Abstract
Protecting software from illegal reverse engineering and malicious hackers is often remedied through either legal or technical means. In the technical domain, software obfuscation provides less than perfect protection against such attacks since there is no perfect obfuscator for all classes of programs. However, semantic preserving transformations can attempt to make the cost of attacks prohibitive in either time or resources. Software-based hardware abstraction (SBHA) is a novel approach that transforms traditional software code segments into a digital logic form and thus virtualizes code into a hardware abstraction. SBHA can be used to protect embedded secrets in programs that are used to guard intellectual property (IP). Secrets such as passwords, PINs, and activation codes authorize legitimate end-users to install or activate software for use and are validated typically through point functions that check for the single unique input that is expected. In this study we extend initial analysis of SBHA against state-of-the-art dynamic symbolic execution (DSE) attacks in recovering embedded program secrets and consider the limits of an attacker that recovers the logic circuit netlist from an SBHA-protected program. We pose four approaches for hardened SBHA configurations and evaluate their effectiveness using typical analysis tools that cover synthesis, binary decision diagram recovery, and symbolic analysis. We show that such attacks can be mitigated by these countermeasures outright and discuss the trade-off in size and overhead relative to the relatively low-cost of SBHA point-functions stand alone. We conclude that for single use operations such as point function checks, the overhead is large but the execution runtime delta is negligible.
This work was partly funded by a grant of high-performance computing resources and technical support from the Alabama Supercomputer Authority and by the National Science Foundation awards 1811560 and 1811578 in the NSF 17–576 Secure and Trustworthy Cyberspace (SaTC) program.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abrar, S.S., Jenihhin, M., Raik, J.: Extensible open-source framework for translating RTL VHDL IP cores to SystemC. In: IEEE DDECS (2013)
Akhunzada, A., Sookhak, M., Anuar, N.B., et al.: Man-at-the-end attacks: analysis, taxonomy, human aspects, motivation and future directions. J. Netw. Comput. Appl. 48, 44–57 (2015). https://doi.org/10.1016/j.jnca.2014.10.009
Anand, S., Păsăreanu, C.S., Visser, W.: Symbolic execution with abstraction. Int. J. Softw. Tools Technol. Transf. 11(1) (2009). https://doi.org/10.1007/s10009-008-0090-1
Averbuch, A., Kiperberg, M., Zaidenberg, N.J.: An efficient VM-based software protection. In: 2011 5th International Conference on Network and System Security, pp. 121–128, September 2011. https://doi.org/10.1109/ICNSS.2011.6059968
Balakrishnan, G., Reps, T.W.: WYSINWYX: what you see is not what you execute. ACM Trans. Program. Lang. Syst. 32(6) (2010). https://doi.org/10.1145/1749608.1749612
Banescu, S., Collberg, C., Ganesh, V., Newsham, Z., Pretschner, A.: Code obfuscation against symbolic execution attacks. In: ACSAC’16 (2016). https://doi.org/10.1145/2991079.2991114
Banescu, S., Collberg, C., Pretschner, A.: Predicting the resilience of obfuscated code against symbolic execution attacks via machine learning. In: USENIX SEC’17 (2017). http://dl.acm.org/citation.cfm?id=3241189.3241241
Banescu, S., Ochoa, M., Pretschner, A.: A framework for measuring software obfuscation resilience against automated attacks. In: SPRO’15 (2015). http://dl.acm.org/citation.cfm?id=2821429.2821442
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., et al.: On the (im)possibility of obfuscating programs. J. ACM 59(2) (2012). https://doi.org/10.1145/2160158.2160159
Bardin, S., David, R., Marion, J.: Backward-bounded DSE: targeting infeasibility questions on obfuscated codes. In: S &P ’17, May 2017. https://doi.org/10.1109/SP.2017.36
Basile, C., Canavese, D., Regano, L., Falcarin, P., Sutter, B.D.: A meta-model for software protections and reverse engineering attacks. J. Syst. Softw. 150 (2019). https://doi.org/10.1016/j.jss.2018.12.025
Beyer, D., Stahlbauer, A.: BDD-based software verification. Int. J. Softw. Tools Technol. Transf. 16(5), 507–518 (2014). https://doi.org/10.1007/s10009-014-0334-1
Biondi, F., Josse, S., Legay, A., Sirvent, T.: Effectiveness of synthesis in concolic deobfuscation. Comput. Secur. 70 (2017). https://doi.org/10.1016/j.cose.2017.07.006
Black, D.C., Donovan, J., Bunton, B., Keist, A.: SystemC: From the Ground Up, 2nd edn. Springer, New York (2009). https://doi.org/10.1007/978-0-387-69958-5
Bruni, R., Giacobazzi, R., Gori, R.: Code obfuscation against abstract model checking attacks. In: VMCAI 2018. LNCS, vol. 10747, pp. 94–115. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-73721-8_5
Bryant: Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. C-35(8) (1986). https://doi.org/10.1109/TC.1986.1676819
Bryant, R.E.: On the complexity of vlsi implementations and graph representations of boolean functions with application to integer multiplication. IEEE Trans. Comput. 40(2) (1991). https://doi.org/10.1109/12.73590
BSA Foundation: BSA Global Software Survey: Software management: Security imperative, business opportunity, June 2018. https://gss.bsa.org/wp-content/uploads/2018/05/2018_BSA_GSS_Report_en.pdf. Accessed 01 June 2021
Cadar, C., Sen, K.: Symbolic execution for software testing: three decades later. Commun. ACM 56(2) (2013). https://doi.org/10.1145/2408776.2408795
Ceccato, M., et al.: How professional hackers understand protected code while performing attack tasks. In: ICPC’17 (2017). https://doi.org/10.1109/ICPC.2017.2
Cheng, X., Lin, Y., Gao, D., Jia, C.: DynOpVm: VM-based software obfuscation with dynamic opcode mapping. In: Applied Cryptography and Network Security (2019)
Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical report, Univ. of Auckland (1997)
Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection. IEEE Trans. Softw. Eng. 28(8) (2002). https://doi.org/10.1109/TSE.2002.1027797
Collberg, C., Davidson, J., Giacobazzi, R., Gu, Y.X., Herzberg, A., Wang, F.Y.: Toward digital asset protection. IEEE Intell. Syst. 26(6) (2011). https://doi.org/10.1109/MIS.2011.106
Collberg, C., Nagra, J.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley Professional (2009)
Coogan, K., Lu, G., Debray, S.: Deobfuscation of virtualization-obfuscated software: a semantics-based approach. In: CCS’11 (2011). https://doi.org/10.1145/2046707.2046739
De Micheli, G.: Synthesis and Optimization of Digital Circuits. McGraw-Hill Higher Education (1994)
Demmler, D., Schneider, T., Zohner, M.: Aby - a framework for efficient mixed-protocol secure two-party computation. In: NDSS (2015)
Evans, D., Kolesnikov, V., Rosulek, M.: A pragmatic introduction to secure multi-party computation. Found. Trends Privacy Secur. 2(2–3), 70–246 (2018). https://doi.org/10.1561/3300000019
Eyrolles, N., Goubin, L., Videau, M.: Defeating MBA-based obfuscation. In: SPRO’16 (2016). https://doi.org/10.1145/2995306.2995308
Fang, D., Gao, L., Tang, Z., Chen, X.: A software protection framework based on thin virtual machine using distorted encryption. In: 2011 International Conference on Network Computing and Information Security, vol. 1, pp. 266–271, May 2011. https://doi.org/10.1109/NCIS.2011.60
Hansen, M.C., Yalcin, H., Hayes, J.P.: Unveiling the ISCAS-85 benchmarks: a case study in reverse engineering. IEEE Des. Test 16(3) (1999). https://doi.org/10.1109/54.785838
Holder, W., McDonald, J.T., Andel, T.R.: Evaluating optimal phase ordering in obfuscation executives. In: 7th SSPREW (2017). https://doi.org/10.1145/3151137.3151140
Kuznetsov, V., Kinder, J., Bucur, S., Candea, G.: Efficient state merging in symbolic execution. In: PLDI’12 (2012). https://doi.org/10.1145/2254064.2254088
Lan, P., Wang, P., Wang, S., Wu, D.: Lambda obfuscation. In: SecureComm’17 (2018)
Malkhi, D., Nisan, N., Pinkas, B., Sella, Y.: Fairplay–a secure two-party computation system. In: Proceedings of the 13th Conference on USENIX Security Symposium. SSYM’04, vol. 13. p. 20. USENIX Association, Berkeley, CA, USA (2004). http://dl.acm.org/citation.cfm?id=1251375.1251395
Manikyam, R., McDonald, J.T., Mahoney, W.R., Andel, T.R., Russ, S.H.: Comparing the effectiveness of commercial obfuscators against mate attacks. In: SSPREW’16 (2016). https://doi.org/10.1145/3015135.3015143
McDonald, J., Kim, Y., Grimaila, M.: Protecting reprogrammable hardware with polymorphic circuit variation. In: Proceedings of the 2nd Cyberspace Research Workshop (2009)
McDonald, J., Manikyam, R., Bardin, S., Bonichon, R., Andel, T.R.: Program protection through software-based hardware abstraction. In: SECRYPT (2021). https://doi.org/10.5220/0010557502470258
Ollivier, M., Bardin, S., Bonichon, R., Marion, J.Y.: How to kill symbolic deobfuscation for free (or: unleashing the potential of path-oriented protections). In: ACSAC’19 (2019). https://doi.org/10.1145/3359789.3359812
Ollivier, M., Bardin, S., Bonichon, R., Marion, J.: Obfuscation: where are we in anti-DSE protections (a first attempt). In: SSPREW ’19 (2019)
Rival, X., Yi, K.: Introduction to Static Analysis: An Abstract Interpretation Perspective. The MIT Press (2020)
Salwan, J., Bardin, S., Potet, M.L.: Symbolic deobfuscation: from virtualized code back to the original. In: DIMVA’18 (2018)
Schleimer, S., Wilkerson, D.S., Aiken, A.: Winnowing: local algorithms for document fingerprinting. In: ICMD’03 (2003). https://doi.org/10.1145/872757.872770
Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., Weippl, E.: Protecting software through obfuscation: can it keep pace with progress in code analysis? ACM Comput. Surv. 49(1) (2016). https://doi.org/10.1145/2886012
Subramanyan, P., Ray, S., Malik, S.: Evaluating the security of logic encryption algorithms. In: HOST’15, May 2015. https://doi.org/10.1109/HST.2015.7140252
Thales Group: Software protection & licensing solutions (2022). https://cpl.thalesgroup.com/software-monetization/software-protection-licensing. Accessed 01 June 2022
Vahid, F.: It’s time to stop calling circuits “hardware”. Computer 40(9) (2007). https://doi.org/10.1109/MC.2007.322
Vahid, F.: What is hardware/software partitioning? SIGDA Newsl. 39(6), 1–1 (2009). https://doi.org/10.1145/1862900.1862901
Wang, H., Fang, D., Li, G., Yin, X., Zhang, B., Gu, Y.: Nislvmp: improved virtual machine-based software protection. In: Proceedings of the 2013 Ninth International Conference on Computational Intelligence and Security. CIS ’13, pp. 479–483. Washington, DC, USA (2013). https://doi.org/10.1109/CIS.2013.107
Wang, X., Ranellucci, S., Katz, J.: Authenticated garbling and efficient maliciously secure two-party computation. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. CCS ’17, pp. 21–37. New York, NY, USA (2017). https://doi.org/10.1145/3133956.3134053
Wirth, N.: Hardware compilation: translating programs into circuits. Computer 31(6), 25–31 (1998). https://doi.org/10.1109/2.683004
Wirth, N.: From Programming Language Design to Computer Construction, p. 1984. Association for Computing Machinery, New York, NY, USA (2007). https://doi.org/10.1145/1283920.1283941
Woelfel, P.: Bounds on the OBDD-size of integer multiplication via universal hashing. J. Comput. Syst. Sci. 71(4) (2005). https://doi.org/10.1016/j.jcss.2005.05.004
Yadegari, B., Johannesmeyer, B., Whitely, B., Debray, S.: A generic approach to automatic deobfuscation of executable code. In: S &P’15 (2015). https://doi.org/10.1109/SP.2015.47
Yao, A.C.C.: How to generate and exchange secrets. In: Proceedings of the 27th Annual Symposium on Foundations of Computer Science. SFCS ’86, pp. 162–167. Washington, DC, USA (1986). https://doi.org/10.1109/SFCS.1986.25
Zahur, S., Evans, D.: Obliv-c: a language for extensible data-oblivious computation. Cryptology ePrint Archive, Report 2015/1153 (2015). https://eprint.iacr.org/2015/1153
Zahur, S., Rosulek, M., Evans, D.: Two halves make a whole. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 220–250. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_8
Zhang, Y., Steele, A., Blanton, M.: Picco: a general-purpose compiler for private distributed computation. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security. CCS ’13, New York, NY, USA (2013). https://doi.org/10.1145/2508859.2516752
Zhou, Y., Main, A., Gu, Y.X., Johnson, H.: Information hiding in software with mixed Boolean-arithmetic transforms. In: WISA’07 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Todd McDonald, J., Manikyam, R.K., Bardin, S., Bonichon, R., Andel, T.R., Carambat, J. (2023). Evaluating Defensive Countermeasures for Software-Based Hardware Abstraction. In: Samarati, P., van Sinderen, M., Vimercati, S.D.C.d., Wijnhoven, F. (eds) E-Business and Telecommunications. ICETE 2021. Communications in Computer and Information Science, vol 1795. Springer, Cham. https://doi.org/10.1007/978-3-031-36840-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-36840-0_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36839-4
Online ISBN: 978-3-031-36840-0
eBook Packages: Computer ScienceComputer Science (R0)