CheckMATE 2025 : Research on offensive and defensive techniques in the context of Man At The End (MATE) attacks @ ACM CCS 2025

Submission site: https://checkmate25.hotcrp.com/

This year's CheckMATE welcomes two kinds of submissions:
- Original works that do not substantially overlap with previously published papers.
- Replays of already published works that align with the workshop's main topics.

MATE (Man-At-The-End) is an attacker model where an adversary has access to the target software and/or hardware environment of his victim and the ability to observe and modify it in order to extract secrets such as cryptographic keys or sensitive information, possibly with the subsequent goal of compromising code integrity or inserting backdoors, among others. A typical example of such a scenario is the case of an attack on a stolen smartphone or against software leveraging protection to offer premium content and/or features such as paid TV channels.

The main focus of CheckMATE is on new models and techniques to defend software from tampering, reverse engineering, and piracy as well as to the development of new attack strategies that highlight the need of more complete defenses. We include both offensive and defensive techniques because of their close and intertwined relationship depending on the attack scenario. For instance, reverse engineering is defensive when the goal is to analyse obfuscated malware, but it is offensive when it is used to steal intellectual property and assets in legitimate software. Likewise, obfuscation is defensive when it aims for protecting a legitimate asset against reverse engineering, while it is offensive if it is used to hide that malware is embedded in an application. Both scenarios are of practical relevance, and therefore CheckMATE includes all attacks on/defenses of the confidentiality and integrity of software applications and assets embedded therein and exposed to MATE attacks. In such scenarios, attackers have full control over, and access to the hardware and/or software they are attacking in a controlled environment.

CheckMATE will provide a discussion forum for researchers and industrial practitioners that are exploring theoretical definitions and frameworks, implementing and using practical methods and empirical studies, and those developing new tools or techniques in this unique area of security. Workshop communities have historically provided exchange of ideas and support for cooperative relationships among researchers in industry, academia, and government. Indeed, one of the objectives of CheckMATE is to stimulate the community working in this growing area of security, and to increase the synergies between the research areas of software protection engineering and their practical deployment.

Strongly encouraged are proposals of new, speculative ideas, metrics, tools, and procedures for evaluating tamper-proofing, watermarking, obfuscation, birthmarking, and software protection algorithms in general. Assessment of new or known techniques in practical settings and discussions of emerging threats, and problems are expected. Likewise, reverse engineering of low-level constructs such as machine code or gate-level circuit definitions through static and dynamic analysis is geared to recover information to determine the intent of programs and understand their inner workings as well as for classifying them with respect to similar known code (which is typically malicious). CheckMATE welcomes original work on the formal investigation of software protection, where formal methods are used to better understand the nature, relations, potentialities, and limits of software security techniques.

Topics can include but are not limited to:

- Software attacks and defenses techniques:
- Code Obfuscation and De-obfuscation
- Anti-Debugging and Anti-Simulation
- Software Diversity, Renewability, and Moving Target Defenses
- Data Obfuscation and White-box Cryptography
- Software Tampering and Anti-tampering , Online Software Protections
- Software Similarity, Plagiarism detection, Authorship Attribution, Legal aspects
- Software Licensing, Watermarking, Fingerprinting, Anti-cloning
- Software Steganography, Information Hiding and Discovery
- Open-Source tools for software protection
- Malware Analysis
- Static and Dynamic Program Analysis, Symbolic Execution
- Man-at-the-end (MATE) Attack Technologies
- Security of AI and Machine Learning in the context of MATE
- Smart Device Software Attack and Defenses
- Hardware-based Software Protection
- Formal methods for modeling security attacks and defenses


Software Security Evaluation, Decision Support and Industrial Aspects:
- Evaluation Methodologies
- Threat Modeling
- Decision Support Systems and Security Optimization
- Protection Tool Chains and Integrated Development Environments
- Protected Software Architectures and Build Process Integration
- Security Validation and Best Practices from Industry
- Software Protection on Heterogeneous Platforms (sensors, smartphones, cloud)
- Software Protection Benchmarks

Submission Guidelines
- Submissions must be written and presented in English, and follow double-column ACM Conference Format (see https://www.acm.org/publications/proceedings-template, with a simpler version at https://github.com/acmccs/format).
- Research papers describing original work must not substantially overlap with papers that have been published or that are simultaneously submitted to a journal or a conference with refereed proceedings. Submissions must be at most 8 pages, excluding bibliography, well-marked appendices, and supplementary material and must be anonymized. Note that reviewers are not required to read the appendices or any supplementary material. Authors should not change the font or the margins of the ACM format. Submissions not following the required format may be rejected without review.
- Replays of already published work must be submitted as a 2-page abstract, along with a copy of the original published PDF. Replays will not be reviewed anonymously.
- One of the authors of the accepted paper is expected to present the paper in person at the workshop.

One of the authors of each accepted paper is expected to present the paper at the workshop.

Proceedings & Journal Special Issue
- As in prior years, the accepted research papers will be published as part of CheckMATE 2025 proceedings (opt out is possible).
- Selected contributions will be invited to submit an extended version to a special journal issue, to be announced later.