Code Protection Techniques when Distributed in Source
Format: an Adobe Connect Pod Written in Javascript
Alessandro Simonetta1 , Francesco Rinaldi1
1
Department of Enterprise Engineering, University of Rome “Tor Vergata”, Via del Politecnico n.1, 00133, Rome, Italy
Abstract
The purpose of this article is to describe techniques for protecting code when distributed in source format. This situation oc-
curs when, for instance, the client component of a web application, whose source code is easily extractable from the browser
even by inexperienced users. The case study proposed uses the Adobe Connect© platform, an emerging technology in the
field of video communication, content sharing and e-learning environments, which allows to easy integration of applications
written in javascript language. The astonishing ease of realization of embedded applications within Adobe®’s ecosystem
contrasts with the impossibility of protecting the work done, which is visible and redistributable simply by copying the file
containing it. The unwary author may thus run the risk of seeing his work thwarted by losing any intellectual property
rights arising from the use of the software he has created. For this reason we have realized a form of intellectual property
protection when software is distributed in source format.
Keywords
development, coding, source code, software protection, javascript, adobe connect, copyright, API, COVID-19, Pod, intellec-
tual property
1. Introduction protection of a Pod realized in javascript on Adobe Con-
nect©1 .
Software production has evolved considerably in recent
years thanks to the advent of new technologies, innova-
tive development and deployment methodologies, such as 2. History of software protection
DevOps [1][2][3]. Monolithic applications, which are of- systems
ten obsolete, have been replaced by microservice applica-
tions with greater advantages in terms of resilience, scal- The protection of developed code is a problem that has
ability, speed of development (time-to-market and contin- always existed in the field of information technology.
uous integration & delivery) and, last but not least, sim- Source code written in compiled programming languages
plicity of release on the cloud [4][5]. The availability of (e.g. C++) is transformed into object code, directly com-
server-side microservices has made the front-end graphi- prehensible by the machine. This step makes the code
cal interfaces on the clients strongly decoupled from the unintelligible to a human being because it is coded in
rest of the code. This facilitated integration via Applica- binary. However, it is always possible to use a decompiler
tion Programming Interface (API) with the software plat- that allows you to restore it to a source form similar (but
forms of Content Management System (CMS), Customer not the same) to the original [6]. Creating an application
Relationship Management (CRM) and and Learning Man- that cannot be cracked is not an easy task. To understand
agement System (LMS). In most cases these integrations, the extent of the phenomenon, just consult the interna-
Pods or Plug-ins, are limited to the creation of a front-end tional reports [7],[8]. When it comes to protection or
application that interacts with the exposed services. In security, we know that it is almost impossible to use ab-
this context, the protection of the produced source code solute terms, but it is necessary to use relative criteria.
has become a complex issue to deal with and difficult to Indeed, what we have to do is study the motivations, the
manage. level of preparation and the financial resources of those
This article will briefly review the history of software who might be interested in compromising the protection
application protection systems. It is followed by the pro- of our software. A general criterion is to assume a higher
posed solution to protect the source code of a web ap- position than the potential positions of the other parties,
plication. Finally, a real case will be described, i.e. the because it would not make sense to spend more energy
than that. In the assessment it must be considered that
SYSTEM 2021 @ Scholar’s Yearly Symposium of Technology,
Engineering and Mathematics. July 27–29, 2021, Catania, IT the free circulation of software, even if unauthorised,
" alessandro.simonetta@gmail.com (A. Simonetta); favours its dissemination and knowledge [9][10], that
franin@gmail.com (. F. Rinaldi) which is normally paid for by investments in marketing
0000-0002-0877-7063 (A. Simonetta) campaigns. On the other hand, if a company considers
© 2021 Copyright for this paper by its authors. Use permitted under Creative
Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org) 1
https://www.adobe.com/products/adobeconnect
CEUR
http://ceur-ws.org
Workshop ISSN 1613-0073
Proceedings
32
Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39
software useful, it will certainly find it more convenient in open format (typically HTML and javascript) on the
to purchase it than to risk using it without a license. Over client [11]. The availability of the source code renders
time, various techniques have been used to protect soft- all the protection systems examined so far useless, since
ware applications, methods that have changed with the a malicious user could easily remove them.
evolution of architectures and, above all, with the advent Although a developer can always register the source
of the network that has made it possible to control li- code to be able to legally claim both authorship and
censes in real time, initially on a LAN and later on the wrongful use, none of these threats are better deterrents
Internet. than a well-designed protection system.
The first local techniques used a protection which
checks whether the license related to the hardware on
the machine where it was first installed. This required 3. The proposed solution
a double step: the generation of a key depending on the
The proposed solution considers the source code dis-
hardware factors of the machine (serial number of the
tributed on the client of a typical web application as the
hard disk, date of the ROM, MAC address of the network
target to be protected. It is based on three concentric
card, ...) at the time of installation and the verification, at
protection levels:
each execution, that the key calculated at that moment
was the same as the one registered during installation. • the basic level, it marks the GUI of the applica-
Clearly, when there was a failure of a hardware com- tion with the logo and the name of the licensee
ponent, the installation had to be repeated in order to (watermark);
restore the correct values. To overcome this problem, • the intermediate level, it makes the source code
the alternative was the availability of a token stored on unreadable and unmodifiable to a programmer
non-copyable removable media. Early systems used com- through code obfuscation techniques;
mon floppy disks, later CD-ROMs, which had defective • the server level (license manager):
sectors in some tracks of the medium. In this way, it
was not possible to duplicate the medium with the faulty – monitors the clients and decides action
tracks because the copying programs only acted on the strategies in relation to the client’s license;
data. Soon, copiers were created that were able to mark – sends the missing source code to the client;
the faulty tracks, so that the media could be reproduced – checks that the client’s code has not been
identical to the original, making it possible to use the altered and that the logo and the licensee’s
software on several machines (each with duplicate pro- name are consistent with the license.
tection media). A better protection was only introduced
The architecture of the proposed solution is shown in
later with the advent of USB memories, both because
the Fig. 1.
these hardware devices are difficult to duplicate, and
also because they are only accessible from the relevant
application. The protection provided by a USB device,
commonly called dongle, requires the use of a key at the
running location, so if there are several users using the
software at different times, they must be able to exchange
the device. It is also possible associates the license to a
person, who carries the device with him and can there-
fore use the software on different locations. Obviously,
in order to solve the difficulties caused by the use of a
dongle, it would be sufficient to purchase several user
licenses. Figure 1: The architecture of the proposed solution
With the increasing use of networks, computers were
no longer stand-alone (i.e., isolated from each other) but
they could exchange information with each other. At
this point, the token could be used by a central server 3.1. Basic level: watermarking
that had the task of controlling the installation of ap-
plications within the local network on the basis of the In order to prevent the diffusion and use of counterfeit
license purchased, distributing the privileges of use (li- copies of a product (not necessarily software), a good
cense manager). The need for protection has diversified deterrent may be to indelibly and clearly mark the prod-
in web architectures, especially in those for which is uct itself with the logos and name of the licensee. It is
sufficient to have access in terms of credentials on a re- unlikely that a professional user will use it with the name
mote server, while for copying the code, it is distributed of another licensee, also because if there were a check
33
Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39
on the software, it would be difficult to prove that the function localStorageincrement ( ) { \ \
l o c a l S t o r a g e . s e t I t e m ( ' streamL ' ,
purchase was made legally.
( parseInt ( localStorage .
Ideally, a certificate of originality should be included g e t I t e m ( ' streamL ' ) ) + 1 ) + ' ' ) ;
in the HTML file, or in the javascript source, without the localStorage .
ability to be deleted or altered, the same level of guarantee s e t I t e m ( ' w' , ' &w=n ' ) ;
that the watermark on a banknote has that ensures its }
originality [12]. On the other hand, in a source code, it After applying obfuscation techniques:
is quite easy to alter the loading of an image from an
external file or to change the name of the licensee if it function localStorageincrement ( ) {
is written in plain text as a sequence of characters. The var _0x3f436f =_0x30e3d7 ; l o c a l S t o r a g e [
' setItem ' ] ( _ 0 x 3 f 4 3 6 f ( 0 x166 ) ,
solution is to devise an encapsulation and information p a r s e I n t ( l o c a l S t o r a g e [ _ 0 x 3 f 4 3 6 f ( 0 x12e ) ]
hiding mechanism that makes the licensee’s logo and ( ' streamL ' ) ) + 0 x1 + ' ' ) , l o c a l S t o r a g e
name unreadable in the HTML file but visible to run- [ _ 0 x 3 f 4 3 6 f ( 0 x 1 7 6 ) ] ( ' w' , _ 0 x 3 f 4 3 6 f ( 0 x17b ) ) ; }
time, only after a complex calculation process. This first }
level of protection must be followed by two others, which The transformation proves the difficulty of interpretation
aim to encapsulate and protect it. We can say that it is that an attacker might have in deducing the behavior of
similar to the technique that has been used for centuries the function in question. This difficulty is amplified if the
to protect fortresses with outer walls. code is very long and, above all, if there are useless parts
to analyze. In this case the reverse engineering activity
3.2. Intermediate level: code obfuscation is long, laborious and has little chance of success.
The second level of protection is based on the technique
of source code obfuscation, a practice well known in 3.3. Server level: license manager
literature [13][14]. The third level of protection is by means of a remote
In recent years, we are witnessing machine learning server: the license manager which monitors who uses
being used in a wide variety of ways [15][16][17][18] the client, sends the parts of code that the client lacks in
thanks to the discovery of increasingly efficient imple- order to work, and checks which there are no alterations
mentations [19][20][21]. It has been shown that such to the code (e.g. substitution of the logo or name of
algorithms can also be successfully implemented in ob- the licensee). Therefore, the application that uses this
fuscation techniques [22][23]. protection system needs a connection to the Internet in
However, software obfuscation for the purpose of in- order to work. This requirement is also necessary to
tellectual property protection remains a very challenging guarantee the functionality of the application itself since
topic [24], even though it has been shown that, while it is based on web technology on an internet network.
reading a web page, it is possible to automatically de- Moreover, the same server has modifiable policies
tect the content of obfuscated javascript strings [25]. where the application usage criteria are defined. Accord-
The transformation of the code and its execution flow is ing to the policies of software diffusion and to the risk
isofunctional: the original behavior is kept unchanged. (loss of profit, illicit duplication,...) you want to assume
What changes is the complexity, which increases because in maintaining active functioning demonstrative licenses,
processes are made convoluted and variables are scat- you can decide if:
tered throughout the code. The goal is to transform a
source code and make it similar to an object code, from • the demonstration state is unlimited and used to
the point of view of comprehensibility. There are several advertise the product;
tools that perform this transformation, but there are just • the demo status remains active for a limited trial
as many that perform the reverse operation (deoffusca- period, after which if there is no connection to
tors)[26][27]. Although the final result is always far from the server, the license expires and stops working;
the original one, it is possible to insert in the source code • the product does not work if it has no connection
some useless instructions (junk code) that will never be with the server.
used and that have the purpose only to amplify the com- Whenever the client software is started, it connects
plexity. As an example, let’s see how an obfuscator acts with the server and provides information about the tasks
on a simple javascript function: it is called to perform. This conversation is necessary
for the client to have all the software necessary for its
operation.
Generally, the minimum requirement for requesting
services from a server is to be authenticated. In the ab-
sence of authentication, an attack from a not trusted
34
Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39
client can be avoided by excluding the possibility of the • the example application to start from;
cross-domain: the source code will be sent only if the • the library itself that contains the classes and
request comes from an authorized client and domain. methods to be called upon in development.
The availability of the license manager is also funda-
mental to check if the javascript file on the client still The application is assembled in a container that we will
contains the logos of the registered licensee or if some call Pod in ZIP format. The process of developing and
form of code alteration has happened. All this can be deploying an application (Fig. 2) consists of the following
easily implemented with a hashing function, so if a user steps:
should manage to penetrate the first two protection levels
• collection of functional requirements including
and change the logo in the source code, the hashing func-
the definition of the GUI;
tion will return a different value from the expected one,
• definition of the layout of the web page;
and the license manager could decide the best strategy
to implement. • identification of the API necessary for the func-
Any software application that wants to adopt the pro- tioning of the application;
posed protection solution does not need to know not • development of the application components (cus-
send personal data in the conversation from the client tom library);
to the license manager. Also because it depends on the • release of the ZIP file on the Adobe Connect©
regulations in the country where the user is located and server.
the license manager server too. In Europe such legisla-
The collection of requirements is preparatory to the de-
tion is Regulation (EU) 2016/679 (General Data Protection
sign of the human-machine interface (HTML file) and
Regulation)[28].
to identify the APIs necessary for the operation of the
application through the mechanism of callback. In this
4. Case Study way it will be possible to activate the new custom de-
veloped functions, following the events that the system
This Case Study aims to demonstrate, with a practical ex- will receive. Once the application components have been
ample, the theoretical concepts described so far. In recent created, they will be inserted in the javascript library ac-
years we have been witnessing an increase in the use of cessible by the HTML file. At this point it will be possible
video communication software especially in relation to to create the ZIP file that will contain:
the problem of the pandemic caused by the coronavirus,
SARS-CoV-2, also known as COVID-19 [29][30][31][32]. • the HTML file with the page of the developed
Similarly, new requirements have arisen encouraging the application;
distancing of people in all meeting occasions in social • the configuration file (breeze-manifest.xml) with
and work occasions [33], for example, in reserving seats the names and paths of the application compo-
in the cafeteria of a work environment or in the need to nents;
perform tasks remotely through a collaborative platform • the folder lib with the SDK and the custom li-
for meetings, training or job interviews. braries developed;
These platforms can be enriched with new functionali- • the folder css eventually added for the webpage
ties and promote new job opportunities for programmers layout settings.
who have a new space where to spread their ideas. For
this reason, we have chosen to use the Adobe Connect© To distribute the Pod it will be sufficient to load it into
communication platform for reasons of dissemination Adobe Connect© and use the product sharing mecha-
[34][35][36] but also because it allows us to write appli- nisms (e.g. virtual rooms) without the need for installa-
cations in a programming language already known and tion and configuration.
established as javascript. Below there is a simple example of using the
SDK classes available in the javascript file (con-
nect_customPodSDK.js):
4.1. The Adobe Connect platform
< s c r i p t type =" t e x t / j a v a s c r i p t " >
Adobe Connect© makes available its Software Develop- cpu =ConnectCustomSDK . S y n c C o n n e c t o r | | { } ;
ment Kit (SDK)2 that contains all the documentation and cpu . i n i t ( o n C o n f i g u r e d ,
tools useful for developers to build embedded applica- " com . adobe . c o n n e c t . b a s i c l i s t s y n c " ,
tions. The SDK consists of: " 9 . 5 . 0 0 1 " , " connectsdkhook " ) ;
• the manual for the use of the javascript-capable
Application Programming Interface (API);
2
https://console.adobe.io/servicesandapis
35
Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39
Figure 4: UML Class Diagram ConnectCustomSDK
to read the information related to the user role (Fig. 4)
and consequently to select the operational mode.
Figure 2: Pod development and deply process
v a r myUserData = cpu . g e t M y U s e r D e t a i l s ( ) ;
i f ( myUserData . d a t a . r o l e = = ' owner ' ) {
// teacher actions
4.2. The development of a protected Pod } else {
// student actions
Suppose we want to create an application that allows a
}
teacher to show, during a teaching session (meeting), a
video presentation on a streaming server available on the Once the application logic has been defined, it will be nec-
Internet. essary to link the system events to the custom javascript
methods through the callback registration. For simplicity
and without loss of generality, we will define javascript
methods that are homonyms to the Adobe Connect© API.
Communication between the teacher and the learner is
done using the APIs: dispatchSyncMessage and syncMes-
sageReceive. The first API send broadcast messages from
one participant to the others, the second API allows par-
ticipants to receive messages.
cpu . r e g i s t e r C a l l b a c k ( " U s e r J o i n e d " ,
UserJoined ) ;
/ / New u s e r j o i n s t h e room
function UserJoined ( evt ) {
/ / evt . user i s i s t a n c e of MyUserDatails
Figure 3: The UML context-scheme
var fullname = evt . user . fullname ;
/ / s e n d b r o a d c a s t t h e message
cpu . d i s p a t c h S y n c M e s s a g e ( " USERJOINED " ,
The application must have two modes of operation de- [ fullname ] ,
pending on the user who is connected (teacher or learner). false , true ) ;
The teacher must be able to choose the video to send in / / s y n c h r o n i z e s t h e v i d e o f o r new u s e r
broadcast to all students, start it and block it. The stu- checkVideoSync ( ) ;
}
dent must view the video sent by the teacher during the
teaching session. During a teaching session, a teacher may need to stop
The application sends information to the license man- the video to add a contribution relating to the video they
ager about the activities and receives the code parts and have just watched. In this case, it is useful to realize
details about the operation mode from the license man- a function that allows the video to be blocked for all
ager. In Fig. 3 is shown in UML language the context students following the lesson. This can be easily done
diagram of the application. sending a message to all learner connected:
The class MyUserDetail available in the SDK allows us
36
Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39
cpu . r e g i s t e r C a l l b a c k it. Although, it is always possible to trace the source code
( " syncMessageReceived " ,
that generates it, the source code (except in the case of
syncMessageReceived ) ;
particular programming languages) will never have the
f u n c t i o n s y n c M e s s a g e R e c e i v e d ( syncMsg ) { same readability and form as the original code. There-
i f ( syncMsg . msgNm= = ' STOPVIDEO ' ) fore, it may be more difficult to copy it and reuse it in
stopVideo ( ) ; environments other than where it was licensed.
}
In the case of open source distribution, there are vari-
In Fig. 5 it is shown how the Pod is distributed from the ous forms of licenses that the owner can choose, but it is
Adobe Connect© server to the student client worksta- not easy to block copying and use.
tions. This is done automatically with no intervention The growing use of video communication, content
required from the user connecting to the meeting. sharing and e-learning environments is encouraging the
development of embedded applications and offering new
scenarios and opportunities for work.
The Adobe Connect© communication platform encour-
ages the development of applications in the javascript
language that is already known to the developer commu-
nity.
The idea of the proposed solution shows how it is
possible to adopt a multi-layered protection solution in
order to protect the intellectual property of the developed
code when it is distributed in source format.
Although the case study is focused on an embedded
application, the proposed method remains valid in gen-
eral and can be adopted regardless of the programming
language.
Figure 5: Pod distribution to learner’s clients
6. Acknowledgments
Now let’s see how the authorised client requests from We would like to thank Luciano Fazio and Katherine L.
the license manager the javascript code it needs to func- Ryan for their careful revisions and valuable suggestions
tion. One method is to perform a GET call from the client to the text. We are also grateful to Maria Cristina Paoletti
to the server that returns the code inserted in a client’s and Emanuele Iannaccone for the stimulating discussion
HTML tag (demo in the following example). on the research articles and to the President of the UNI
CT 510 Security Commission, Fabio Guasconi, for his
interesting suggestions on security issues.
All trademarks mentioned in this article belong to their
....
\ $ ( document ) . r e a d y ( f u n c t i o n ( ) {
rightful owners, have been used for explanatory purposes
\ $ . ajax ( only, without any purpose of infringement of Copyright
{ rights in force.
u r l : " h t t p s : / / servername / i n j e c t " ,
' method ' : ' GET ' ,
' s u c c e s s ' : f u n c t i o n ( answer ) { References
document . g e t E l e m e n t B y I d ( " demo " )
. innerHTML = answer [ 0 ] . s c r i p t ; [1] P. Perera, R. Silva, I. Perera, Improve software
},
' error ' : function ( ) {
quality through practicing DevOps, 2017, pp. 1–
a l e r t ( ' s o m e t h i n g wrong ' ) ; 6. doi:10.1109/ICTER.2017.8257807.
} [2] M. Senapathi, J. Buchan, H. Osman, Devops capa-
.... bilities, practices, and challenges: Insights from
a case study, in: Proceedings of the 22nd In-
5. Conclusion ternational Conference on Evaluation and Assess-
ment in Software Engineering 2018, EASE’18, As-
The software intellectual property’s protection is a com- sociation for Computing Machinery, New York,
plex issue. When the code is distributed in the compiled NY, USA, 2018, p. 57–67. URL: https://doi.org/
form, it maintains an intrinsic basic protection due to the 10.1145/3210459.3210465. doi:10.1145/3210459.
fact that there is no visibility of the processes wired into 3210465.
37
Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39
[3] C. Napoli, G. Pappalardo, E. Tramontana, Using [14] C. K. Behera, D. L. Bhaskari, Different obfus-
modularity metrics to assist move method refactor- cation techniques for code protection, Pro-
ing of large systems, in: 2013 Seventh International cedia Computer Science 70 (2015) 757–763.
Conference on Complex, Intelligent, and Software URL: https://www.sciencedirect.com/science/
Intensive Systems, IEEE, 2013, pp. 529–534. article/pii/S1877050915032780. doi:https:
[4] S. R. Dileepkumar, J. Mathew, Optimize contin- //doi.org/10.1016/j.procs.2015.10.114,
uous integration and continuous deployment in proceedings of the 4th International Conference
azure DevOps for a controlled microsoft .NET en- on Eco-friendly Computing and Communication
vironment using different techniques and prac- Systems.
tices, IOP Conference Series: Materials Science [15] G. Capizzi, G. Lo Sciuto, C. Napoli, E. Tramon-
and Engineering 1085 (2021) 012027. URL: https: tana, A multithread nested neural network archi-
//doi.org/10.1088/1757-899x/1085/1/012027. doi:10. tecture to model surface plasmon polaritons prop-
1088/1757-899x/1085/1/012027. agation, Micromachines 7 (2016). doi:10.3390/
[5] D. Taibi, V. Lenarduzzi, C. Pahl, Continuous Ar- mi7070110.
chitecting With Microservices and DevOps: a [16] R. Avanzato, F. Beritelli, M. Russo, S. Russo, M. Vac-
Systematic Mapping Study, 2019. doi:10.1007/ caro, Yolov3-based mask and face recognition al-
978-3-030-29193-8_7. gorithm for individual protection applications, in:
[6] O. Katz, Y. Olshaker, Y. Goldberg, E. Yahav, Towards CEUR Workshop Proceedings, 2020, pp. 41–45.
neural decompilation, 2019. arXiv:1905.08325. [17] G. Capizzi, G. Lo Sciuto, C. Napoli, E. Tramontana,
[7] United States Trade Representative (USTR), M. Woźniak, A novel neural networks-based tex-
Special 301 report, 2021. URL: https: ture image processing algorithm for orange defects
//ustr.gov/sites/default/files/files/reports/2021/ classification, Int. J. Comput. Sci. Appl. 13 (2016)
2021%20Special%20301%20Report%20(final).pdf. 45–60.
[8] S. Sahni, I. Gupta, Piracy in the Digital Era: Psy- [18] C. Napoli, F. Bonanno, G. Capizzi, Exploiting
chosocial, Criminological and Cultural Factors, solar wind time series correlation with magneto-
2019. doi:10.1007/978-981-13-7173-8. spheric response by using an hybrid neuro-wavelet
[9] J. Wang, R. L. Axtell, A. Loerch, Utilizing the pos- approach, Proceedings of the International As-
itive impacts of software piracy in monopoly in- tronomical Union 6 (2010) 156–158. doi:10.1017/
dustries (2017). URL: https://dl.acm.org/doi/10.5555/ S1743921311006806, cited By 26.
3106078.3106083. [19] G. C. Cardarilli, L. D. Nunzio, R. Fazzolari, D. Gi-
[10] A. Prasad, V. Mahajan, How many pirates should ardino, A. Nannarelli, M. Re, S. Spanò, A pseudo-
a software firm tolerate? an analysis of piracy pro- softmax function for hardware-based high speed
tection on the diffusion of software, International image classification, Scientific Reports 11 (2021).
Journal of Research in Marketing 20 (2003) 337–353. doi:10.1038/s41598-021-94691-7.
doi:10.1016/j.ijresmar.2003.02.001. [20] S. Spanò, G. C. Cardarilli, L. Di Nunzio, R. Fazzo-
[11] T. Groß, T. Müller, Protecting javascript apps from lari, D. Giardino, M. Matta, A. Nannarelli, M. Re,
code analysis, in: Proceedings of the 4th Workshop An efficient hardware implementation of rein-
on Security in Highly Connected IT Systems, SHCIS forcement learning: The q-learning algorithm,
’17, Association for Computing Machinery, New IEEE Access 7 (2019) 186340–186351. doi:10.1109/
York, NY, USA, 2017, p. 1–6. URL: https://doi.org/ ACCESS.2019.2961174.
10.1145/3099012.3099018. doi:10.1145/3099012. [21] S. Russo, S. Illari, R. Avanzato, C. Napoli, Reducing
3099018. the psychological burden of isolated oncological
[12] L. Regano, D. Canavese, C. Basile, A. Lioy, Towards patients by means of decision trees, volume 2768,
optimally hiding protected assets in software ap- 2020, pp. 46–53.
plications, in: 2017 IEEE International Conference [22] M. Romanelli, K. Chatzikokolakis, C. Palamidessi,
on Software Quality, Reliability and Security (QRS), Optimal obfuscation mechanisms via machine
2017, pp. 374–385. doi:10.1109/QRS.2017.47. learning, arXiv preprint arXiv:1904.01059 (2019).
[13] S. Hosseinzadeh, S. Rauti, S. Laurén, J.-M. Mäkelä, [23] D. Canavese, L. Regano, C. Basile, A. Viticchié, Esti-
J. Holvitie, S. Hyrynsalmi, V. Leppänen, Diversi- mating software obfuscation potency with artificial
fication and obfuscation techniques for software neural networks, in: G. Livraga, C. Mitchell (Eds.),
security: A systematic literature review, Infor- Security and Trust Management, Springer Interna-
mation and Software Technology 104 (2018) 72– tional Publishing, Cham, 2017, pp. 193–202.
93. URL: https://www.sciencedirect.com/science/ [24] S. Schrittwieser, S. Katzenbeisser, J. Kinder,
article/pii/S0950584918301484. doi:https://doi. G. Merzdovnik, E. Weippl, Protecting software
org/10.1016/j.infsof.2018.07.007. through obfuscation: Can it keep pace with
38
Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39
progress in code analysis?, ACM Comput. Surv. 2020.1814680.
49 (2016). URL: https://doi.org/10.1145/2886012. [33] K. Kaspar, Motivations for social distancing
doi:10.1145/2886012. and app use as complementary measures to com-
[25] Y. Choi, T. Kim, S. Choi, C. Lee, Automatic de- bat the covid-19 pandemic: Quantitative survey
tection for javascript obfuscation attacks in web study, J Med Internet Res 22 (2020) e21613.
pages through string pattern analysis, in: Y.-h. Lee, URL: http://www.jmir.org/2020/8/e21613/. doi:10.
T.-h. Kim, W.-c. Fang, D. Ślęzak (Eds.), Future Gen- 2196/21613.
eration Information Technology, Springer Berlin [34] B. Jamalpur, Kafila, K. R. Chythanya, K. S. Ku-
Heidelberg, Berlin, Heidelberg, 2009, pp. 160–172. mar, A comprehensive overview of online
[26] Y. Fang, C. Huang, Y. Su, Y. Qiu, De- education – impact on engineering students
tecting malicious javascript code based on se- during covid-19, Materials Today: Proceed-
mantic analysis, Computers & Security 93 ings (2021). URL: https://www.sciencedirect.com/
(2020) 101764. URL: https://www.sciencedirect.com/ science/article/pii/S2214785321008464. doi:https:
science/article/pii/S0167404820300481. doi:https: //doi.org/10.1016/j.matpr.2021.01.749.
//doi.org/10.1016/j.cose.2020.101764. [35] A. A. Oloyede, N. Faruk, W. O. Raji, Covid-
[27] B. Yadegari, B. Johannesmeyer, B. Whitely, S. De- 19 lockdown and remote attendance teaching
bray, A generic approach to automatic deobfus- in developing countries: A review of some on-
cation of executable code, in: 2015 IEEE Sympo- line pedagogical resources, African Journal of
sium on Security and Privacy, 2015, pp. 674–691. Science, Technology, Innovation and Develop-
doi:10.1109/SP.2015.47. ment (2021) 1–19. URL: https://doi.org/10.1080/
[28] European Union, Regulation 2016/679 (Gen- 20421338.2021.1889768. doi:10.1080/20421338.
eral Data Protection Regulation), 2016. URL: 2021.1889768.
https://eur-lex.europa.eu/legal-content/EN/TXT/ [36] S. Caliskan, R. A. Kurbanov, R. I. Platonova, A. M.
PDF/?uri=CELEX:32016R0679. Ishmuradova, D. G. Vasbieva, I. V. Merenkova, Lec-
[29] K. A. Karl, J. V. Peluchette, N. Aghakhani, Vir- turers views of online instructors about distance
tual work meetings during the covid-19 pandemic: education and adobe connect, International Jour-
The good, bad, and ugly, Small Group Re- nal of Emerging Technologies in Learning (iJET) 15
search (2021) 10464964211015286. URL: https:// (2020) 145–157. URL: https://online-journals.org/
doi.org/10.1177/10464964211015286. doi:10.1177/ index.php/i-jet/article/view/18807.
10464964211015286.
[30] Z. R. Alashhab, M. Anbar, M. M. Singh, Y.-B.
Leau, Z. A. Al-Sai, S. Abu Alhayja’a, Impact of
coronavirus pandemic crisis on technologies and
cloud computing applications, Journal of Electronic
Science and Technology 19 (2021) 100059. URL:
https://www.sciencedirect.com/science/article/pii/
S1674862X20300665. doi:https://doi.org/10.
1016/j.jnlest.2020.100059, special Section
on In Silico Research on Microbiology and Public
Health.
[31] M. H. Nguyen, J. Gruber, J. Fuchs, W. Marler,
A. Hunsaker, E. Hargittai, Changes in digi-
tal communication during the covid-19 global
pandemic: Implications for digital inequality
and future research, Social Media + Soci-
ety 6 (2020) 2056305120948255. URL: https://
doi.org/10.1177/2056305120948255. doi:10.1177/
2056305120948255, pMID: 34192039.
[32] J. Hacker, J. vom Brocke, J. Handali, M. Otto,
J. Schneider, Virtually in this together –
how web-conferencing systems enabled a new
virtual togetherness during the covid-19 cri-
sis, European Journal of Information Systems
29 (2020) 563–584. URL: https://doi.org/10.1080/
0960085X.2020.1814680. doi:10.1080/0960085X.
39