Agenda

Speakers:
Dr Sebastian Schrittwieser, University of Vienna
Philip Konig, University of Vienna

Link Google Meet

Abstract:
Software protections such as code obfuscation and anti-tampering techniques are widely deployed to impede reverse engineering and intellectual property theft. Yet despite decades of research and practice, measuring how good a protection actually is remains an open problem. Among the relevant strenth properties, this seminar focuses on two: potency, the degree of confusion a protection adds to the code, and stealth, the extent to which protected code resists detection and remains indistinguishable from unprotected code. The seminar surveys established and recent approaches to evaluating potency and stealth, drawing from our own work at the Christian Doppler Laboratory AsTra at the University of Vienna. A substantial part is devoted to the emerging role of Large Language Models in code analysis and reverse engineering. LLMs lower the expertise barrier for attackers and show surprising capability in deobfuscation and semantic recovery. We examine what this means for metrics calibrated against human analysts or traditional tooling, and present early results on benchmarking LLM-based code analysis. The seminar closes with open questions on developing evaluation methodologies that remain meaningful in an era of AI-assisted reverse engineering.

Bio sketch:
Sebastian Schrittwieser is a senior scientist in the security and privacy research group at the University of Vienna and key researcher at SBA Research. Since 2024, he heads the Christian Doppler Laboratory for Assurance and Transparency in Software Protection. His research focuses on software protection, the security of large language models, and psychological aspects of information security. He has published in leading venues including ACM CCS, ACM KDD, NDSS, USENIX Security, ACSAC, and ACM Computing Surveys, and has served as program chair for several conferences and workshops, including ARES 2018 and ARES 2025.

Bio sketch:
Philip Konig is a PhD student in software security at the University of Vienna