Man-at-the-End Software Protection as a Risk Analysis Process. (arXiv:2011.07269v3 [cs.SE] UPDATED)

The last years have seen an increase of Man-at-the-End (MATE) attacks against
software applications, both in number and severity. However, MATE software
protections are dominated by fuzzy concepts and techniques, with
security-through-obscurity omnipresent in the field. This paper presents a
rationale for adopting and standardizing the protection of software as a risk
management process according to the NIST SP800-39 approach. We examine the
relevant aspects of formalizing and automating the activities in this process
in the context of MATE software …

analysis end process protection risk risk analysis se software