Abstract
Software tamper-resistance mechanisms have increasingly assumed significance as a technique to prevent unintended uses of software. Closely related to anti-tampering techniques are obfuscation techniques, which make code difficult to understand or analyze and therefore, challenging to modify meaningfully. This paper describes a secure and robust approach to software tamper resistance and obfuscation using process-level virtualization. The proposed techniques involve novel uses of software check summing guards and encryption to protect an application. In particular, a virtual machine (VM) is assembled with the application at software build time such that the application cannot run without the VM. The VM provides just-in-time decryption of the program and dynamism for the application’s code. The application’s code is used to protect the VM to ensure a level of circular protection. Finally, to prevent the attacker from obtaining an analyzable snapshot of the code, the VM periodically discards all decrypted code. We describe a prototype implementation of these techniques and evaluate the run-time performance of applications using our system. We also discuss how our system provides stronger protection against tampering attacks than previously described tamper-resistance approaches.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anckaert, B., Jakubowski, M., Venkatesan, R.: Proteus: virtualization for diversified tamper-resistance. In: DRM 2006: ACM Workshop on Digital Rights Management, pp. 47–58. ACM, New York (2006)
Aucsmith, D.: Tamper resistant software:An implementation. In: 1st International Workshop on Information Hiding, pp. 317–333. Springer, London (1996)
Billet, O., Gilbert, H., Ech-Chatbi, C.: Cryptanalysis of a white box AES implementation. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 227–240. Springer, Heidelberg (2004)
Biondi, P., Fabrice, D.: Silver needle in the skype. In: Black Hat Europe, Amsterdam, the Netherlands (2006)
Cappaert, J., Preneel, B., Anckaert, B., Madou, M., Bosschere, K.D.: Towards tamper resistant code encryption: Practice and experience. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 86–100. Springer, Heidelberg (2008)
Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: CCS 2009: 16th ACM Conference on Computer and Communications Security, pp. 400–409. ACM, New York (2009)
Chang, H., Atallah, M.: Protecting software code by guards. In: ACM Workshop on Security and Privacy in Digital Rights Management, pp. 160–175 (2000)
Chow, S., Eisen, P.A., Johnson, H., Oorschot, P.C.v.: White-box cryptography and an AES implementation. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003)
Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient and stealthy opaque constructs. In: POPL 1998: 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 184–196. ACM Press, New York (1998)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. In: SOSP 2003: 19th ACM Symposium on Operating Systems Principles, pp. 193–206. ACM Press, New York (2003)
Giffin, J.T., Christodorescu, M., Kruger, L.: Strengthening software self-checksumming via self-modifying code. In: ACSAC 2005: 21st Annual Computer Security Applications Conference, pp. 23–32. IEEE Computer Society, Washington (2005)
Horne, B., Matheson, L.R., Sheehan, C., Tarjan, R.E.: Dynamic self-checking techniques for improved tamper resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 141–159. Springer, Heidelberg (2002)
Jacob, M., Jakubowski, M.H., Venkatesan, R.: Towards integral binary execution: implementing oblivious hashing using overlapped instruction encodings. In: MM&Sec 2007: 9th Workshop on Multimedia & Security, pp. 129–140. ACM, New York (2007)
Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: CCS 2003: 10th ACM Conference on Computer and Communications Security (CCS), pp. 290–299. ACM Press, Washington (2003)
Madou, M., Anckaert, B., Moseley, P., Debray, S., De Sutter, B., De Bosschere, K.: Software protection through dynamic code mutation. In: Song, J.-S., Kwon, T., Yung, M. (eds.) WISA 2005. LNCS, vol. 3786, pp. 194–206. Springer, Heidelberg (2005)
Quynh, N.A.: Hijacking (Xen) virtual machine for fun and profit. In: Bellua Security Conference, Jakarta, Indonesia (2007)
Scott, K., Kumar, N., Velusamy, S., Childers, B., Davidson, J.W., Soffa, M.L.: Retargetable and reconfigurable software dynamic translation. In: CGO 2003: International Symposium on Code Generation and Optimization, pp. 36–47. IEEE Computer Society, Washington (2003)
Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural support for copy and tamper resistant software. In: ASPLOS 2000: 9th International Conference on Architectural Support for Programming Languages and Operating Systems, vol. 35, pp. 168–177. ACM, New York (2000)
Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.: Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In: SOSP 2005: 20th ACM Symposium on Operating Systems Principles, vol. 39, pp. 1–16. ACM Press, New York (December 2005)
Wurster, G., Oorschot, P.C.v., Somayaji, A.: A generic attack on checksumming-based software tamper resistance. In: SP 2005: 2005 IEEE Symposium on Security and Privacy, pp. 127–138. IEEE Computer Society, Washington (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ghosh, S., Hiser, J.D., Davidson, J.W. (2010). A Secure and Robust Approach to Software Tamper Resistance. In: Böhme, R., Fong, P.W.L., Safavi-Naini, R. (eds) Information Hiding. IH 2010. Lecture Notes in Computer Science, vol 6387. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16435-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-16435-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16434-7
Online ISBN: 978-3-642-16435-4
eBook Packages: Computer ScienceComputer Science (R0)