Programs often run under strict usage conditions (e.g., license restrictions) that could be broken in case of code tampering. Possible attacks include malicious reverse engineering, tampering using static, dynamic and hybrid techniques, on standard devices as well as in labs with additional special purpose hardware equipment. ASPIRE (http://www.aspire-fp7.eu) is a European FP7 research project devoted to the elaboration of novel techniques to mitigate and prevent attacks to code integrity, to code/data confidentiality and to code lifting. This paper presents the ongoing activity to define a set of metrics aimed at quantifying the effect on code of the ASPIRE protections. The metrics have been conceived based on a measurement framework, which prescribes the identification of the relevant code features to consider and of their relationships with attacks and protections.
PDF version of the paper.