF file in double-column ACM format (see https://www.acm.org/publications/proceedings-template, with a simpler version at https://github.com/acmccs/format).
-
Sumibssions may not exceed 12 pages long or 6 pages for short papers, excluding the bibliography, well-marked appendices, and supplementary material. Submissions are not required to reach the page limit. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the ACM format. Submissions not following the required format may be rejected without review.
-
One of the authors of the accepted paper is expected to present the paper in person at the workshop.
Ethical Considerations
Submissions that describe experiments on human subjects, that analyze data derived from human subjects (even anonymized data), or that otherwise may put humans at risk should:
-
Disclose whether the research received an approval or waiver from each of the authors’ institutional ethics review boards (IRB) if applicable.
-
Discuss steps taken to ensure that participants and others who might have been affected by an experiment were treated ethically and with respect.
-
If a submission deals with any kind of personal identifiable information (PII) or other kinds of sensitive data, the version of the paper submitted for review must discuss in detail the steps the authors have taken to mitigate harms to the persons identified. If a paper raises significant ethical and/or legal concerns, it might be rejected based on these concerns. The CheckMATE workshop chairs will be happy to consult with authors about how this policy applies to their submissions
Important Information and Dates:
- Paper registration deadline: August 22, 2022
- Paper submission deadline: August 29, 2022
- Submission website: https://checkmate22.hotcrp.com
© 2022 CheckMATE Workshop.