Code Protection and Robustness

Augustin Farrugia, Apple

A talk about securing the iTunes client.

The concept of security is a trade-off from what you can accomplish and what your cyberspace allows you to implement. In the nutshell, the security system protects the assets and it is defined by the requirements of a lot of players (1) the asset owner(s); (2) the geopolitics; (3) the regulation; and (4) other relevant and irrelevant features. Any security system cost can be quantified and the cost represents the number of lines for the application versus these implemented for the security. Usually, the smart card hits 55% of the application code, while 45% for the security; the remains 5% are the code liaison. The repartition of the resources relies on a secure hardware and it does not include any addition features to opaque the runtime and static analysis. It is no longer the case when the application runs on an open system where it common knowledge that the code can be reverse engineered for static attacks.

26 January (Thursday) at 1630 hrs

Gates 4B (opposite 490) TBD