CFP: Research on offensive and defensive techniques in the context of Man At The End (MATE) attacks

Workshop CheckMATE 2024 - 
Research on offensive and defensive techniques in the context of 
Man At The End (MATE) attacks
@ ACM CCS 2024 (Salt Lake City, USA)
https://checkmate-workshop.github.io/

* * * Call for Papers * * *

MATE (Man-At-The-End) is an attacker model where an adversary has
access to the target software and/or hardware environment of his
victim and the ability to observe and modify it in order to extract
secrets such as cryptographic keys or sensitive information, possibly
with the subsequent goal of compromising code integrity or inserting
backdoors, among others. A typical example of such a scenario is the
case of an attack on a stolen smartphone or against software
leveraging protection to offer premium content and/or features such as
paid TV channels.

The main focus of CheckMATE is on new models and techniques to defend
software from tampering, reverse engineering, and piracy as well as to
the development of new attack strategies that highlight the need of
more complete defenses. We include both offensive and defensive
techniques because of their close and intertwined relationship
depending on the attack scenario. For instance, reverse engineering is
defensive when the goal is to analyse obfuscated malware, but it is
offensive when it is used to steal intellectual property and assets in
legitimate software. Likewise, obfuscation is defensive when it aims
for protecting a legitimate asset against reverse engineering, while
it is offensive if it is used to hide that malware is embedded in an
application. Both scenarios are of practical relevance, and therefore
CheckMATE includes all attacks on/defenses of the confidentiality and
integrity of software applications and assets embedded therein and
exposed to MATE attacks. In such scenarios, attackers have full
control over, and access to the hardware and/or software they are
attacking in a controlled environment.

CheckMATE will provide a discussion forum for researchers and
industrial practitioners that are exploring theoretical definitions
and frameworks, implementing and using practical methods and empirical
studies, and those developing new tools or techniques in this unique
area of security. Workshop communities have historically provided
exchange of ideas and support for cooperative relationships among
researchers in industry, academia, and government. Indeed, one of the
objectives of CheckMATE is to stimulate the community working in this
growing area of security, and to increase the synergies between the
research areas of software protection engineering and their practical
deployment.

Strongly encouraged are proposals of new, speculative ideas, metrics,
tools, and procedures for evaluating tamper-proofing, watermarking,
obfuscation, birthmarking, and software protection algorithms in
general. Assessment of new or known techniques in practical settings
and discussions of emerging threats, and problems are
expected. Likewise, reverse engineering of low-level constructs such
as machine code or gate-level circuit definitions through static and
dynamic analysis is geared to recover information to determine the
intent of programs and understand their inner workings as well as for
classifying them with respect to similar known code (which is
typically malicious). CheckMATE welcomes original work on the formal
investigation of software protection, where formal methods are used to
better understand the nature, relations, potentialities, and limits of
software security techniques.

=== Topics can include but are not limited to ===

Software attacks and defenses techniques:

- Code Obfuscation and De-obfuscation
- Anti-Debugging and Anti-Simulation
- Software Diversity, Renewability, and Moving Target Defenses
- Data Obfuscation and White-box Cryptography
- Software Tampering and Anti-tampering , Online Software Protections
- Software Similarity, Plagiarism detection, Authorship Attribution,
    Legal aspects
- Software Licensing, Watermarking, Fingerprinting, Anti-cloning
- Software Steganography, Information Hiding and Discovery
- Open-Source tools for software protection
- Malware Analysis
- Static and Dynamic Program Analysis, Symbolic Execution
- Man-at-the-end (MATE) Attack Technologies
- Security of AI and Machine Learning in the context of MATE
- Smart Device Software Attack and Defenses
- Hardware-based Software Protection
- Formal methods for modeling security attacks and defenses

Software Security Evaluation, Decision Support and Industrial Aspects:

- Evaluation Methodologies
- Threat Modeling
- Decision Support Systems and Security Optimization
- Protection Tool Chains and Integrated Development Environments
- Protected Software Architectures and Build Process Integration
- Security Validation and Best Practices from Industry
- Software Protection on Heterogeneous Platforms (sensors, smartphones, cloud)
- Software Protection Benchmarks

=== Submission guidelines ===

- Papers must be submitted in a form suitable for anonymous review.

- Papers must describe original work, be written and presented in
  English, and must not substantially overlap with papers that have
  been published or that are simultaneously submitted to a journal or
  a conference with refereed proceedings.

- Submissions must be a PDF file in double-column ACM format (see
  https://www.acm.org/publications/proceedings-template, with a
  simpler version at https://github.com/acmccs/format).

- Submissions may not exceed 12 pages long or 6 pages for short
  papers, excluding the bibliography, well-marked appendices, and
  supplementary material. Submissions are not required to reach the
  page limit. Note that reviewers are not required to read the
  appendices or any supplementary material. Authors should not change
  the font or the margins of the ACM format. Submissions not following
  the required format may be rejected without review.

- One of the authors of the accepted paper is expected to present the
  paper in person at the workshop.

=== Important dates ===

Submission Deadline	   Jun 20, 2024
Notification Due	   Aug 8, 2024
Final Version Due	   Aug 25, 2024
CheckMATE 2024         Oct 18, 2024


Workshop website: https://checkmate-workshop.github.io/
Submission site: https://checkmate24.hotcrp.com/

Extended versions of selected papers will be invited to the Special
Issue on Offensive and Defensive Techniques in the Context of Man At
The End (MATE) Attacks of the ACM Digital Threats: Research and
Practice (DTRAP) journal.


Kind regards,
Sebastian Schrittwieser
General Chair CheckMATE 2024