Skip to main content

Evaluating Defensive Countermeasures for Software-Based Hardware Abstraction

  • Conference paper
  • First Online:
E-Business and Telecommunications (ICETE 2021)

Abstract

Protecting software from illegal reverse engineering and malicious hackers is often remedied through either legal or technical means. In the technical domain, software obfuscation provides less than perfect protection against such attacks since there is no perfect obfuscator for all classes of programs. However, semantic preserving transformations can attempt to make the cost of attacks prohibitive in either time or resources. Software-based hardware abstraction (SBHA) is a novel approach that transforms traditional software code segments into a digital logic form and thus virtualizes code into a hardware abstraction. SBHA can be used to protect embedded secrets in programs that are used to guard intellectual property (IP). Secrets such as passwords, PINs, and activation codes authorize legitimate end-users to install or activate software for use and are validated typically through point functions that check for the single unique input that is expected. In this study we extend initial analysis of SBHA against state-of-the-art dynamic symbolic execution (DSE) attacks in recovering embedded program secrets and consider the limits of an attacker that recovers the logic circuit netlist from an SBHA-protected program. We pose four approaches for hardened SBHA configurations and evaluate their effectiveness using typical analysis tools that cover synthesis, binary decision diagram recovery, and symbolic analysis. We show that such attacks can be mitigated by these countermeasures outright and discuss the trade-off in size and overhead relative to the relatively low-cost of SBHA point-functions stand alone. We conclude that for single use operations such as point function checks, the overhead is large but the execution runtime delta is negligible.

This work was partly funded by a grant of high-performance computing resources and technical support from the Alabama Supercomputer Authority and by the National Science Foundation awards 1811560 and 1811578 in the NSF 17–576 Secure and Trustworthy Cyberspace (SaTC) program.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://soc.southalabama.edu/~mcdonald/SBHA/.

  2. 2.

    http://soc.southalabama.edu/~mcdonald/SECRYPT_SBHA_TechReport.pdf.

  3. 3.

    https://bitbucket.org/vahidi/jdd/src/master/.

  4. 4.

    https://github.com/Z3Prover.

  5. 5.

    https://people.eecs.berkeley.edu/~alanmi/abc/.

  6. 6.

    https://homes.esat.kuleuven.be/~nsmart/MPC/.

References

  1. Abrar, S.S., Jenihhin, M., Raik, J.: Extensible open-source framework for translating RTL VHDL IP cores to SystemC. In: IEEE DDECS (2013)

    Google Scholar 

  2. Akhunzada, A., Sookhak, M., Anuar, N.B., et al.: Man-at-the-end attacks: analysis, taxonomy, human aspects, motivation and future directions. J. Netw. Comput. Appl. 48, 44–57 (2015). https://doi.org/10.1016/j.jnca.2014.10.009

    Article  Google Scholar 

  3. Anand, S., Păsăreanu, C.S., Visser, W.: Symbolic execution with abstraction. Int. J. Softw. Tools Technol. Transf. 11(1) (2009). https://doi.org/10.1007/s10009-008-0090-1

  4. Averbuch, A., Kiperberg, M., Zaidenberg, N.J.: An efficient VM-based software protection. In: 2011 5th International Conference on Network and System Security, pp. 121–128, September 2011. https://doi.org/10.1109/ICNSS.2011.6059968

  5. Balakrishnan, G., Reps, T.W.: WYSINWYX: what you see is not what you execute. ACM Trans. Program. Lang. Syst. 32(6) (2010). https://doi.org/10.1145/1749608.1749612

  6. Banescu, S., Collberg, C., Ganesh, V., Newsham, Z., Pretschner, A.: Code obfuscation against symbolic execution attacks. In: ACSAC’16 (2016). https://doi.org/10.1145/2991079.2991114

  7. Banescu, S., Collberg, C., Pretschner, A.: Predicting the resilience of obfuscated code against symbolic execution attacks via machine learning. In: USENIX SEC’17 (2017). http://dl.acm.org/citation.cfm?id=3241189.3241241

  8. Banescu, S., Ochoa, M., Pretschner, A.: A framework for measuring software obfuscation resilience against automated attacks. In: SPRO’15 (2015). http://dl.acm.org/citation.cfm?id=2821429.2821442

  9. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2) (2012). https://doi.org/10.1145/2160158.2160159

  10. Bardin, S., David, R., Marion, J.: Backward-bounded DSE: targeting infeasibility questions on obfuscated codes. In: S &P ’17, May 2017. https://doi.org/10.1109/SP.2017.36

  11. Basile, C., Canavese, D., Regano, L., Falcarin, P., Sutter, B.D.: A meta-model for software protections and reverse engineering attacks. J. Syst. Softw. 150 (2019). https://doi.org/10.1016/j.jss.2018.12.025

  12. Beyer, D., Stahlbauer, A.: BDD-based software verification. Int. J. Softw. Tools Technol. Transf. 16(5), 507–518 (2014). https://doi.org/10.1007/s10009-014-0334-1

    Article  Google Scholar 

  13. Biondi, F., Josse, S., Legay, A., Sirvent, T.: Effectiveness of synthesis in concolic deobfuscation. Comput. Secur. 70 (2017). https://doi.org/10.1016/j.cose.2017.07.006

  14. Black, D.C., Donovan, J., Bunton, B., Keist, A.: SystemC: From the Ground Up, 2nd edn. Springer, New York (2009). https://doi.org/10.1007/978-0-387-69958-5

    Book  Google Scholar 

  15. Bruni, R., Giacobazzi, R., Gori, R.: Code obfuscation against abstract model checking attacks. In: VMCAI 2018. LNCS, vol. 10747, pp. 94–115. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-73721-8_5

    Chapter  MATH  Google Scholar 

  16. Bryant: Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. C-35(8) (1986). https://doi.org/10.1109/TC.1986.1676819

  17. Bryant, R.E.: On the complexity of vlsi implementations and graph representations of boolean functions with application to integer multiplication. IEEE Trans. Comput. 40(2) (1991). https://doi.org/10.1109/12.73590

  18. BSA Foundation: BSA Global Software Survey: Software management: Security imperative, business opportunity, June 2018. https://gss.bsa.org/wp-content/uploads/2018/05/2018_BSA_GSS_Report_en.pdf. Accessed 01 June 2021

  19. Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2) (2013). https://doi.org/10.1145/2408776.2408795

  20. Ceccato, M., et al.: How professional hackers understand protected code while performing attack tasks. In: ICPC’17 (2017). https://doi.org/10.1109/ICPC.2017.2

  21. Cheng, X., Lin, Y., Gao, D., Jia, C.: DynOpVm: VM-based software obfuscation with dynamic opcode mapping. In: Applied Cryptography and Network Security (2019)

    Google Scholar 

  22. Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical report, Univ. of Auckland (1997)

    Google Scholar 

  23. Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection. IEEE Trans. Softw. Eng. 28(8) (2002). https://doi.org/10.1109/TSE.2002.1027797

  24. Collberg, C., Davidson, J., Giacobazzi, R., Gu, Y.X., Herzberg, A., Wang, F.Y.: Toward digital asset protection. IEEE Intell. Syst. 26(6) (2011). https://doi.org/10.1109/MIS.2011.106

  25. Collberg, C., Nagra, J.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley Professional (2009)

    Google Scholar 

  26. Coogan, K., Lu, G., Debray, S.: Deobfuscation of virtualization-obfuscated software: a semantics-based approach. In: CCS’11 (2011). https://doi.org/10.1145/2046707.2046739

  27. De Micheli, G.: Synthesis and Optimization of Digital Circuits. McGraw-Hill Higher Education (1994)

    Google Scholar 

  28. Demmler, D., Schneider, T., Zohner, M.: Aby - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)

    Google Scholar 

  29. Evans, D., Kolesnikov, V., Rosulek, M.: A pragmatic introduction to secure multi-party computation. Found. Trends Privacy Secur. 2(2–3), 70–246 (2018). https://doi.org/10.1561/3300000019

    Article  Google Scholar 

  30. Eyrolles, N., Goubin, L., Videau, M.: Defeating MBA-based obfuscation. In: SPRO’16 (2016). https://doi.org/10.1145/2995306.2995308

  31. Fang, D., Gao, L., Tang, Z., Chen, X.: A software protection framework based on thin virtual machine using distorted encryption. In: 2011 International Conference on Network Computing and Information Security, vol. 1, pp. 266–271, May 2011. https://doi.org/10.1109/NCIS.2011.60

  32. Hansen, M.C., Yalcin, H., Hayes, J.P.: Unveiling the ISCAS-85 benchmarks: a case study in reverse engineering. IEEE Des. Test 16(3) (1999). https://doi.org/10.1109/54.785838

  33. Holder, W., McDonald, J.T., Andel, T.R.: Evaluating optimal phase ordering in obfuscation executives. In: 7th SSPREW (2017). https://doi.org/10.1145/3151137.3151140

  34. Kuznetsov, V., Kinder, J., Bucur, S., Candea, G.: Efficient state merging in symbolic execution. In: PLDI’12 (2012). https://doi.org/10.1145/2254064.2254088

  35. Lan, P., Wang, P., Wang, S., Wu, D.: Lambda obfuscation. In: SecureComm’17 (2018)

    Google Scholar 

  36. Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay–a secure two-party computation system. In: Proceedings of the 13th Conference on USENIX Security Symposium. SSYM’04, vol. 13. p. 20. USENIX Association, Berkeley, CA, USA (2004). http://dl.acm.org/citation.cfm?id=1251375.1251395

  37. Manikyam, R., McDonald, J.T., Mahoney, W.R., Andel, T.R., Russ, S.H.: Comparing the effectiveness of commercial obfuscators against mate attacks. In: SSPREW’16 (2016). https://doi.org/10.1145/3015135.3015143

  38. McDonald, J., Kim, Y., Grimaila, M.: Protecting reprogrammable hardware with polymorphic circuit variation. In: Proceedings of the 2nd Cyberspace Research Workshop (2009)

    Google Scholar 

  39. McDonald, J., Manikyam, R., Bardin, S., Bonichon, R., Andel, T.R.: Program protection through software-based hardware abstraction. In: SECRYPT (2021). https://doi.org/10.5220/0010557502470258

  40. Ollivier, M., Bardin, S., Bonichon, R., Marion, J.Y.: How to kill symbolic deobfuscation for free (or: unleashing the potential of path-oriented protections). In: ACSAC’19 (2019). https://doi.org/10.1145/3359789.3359812

  41. Ollivier, M., Bardin, S., Bonichon, R., Marion, J.: Obfuscation: where are we in anti-DSE protections (a first attempt). In: SSPREW ’19 (2019)

    Google Scholar 

  42. Rival, X., Yi, K.: Introduction to Static Analysis: An Abstract Interpretation Perspective. The MIT Press (2020)

    Google Scholar 

  43. Salwan, J., Bardin, S., Potet, M.L.: Symbolic deobfuscation: from virtualized code back to the original. In: DIMVA’18 (2018)

    Google Scholar 

  44. Schleimer, S., Wilkerson, D.S., Aiken, A.: Winnowing: local algorithms for document fingerprinting. In: ICMD’03 (2003). https://doi.org/10.1145/872757.872770

  45. Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., Weippl, E.: Protecting software through obfuscation: can it keep pace with progress in code analysis? ACM Comput. Surv. 49(1) (2016). https://doi.org/10.1145/2886012

  46. Subramanyan, P., Ray, S., Malik, S.: Evaluating the security of logic encryption algorithms. In: HOST’15, May 2015. https://doi.org/10.1109/HST.2015.7140252

  47. Thales Group: Software protection & licensing solutions (2022). https://cpl.thalesgroup.com/software-monetization/software-protection-licensing. Accessed 01 June 2022

  48. Vahid, F.: It’s time to stop calling circuits “hardware”. Computer 40(9) (2007). https://doi.org/10.1109/MC.2007.322

  49. Vahid, F.: What is hardware/software partitioning? SIGDA Newsl. 39(6), 1–1 (2009). https://doi.org/10.1145/1862900.1862901

    Article  Google Scholar 

  50. Wang, H., Fang, D., Li, G., Yin, X., Zhang, B., Gu, Y.: Nislvmp: improved virtual machine-based software protection. In: Proceedings of the 2013 Ninth International Conference on Computational Intelligence and Security. CIS ’13, pp. 479–483. Washington, DC, USA (2013). https://doi.org/10.1109/CIS.2013.107

  51. Wang, X., Ranellucci, S., Katz, J.: Authenticated garbling and efficient maliciously secure two-party computation. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS ’17, pp. 21–37. New York, NY, USA (2017). https://doi.org/10.1145/3133956.3134053

  52. Wirth, N.: Hardware compilation: translating programs into circuits. Computer 31(6), 25–31 (1998). https://doi.org/10.1109/2.683004

    Article  Google Scholar 

  53. Wirth, N.: From Programming Language Design to Computer Construction, p. 1984. Association for Computing Machinery, New York, NY, USA (2007). https://doi.org/10.1145/1283920.1283941

  54. Woelfel, P.: Bounds on the OBDD-size of integer multiplication via universal hashing. J. Comput. Syst. Sci. 71(4) (2005). https://doi.org/10.1016/j.jcss.2005.05.004

  55. Yadegari, B., Johannesmeyer, B., Whitely, B., Debray, S.: A generic approach to automatic deobfuscation of executable code. In: S &P’15 (2015). https://doi.org/10.1109/SP.2015.47

  56. Yao, A.C.C.: How to generate and exchange secrets. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science. SFCS ’86, pp. 162–167. Washington, DC, USA (1986). https://doi.org/10.1109/SFCS.1986.25

  57. Zahur, S., Evans, D.: Obliv-c: a language for extensible data-oblivious computation. Cryptology ePrint Archive, Report 2015/1153 (2015). https://eprint.iacr.org/2015/1153

  58. Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_8

    Chapter  MATH  Google Scholar 

  59. Zhang, Y., Steele, A., Blanton, M.: Picco: a general-purpose compiler for private distributed computation. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. CCS ’13, New York, NY, USA (2013). https://doi.org/10.1145/2508859.2516752

  60. Zhou, Y., Main, A., Gu, Y.X., Johnson, H.: Information hiding in software with mixed Boolean-arithmetic transforms. In: WISA’07 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to J. Todd McDonald .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Todd McDonald, J., Manikyam, R.K., Bardin, S., Bonichon, R., Andel, T.R., Carambat, J. (2023). Evaluating Defensive Countermeasures for Software-Based Hardware Abstraction. In: Samarati, P., van Sinderen, M., Vimercati, S.D.C.d., Wijnhoven, F. (eds) E-Business and Telecommunications. ICETE 2021. Communications in Computer and Information Science, vol 1795. Springer, Cham. https://doi.org/10.1007/978-3-031-36840-0_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36840-0_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36839-4

  • Online ISBN: 978-3-031-36840-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics