Code Protection Techniques when Distributed in Source Format: an Adobe Connect Pod Written in Javascript Alessandro Simonetta1 , Francesco Rinaldi1 1 Department of Enterprise Engineering, University of Rome “Tor Vergata”, Via del Politecnico n.1, 00133, Rome, Italy Abstract The purpose of this article is to describe techniques for protecting code when distributed in source format. This situation oc- curs when, for instance, the client component of a web application, whose source code is easily extractable from the browser even by inexperienced users. The case study proposed uses the Adobe Connect© platform, an emerging technology in the field of video communication, content sharing and e-learning environments, which allows to easy integration of applications written in javascript language. The astonishing ease of realization of embedded applications within Adobe®’s ecosystem contrasts with the impossibility of protecting the work done, which is visible and redistributable simply by copying the file containing it. The unwary author may thus run the risk of seeing his work thwarted by losing any intellectual property rights arising from the use of the software he has created. For this reason we have realized a form of intellectual property protection when software is distributed in source format. Keywords development, coding, source code, software protection, javascript, adobe connect, copyright, API, COVID-19, Pod, intellec- tual property 1. Introduction protection of a Pod realized in javascript on Adobe Con- nect©1 . Software production has evolved considerably in recent years thanks to the advent of new technologies, innova- tive development and deployment methodologies, such as 2. History of software protection DevOps [1][2][3]. Monolithic applications, which are of- systems ten obsolete, have been replaced by microservice applica- tions with greater advantages in terms of resilience, scal- The protection of developed code is a problem that has ability, speed of development (time-to-market and contin- always existed in the field of information technology. uous integration & delivery) and, last but not least, sim- Source code written in compiled programming languages plicity of release on the cloud [4][5]. The availability of (e.g. C++) is transformed into object code, directly com- server-side microservices has made the front-end graphi- prehensible by the machine. This step makes the code cal interfaces on the clients strongly decoupled from the unintelligible to a human being because it is coded in rest of the code. This facilitated integration via Applica- binary. However, it is always possible to use a decompiler tion Programming Interface (API) with the software plat- that allows you to restore it to a source form similar (but forms of Content Management System (CMS), Customer not the same) to the original [6]. Creating an application Relationship Management (CRM) and and Learning Man- that cannot be cracked is not an easy task. To understand agement System (LMS). In most cases these integrations, the extent of the phenomenon, just consult the interna- Pods or Plug-ins, are limited to the creation of a front-end tional reports [7],[8]. When it comes to protection or application that interacts with the exposed services. In security, we know that it is almost impossible to use ab- this context, the protection of the produced source code solute terms, but it is necessary to use relative criteria. has become a complex issue to deal with and difficult to Indeed, what we have to do is study the motivations, the manage. level of preparation and the financial resources of those This article will briefly review the history of software who might be interested in compromising the protection application protection systems. It is followed by the pro- of our software. A general criterion is to assume a higher posed solution to protect the source code of a web ap- position than the potential positions of the other parties, plication. Finally, a real case will be described, i.e. the because it would not make sense to spend more energy than that. In the assessment it must be considered that SYSTEM 2021 @ Scholar’s Yearly Symposium of Technology, Engineering and Mathematics. July 27–29, 2021, Catania, IT the free circulation of software, even if unauthorised, " alessandro.simonetta@gmail.com (A. Simonetta); favours its dissemination and knowledge [9][10], that franin@gmail.com (. F. Rinaldi) which is normally paid for by investments in marketing  0000-0002-0877-7063 (A. Simonetta) campaigns. On the other hand, if a company considers © 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) 1 https://www.adobe.com/products/adobeconnect CEUR http://ceur-ws.org Workshop ISSN 1613-0073 Proceedings 32 Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39 software useful, it will certainly find it more convenient in open format (typically HTML and javascript) on the to purchase it than to risk using it without a license. Over client [11]. The availability of the source code renders time, various techniques have been used to protect soft- all the protection systems examined so far useless, since ware applications, methods that have changed with the a malicious user could easily remove them. evolution of architectures and, above all, with the advent Although a developer can always register the source of the network that has made it possible to control li- code to be able to legally claim both authorship and censes in real time, initially on a LAN and later on the wrongful use, none of these threats are better deterrents Internet. than a well-designed protection system. The first local techniques used a protection which checks whether the license related to the hardware on the machine where it was first installed. This required 3. The proposed solution a double step: the generation of a key depending on the The proposed solution considers the source code dis- hardware factors of the machine (serial number of the tributed on the client of a typical web application as the hard disk, date of the ROM, MAC address of the network target to be protected. It is based on three concentric card, ...) at the time of installation and the verification, at protection levels: each execution, that the key calculated at that moment was the same as the one registered during installation. • the basic level, it marks the GUI of the applica- Clearly, when there was a failure of a hardware com- tion with the logo and the name of the licensee ponent, the installation had to be repeated in order to (watermark); restore the correct values. To overcome this problem, • the intermediate level, it makes the source code the alternative was the availability of a token stored on unreadable and unmodifiable to a programmer non-copyable removable media. Early systems used com- through code obfuscation techniques; mon floppy disks, later CD-ROMs, which had defective • the server level (license manager): sectors in some tracks of the medium. In this way, it was not possible to duplicate the medium with the faulty – monitors the clients and decides action tracks because the copying programs only acted on the strategies in relation to the client’s license; data. Soon, copiers were created that were able to mark – sends the missing source code to the client; the faulty tracks, so that the media could be reproduced – checks that the client’s code has not been identical to the original, making it possible to use the altered and that the logo and the licensee’s software on several machines (each with duplicate pro- name are consistent with the license. tection media). A better protection was only introduced The architecture of the proposed solution is shown in later with the advent of USB memories, both because the Fig. 1. these hardware devices are difficult to duplicate, and also because they are only accessible from the relevant application. The protection provided by a USB device, commonly called dongle, requires the use of a key at the running location, so if there are several users using the software at different times, they must be able to exchange the device. It is also possible associates the license to a person, who carries the device with him and can there- fore use the software on different locations. Obviously, in order to solve the difficulties caused by the use of a dongle, it would be sufficient to purchase several user licenses. Figure 1: The architecture of the proposed solution With the increasing use of networks, computers were no longer stand-alone (i.e., isolated from each other) but they could exchange information with each other. At this point, the token could be used by a central server 3.1. Basic level: watermarking that had the task of controlling the installation of ap- plications within the local network on the basis of the In order to prevent the diffusion and use of counterfeit license purchased, distributing the privileges of use (li- copies of a product (not necessarily software), a good cense manager). The need for protection has diversified deterrent may be to indelibly and clearly mark the prod- in web architectures, especially in those for which is uct itself with the logos and name of the licensee. It is sufficient to have access in terms of credentials on a re- unlikely that a professional user will use it with the name mote server, while for copying the code, it is distributed of another licensee, also because if there were a check 33 Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39 on the software, it would be difficult to prove that the function localStorageincrement ( ) { \ \ l o c a l S t o r a g e . s e t I t e m ( ' streamL ' , purchase was made legally. ( parseInt ( localStorage . Ideally, a certificate of originality should be included g e t I t e m ( ' streamL ' ) ) + 1 ) + ' ' ) ; in the HTML file, or in the javascript source, without the localStorage . ability to be deleted or altered, the same level of guarantee s e t I t e m ( ' w' , ' &w=n ' ) ; that the watermark on a banknote has that ensures its } originality [12]. On the other hand, in a source code, it After applying obfuscation techniques: is quite easy to alter the loading of an image from an external file or to change the name of the licensee if it function localStorageincrement ( ) { is written in plain text as a sequence of characters. The var _0x3f436f =_0x30e3d7 ; l o c a l S t o r a g e [ ' setItem ' ] ( _ 0 x 3 f 4 3 6 f ( 0 x166 ) , solution is to devise an encapsulation and information p a r s e I n t ( l o c a l S t o r a g e [ _ 0 x 3 f 4 3 6 f ( 0 x12e ) ] hiding mechanism that makes the licensee’s logo and ( ' streamL ' ) ) + 0 x1 + ' ' ) , l o c a l S t o r a g e name unreadable in the HTML file but visible to run- [ _ 0 x 3 f 4 3 6 f ( 0 x 1 7 6 ) ] ( ' w' , _ 0 x 3 f 4 3 6 f ( 0 x17b ) ) ; } time, only after a complex calculation process. This first } level of protection must be followed by two others, which The transformation proves the difficulty of interpretation aim to encapsulate and protect it. We can say that it is that an attacker might have in deducing the behavior of similar to the technique that has been used for centuries the function in question. This difficulty is amplified if the to protect fortresses with outer walls. code is very long and, above all, if there are useless parts to analyze. In this case the reverse engineering activity 3.2. Intermediate level: code obfuscation is long, laborious and has little chance of success. The second level of protection is based on the technique of source code obfuscation, a practice well known in 3.3. Server level: license manager literature [13][14]. The third level of protection is by means of a remote In recent years, we are witnessing machine learning server: the license manager which monitors who uses being used in a wide variety of ways [15][16][17][18] the client, sends the parts of code that the client lacks in thanks to the discovery of increasingly efficient imple- order to work, and checks which there are no alterations mentations [19][20][21]. It has been shown that such to the code (e.g. substitution of the logo or name of algorithms can also be successfully implemented in ob- the licensee). Therefore, the application that uses this fuscation techniques [22][23]. protection system needs a connection to the Internet in However, software obfuscation for the purpose of in- order to work. This requirement is also necessary to tellectual property protection remains a very challenging guarantee the functionality of the application itself since topic [24], even though it has been shown that, while it is based on web technology on an internet network. reading a web page, it is possible to automatically de- Moreover, the same server has modifiable policies tect the content of obfuscated javascript strings [25]. where the application usage criteria are defined. Accord- The transformation of the code and its execution flow is ing to the policies of software diffusion and to the risk isofunctional: the original behavior is kept unchanged. (loss of profit, illicit duplication,...) you want to assume What changes is the complexity, which increases because in maintaining active functioning demonstrative licenses, processes are made convoluted and variables are scat- you can decide if: tered throughout the code. The goal is to transform a source code and make it similar to an object code, from • the demonstration state is unlimited and used to the point of view of comprehensibility. There are several advertise the product; tools that perform this transformation, but there are just • the demo status remains active for a limited trial as many that perform the reverse operation (deoffusca- period, after which if there is no connection to tors)[26][27]. Although the final result is always far from the server, the license expires and stops working; the original one, it is possible to insert in the source code • the product does not work if it has no connection some useless instructions (junk code) that will never be with the server. used and that have the purpose only to amplify the com- Whenever the client software is started, it connects plexity. As an example, let’s see how an obfuscator acts with the server and provides information about the tasks on a simple javascript function: it is called to perform. This conversation is necessary for the client to have all the software necessary for its operation. Generally, the minimum requirement for requesting services from a server is to be authenticated. In the ab- sence of authentication, an attack from a not trusted 34 Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39 client can be avoided by excluding the possibility of the • the example application to start from; cross-domain: the source code will be sent only if the • the library itself that contains the classes and request comes from an authorized client and domain. methods to be called upon in development. The availability of the license manager is also funda- mental to check if the javascript file on the client still The application is assembled in a container that we will contains the logos of the registered licensee or if some call Pod in ZIP format. The process of developing and form of code alteration has happened. All this can be deploying an application (Fig. 2) consists of the following easily implemented with a hashing function, so if a user steps: should manage to penetrate the first two protection levels • collection of functional requirements including and change the logo in the source code, the hashing func- the definition of the GUI; tion will return a different value from the expected one, • definition of the layout of the web page; and the license manager could decide the best strategy to implement. • identification of the API necessary for the func- Any software application that wants to adopt the pro- tioning of the application; posed protection solution does not need to know not • development of the application components (cus- send personal data in the conversation from the client tom library); to the license manager. Also because it depends on the • release of the ZIP file on the Adobe Connect© regulations in the country where the user is located and server. the license manager server too. In Europe such legisla- The collection of requirements is preparatory to the de- tion is Regulation (EU) 2016/679 (General Data Protection sign of the human-machine interface (HTML file) and Regulation)[28]. to identify the APIs necessary for the operation of the application through the mechanism of callback. In this 4. Case Study way it will be possible to activate the new custom de- veloped functions, following the events that the system This Case Study aims to demonstrate, with a practical ex- will receive. Once the application components have been ample, the theoretical concepts described so far. In recent created, they will be inserted in the javascript library ac- years we have been witnessing an increase in the use of cessible by the HTML file. At this point it will be possible video communication software especially in relation to to create the ZIP file that will contain: the problem of the pandemic caused by the coronavirus, SARS-CoV-2, also known as COVID-19 [29][30][31][32]. • the HTML file with the page of the developed Similarly, new requirements have arisen encouraging the application; distancing of people in all meeting occasions in social • the configuration file (breeze-manifest.xml) with and work occasions [33], for example, in reserving seats the names and paths of the application compo- in the cafeteria of a work environment or in the need to nents; perform tasks remotely through a collaborative platform • the folder lib with the SDK and the custom li- for meetings, training or job interviews. braries developed; These platforms can be enriched with new functionali- • the folder css eventually added for the webpage ties and promote new job opportunities for programmers layout settings. who have a new space where to spread their ideas. For this reason, we have chosen to use the Adobe Connect© To distribute the Pod it will be sufficient to load it into communication platform for reasons of dissemination Adobe Connect© and use the product sharing mecha- [34][35][36] but also because it allows us to write appli- nisms (e.g. virtual rooms) without the need for installa- cations in a programming language already known and tion and configuration. established as javascript. Below there is a simple example of using the SDK classes available in the javascript file (con- nect_customPodSDK.js): 4.1. The Adobe Connect platform < s c r i p t type =" t e x t / j a v a s c r i p t " > Adobe Connect© makes available its Software Develop- cpu =ConnectCustomSDK . S y n c C o n n e c t o r | | { } ; ment Kit (SDK)2 that contains all the documentation and cpu . i n i t ( o n C o n f i g u r e d , tools useful for developers to build embedded applica- " com . adobe . c o n n e c t . b a s i c l i s t s y n c " , tions. The SDK consists of: " 9 . 5 . 0 0 1 " , " connectsdkhook " ) ; • the manual for the use of the javascript-capable Application Programming Interface (API); 2 https://console.adobe.io/servicesandapis 35 Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39 Figure 4: UML Class Diagram ConnectCustomSDK to read the information related to the user role (Fig. 4) and consequently to select the operational mode. Figure 2: Pod development and deply process v a r myUserData = cpu . g e t M y U s e r D e t a i l s ( ) ; i f ( myUserData . d a t a . r o l e = = ' owner ' ) { // teacher actions 4.2. The development of a protected Pod } else { // student actions Suppose we want to create an application that allows a } teacher to show, during a teaching session (meeting), a video presentation on a streaming server available on the Once the application logic has been defined, it will be nec- Internet. essary to link the system events to the custom javascript methods through the callback registration. For simplicity and without loss of generality, we will define javascript methods that are homonyms to the Adobe Connect© API. Communication between the teacher and the learner is done using the APIs: dispatchSyncMessage and syncMes- sageReceive. The first API send broadcast messages from one participant to the others, the second API allows par- ticipants to receive messages. cpu . r e g i s t e r C a l l b a c k ( " U s e r J o i n e d " , UserJoined ) ; / / New u s e r j o i n s t h e room function UserJoined ( evt ) { / / evt . user i s i s t a n c e of MyUserDatails Figure 3: The UML context-scheme var fullname = evt . user . fullname ; / / s e n d b r o a d c a s t t h e message cpu . d i s p a t c h S y n c M e s s a g e ( " USERJOINED " , The application must have two modes of operation de- [ fullname ] , pending on the user who is connected (teacher or learner). false , true ) ; The teacher must be able to choose the video to send in / / s y n c h r o n i z e s t h e v i d e o f o r new u s e r broadcast to all students, start it and block it. The stu- checkVideoSync ( ) ; } dent must view the video sent by the teacher during the teaching session. During a teaching session, a teacher may need to stop The application sends information to the license man- the video to add a contribution relating to the video they ager about the activities and receives the code parts and have just watched. In this case, it is useful to realize details about the operation mode from the license man- a function that allows the video to be blocked for all ager. In Fig. 3 is shown in UML language the context students following the lesson. This can be easily done diagram of the application. sending a message to all learner connected: The class MyUserDetail available in the SDK allows us 36 Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39 cpu . r e g i s t e r C a l l b a c k it. Although, it is always possible to trace the source code ( " syncMessageReceived " , that generates it, the source code (except in the case of syncMessageReceived ) ; particular programming languages) will never have the f u n c t i o n s y n c M e s s a g e R e c e i v e d ( syncMsg ) { same readability and form as the original code. There- i f ( syncMsg . msgNm= = ' STOPVIDEO ' ) fore, it may be more difficult to copy it and reuse it in stopVideo ( ) ; environments other than where it was licensed. } In the case of open source distribution, there are vari- In Fig. 5 it is shown how the Pod is distributed from the ous forms of licenses that the owner can choose, but it is Adobe Connect© server to the student client worksta- not easy to block copying and use. tions. This is done automatically with no intervention The growing use of video communication, content required from the user connecting to the meeting. sharing and e-learning environments is encouraging the development of embedded applications and offering new scenarios and opportunities for work. The Adobe Connect© communication platform encour- ages the development of applications in the javascript language that is already known to the developer commu- nity. The idea of the proposed solution shows how it is possible to adopt a multi-layered protection solution in order to protect the intellectual property of the developed code when it is distributed in source format. Although the case study is focused on an embedded application, the proposed method remains valid in gen- eral and can be adopted regardless of the programming language. Figure 5: Pod distribution to learner’s clients 6. Acknowledgments Now let’s see how the authorised client requests from We would like to thank Luciano Fazio and Katherine L. the license manager the javascript code it needs to func- Ryan for their careful revisions and valuable suggestions tion. One method is to perform a GET call from the client to the text. We are also grateful to Maria Cristina Paoletti to the server that returns the code inserted in a client’s and Emanuele Iannaccone for the stimulating discussion HTML tag (demo in the following example). on the research articles and to the President of the UNI CT 510 Security Commission, Fabio Guasconi, for his interesting suggestions on security issues.

All trademarks mentioned in this article belong to their .... \ $ ( document ) . r e a d y ( f u n c t i o n ( ) { rightful owners, have been used for explanatory purposes \ $ . ajax ( only, without any purpose of infringement of Copyright { rights in force. u r l : " h t t p s : / / servername / i n j e c t " , ' method ' : ' GET ' , ' s u c c e s s ' : f u n c t i o n ( answer ) { References document . g e t E l e m e n t B y I d ( " demo " ) . innerHTML = answer [ 0 ] . s c r i p t ; [1] P. Perera, R. Silva, I. Perera, Improve software }, ' error ' : function ( ) { quality through practicing DevOps, 2017, pp. 1– a l e r t ( ' s o m e t h i n g wrong ' ) ; 6. doi:10.1109/ICTER.2017.8257807. } [2] M. Senapathi, J. Buchan, H. Osman, Devops capa- .... bilities, practices, and challenges: Insights from a case study, in: Proceedings of the 22nd In- 5. Conclusion ternational Conference on Evaluation and Assess- ment in Software Engineering 2018, EASE’18, As- The software intellectual property’s protection is a com- sociation for Computing Machinery, New York, plex issue. When the code is distributed in the compiled NY, USA, 2018, p. 57–67. URL: https://doi.org/ form, it maintains an intrinsic basic protection due to the 10.1145/3210459.3210465. doi:10.1145/3210459. fact that there is no visibility of the processes wired into 3210465. 37 Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39 [3] C. Napoli, G. Pappalardo, E. Tramontana, Using [14] C. K. Behera, D. L. Bhaskari, Different obfus- modularity metrics to assist move method refactor- cation techniques for code protection, Pro- ing of large systems, in: 2013 Seventh International cedia Computer Science 70 (2015) 757–763. Conference on Complex, Intelligent, and Software URL: https://www.sciencedirect.com/science/ Intensive Systems, IEEE, 2013, pp. 529–534. article/pii/S1877050915032780. doi:https: [4] S. R. Dileepkumar, J. Mathew, Optimize contin- //doi.org/10.1016/j.procs.2015.10.114, uous integration and continuous deployment in proceedings of the 4th International Conference azure DevOps for a controlled microsoft .NET en- on Eco-friendly Computing and Communication vironment using different techniques and prac- Systems. tices, IOP Conference Series: Materials Science [15] G. Capizzi, G. Lo Sciuto, C. Napoli, E. Tramon- and Engineering 1085 (2021) 012027. URL: https: tana, A multithread nested neural network archi- //doi.org/10.1088/1757-899x/1085/1/012027. doi:10. tecture to model surface plasmon polaritons prop- 1088/1757-899x/1085/1/012027. agation, Micromachines 7 (2016). doi:10.3390/ [5] D. Taibi, V. Lenarduzzi, C. Pahl, Continuous Ar- mi7070110. chitecting With Microservices and DevOps: a [16] R. Avanzato, F. Beritelli, M. Russo, S. Russo, M. Vac- Systematic Mapping Study, 2019. doi:10.1007/ caro, Yolov3-based mask and face recognition al- 978-3-030-29193-8_7. gorithm for individual protection applications, in: [6] O. Katz, Y. Olshaker, Y. Goldberg, E. Yahav, Towards CEUR Workshop Proceedings, 2020, pp. 41–45. neural decompilation, 2019. arXiv:1905.08325. [17] G. Capizzi, G. Lo Sciuto, C. Napoli, E. Tramontana, [7] United States Trade Representative (USTR), M. Woźniak, A novel neural networks-based tex- Special 301 report, 2021. URL: https: ture image processing algorithm for orange defects //ustr.gov/sites/default/files/files/reports/2021/ classification, Int. J. Comput. Sci. Appl. 13 (2016) 2021%20Special%20301%20Report%20(final).pdf. 45–60. [8] S. Sahni, I. Gupta, Piracy in the Digital Era: Psy- [18] C. Napoli, F. Bonanno, G. Capizzi, Exploiting chosocial, Criminological and Cultural Factors, solar wind time series correlation with magneto- 2019. doi:10.1007/978-981-13-7173-8. spheric response by using an hybrid neuro-wavelet [9] J. Wang, R. L. Axtell, A. Loerch, Utilizing the pos- approach, Proceedings of the International As- itive impacts of software piracy in monopoly in- tronomical Union 6 (2010) 156–158. doi:10.1017/ dustries (2017). URL: https://dl.acm.org/doi/10.5555/ S1743921311006806, cited By 26. 3106078.3106083. [19] G. C. Cardarilli, L. D. Nunzio, R. Fazzolari, D. Gi- [10] A. Prasad, V. Mahajan, How many pirates should ardino, A. Nannarelli, M. Re, S. Spanò, A pseudo- a software firm tolerate? an analysis of piracy pro- softmax function for hardware-based high speed tection on the diffusion of software, International image classification, Scientific Reports 11 (2021). Journal of Research in Marketing 20 (2003) 337–353. doi:10.1038/s41598-021-94691-7. doi:10.1016/j.ijresmar.2003.02.001. [20] S. Spanò, G. C. Cardarilli, L. Di Nunzio, R. Fazzo- [11] T. Groß, T. Müller, Protecting javascript apps from lari, D. Giardino, M. Matta, A. Nannarelli, M. Re, code analysis, in: Proceedings of the 4th Workshop An efficient hardware implementation of rein- on Security in Highly Connected IT Systems, SHCIS forcement learning: The q-learning algorithm, ’17, Association for Computing Machinery, New IEEE Access 7 (2019) 186340–186351. doi:10.1109/ York, NY, USA, 2017, p. 1–6. URL: https://doi.org/ ACCESS.2019.2961174. 10.1145/3099012.3099018. doi:10.1145/3099012. [21] S. Russo, S. Illari, R. Avanzato, C. Napoli, Reducing 3099018. the psychological burden of isolated oncological [12] L. Regano, D. Canavese, C. Basile, A. Lioy, Towards patients by means of decision trees, volume 2768, optimally hiding protected assets in software ap- 2020, pp. 46–53. plications, in: 2017 IEEE International Conference [22] M. Romanelli, K. Chatzikokolakis, C. Palamidessi, on Software Quality, Reliability and Security (QRS), Optimal obfuscation mechanisms via machine 2017, pp. 374–385. doi:10.1109/QRS.2017.47. learning, arXiv preprint arXiv:1904.01059 (2019). [13] S. Hosseinzadeh, S. Rauti, S. Laurén, J.-M. Mäkelä, [23] D. Canavese, L. Regano, C. Basile, A. Viticchié, Esti- J. Holvitie, S. Hyrynsalmi, V. Leppänen, Diversi- mating software obfuscation potency with artificial fication and obfuscation techniques for software neural networks, in: G. Livraga, C. Mitchell (Eds.), security: A systematic literature review, Infor- Security and Trust Management, Springer Interna- mation and Software Technology 104 (2018) 72– tional Publishing, Cham, 2017, pp. 193–202. 93. URL: https://www.sciencedirect.com/science/ [24] S. Schrittwieser, S. Katzenbeisser, J. Kinder, article/pii/S0950584918301484. doi:https://doi. G. Merzdovnik, E. Weippl, Protecting software org/10.1016/j.infsof.2018.07.007. through obfuscation: Can it keep pace with 38 Alessandro Simonetta et al. CEUR Workshop Proceedings 32–39 progress in code analysis?, ACM Comput. Surv. 2020.1814680. 49 (2016). URL: https://doi.org/10.1145/2886012. [33] K. Kaspar, Motivations for social distancing doi:10.1145/2886012. and app use as complementary measures to com- [25] Y. Choi, T. Kim, S. Choi, C. Lee, Automatic de- bat the covid-19 pandemic: Quantitative survey tection for javascript obfuscation attacks in web study, J Med Internet Res 22 (2020) e21613. pages through string pattern analysis, in: Y.-h. Lee, URL: http://www.jmir.org/2020/8/e21613/. doi:10. T.-h. Kim, W.-c. Fang, D. Ślęzak (Eds.), Future Gen- 2196/21613. eration Information Technology, Springer Berlin [34] B. Jamalpur, Kafila, K. R. Chythanya, K. S. Ku- Heidelberg, Berlin, Heidelberg, 2009, pp. 160–172. mar, A comprehensive overview of online [26] Y. Fang, C. Huang, Y. Su, Y. Qiu, De- education – impact on engineering students tecting malicious javascript code based on se- during covid-19, Materials Today: Proceed- mantic analysis, Computers & Security 93 ings (2021). URL: https://www.sciencedirect.com/ (2020) 101764. URL: https://www.sciencedirect.com/ science/article/pii/S2214785321008464. doi:https: science/article/pii/S0167404820300481. doi:https: //doi.org/10.1016/j.matpr.2021.01.749. //doi.org/10.1016/j.cose.2020.101764. [35] A. A. Oloyede, N. Faruk, W. O. Raji, Covid- [27] B. Yadegari, B. Johannesmeyer, B. Whitely, S. De- 19 lockdown and remote attendance teaching bray, A generic approach to automatic deobfus- in developing countries: A review of some on- cation of executable code, in: 2015 IEEE Sympo- line pedagogical resources, African Journal of sium on Security and Privacy, 2015, pp. 674–691. Science, Technology, Innovation and Develop- doi:10.1109/SP.2015.47. ment (2021) 1–19. URL: https://doi.org/10.1080/ [28] European Union, Regulation 2016/679 (Gen- 20421338.2021.1889768. doi:10.1080/20421338. eral Data Protection Regulation), 2016. URL: 2021.1889768. https://eur-lex.europa.eu/legal-content/EN/TXT/ [36] S. Caliskan, R. A. Kurbanov, R. I. Platonova, A. M. PDF/?uri=CELEX:32016R0679. Ishmuradova, D. G. Vasbieva, I. V. Merenkova, Lec- [29] K. A. Karl, J. V. Peluchette, N. Aghakhani, Vir- turers views of online instructors about distance tual work meetings during the covid-19 pandemic: education and adobe connect, International Jour- The good, bad, and ugly, Small Group Re- nal of Emerging Technologies in Learning (iJET) 15 search (2021) 10464964211015286. URL: https:// (2020) 145–157. URL: https://online-journals.org/ doi.org/10.1177/10464964211015286. doi:10.1177/ index.php/i-jet/article/view/18807. 10464964211015286. [30] Z. R. Alashhab, M. Anbar, M. M. Singh, Y.-B. Leau, Z. A. Al-Sai, S. Abu Alhayja’a, Impact of coronavirus pandemic crisis on technologies and cloud computing applications, Journal of Electronic Science and Technology 19 (2021) 100059. URL: https://www.sciencedirect.com/science/article/pii/ S1674862X20300665. doi:https://doi.org/10. 1016/j.jnlest.2020.100059, special Section on In Silico Research on Microbiology and Public Health. [31] M. H. Nguyen, J. Gruber, J. Fuchs, W. Marler, A. Hunsaker, E. Hargittai, Changes in digi- tal communication during the covid-19 global pandemic: Implications for digital inequality and future research, Social Media + Soci- ety 6 (2020) 2056305120948255. URL: https:// doi.org/10.1177/2056305120948255. doi:10.1177/ 2056305120948255, pMID: 34192039. [32] J. Hacker, J. vom Brocke, J. Handali, M. Otto, J. Schneider, Virtually in this together – how web-conferencing systems enabled a new virtual togetherness during the covid-19 cri- sis, European Journal of Information Systems 29 (2020) 563–584. URL: https://doi.org/10.1080/ 0960085X.2020.1814680. doi:10.1080/0960085X. 39