I’ve just returned from the 2012 International Summer School on Information Security and Protection (ISSISP2012) held at the University of Arizona. This annual summer school brings together a mix of academic researchers and industry practitioners in the field of software protection where the main philosophy, and indeed the only viable approach available, can be summed up as “Security through Obscurity”. The goal here is to impede reverse engineering and to hide algorithms and data in the presence of disassemblers, decompilers, debuggers as well as side-channel analysis – this is the Man-at-the-End (MATE) attack. White box cryptography, I’ve learnt, is the term used to describe the protection of cryptographic primitives and keys against this kind of attack. This week I wish to highlight 3 talks/papers which I found memorable – the first 2 describe techniques to address code injection and timing side-channel attacks; the last one discusses formally verified program obfuscators.