research-article

StIns4CS: A State Inspection Tool for C#

Authors:

Sebastian BanescuAuthors Info & Claims

SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

Pages 61 - 71

https://doi.org/10.1145/2995306.2995313

Published: 28 October 2016 Publication History

Abstract

Software protection aims to prevent unauthorized use, analysis, modification and distribution of software. This goal is hard to achieve, especially for a program running on a platform (e.g. physical device) controlled by an adversary also known as man-at-the-end (MATE) attacker. Self-checking is one technique for protecting the integrity of software by having the code check itself. In this paper, we present the design and implementation of a self-checking tool called StIns4CS. Our tool implements self-checking via state inspection by source code transformations of programs written in the C# language. More specifically, StIns4CS augments code by adding runtime checkers to it. We discuss the effectiveness of StIns4CS by implementing attacks targeting our approach, and measuring different aspects of the effectiveness, stealth and cost of the protection. Based on the evaluation we show the trade-off between the efficiency and effectiveness of StIns4CS in protecting software against unauthorized modification. We propose an approach to improve stealth of the code added by StIns4CS and we show further improvements of stealth by combining selfchecking with virtualization obfuscation.

References

[1]

J. Cappaert, B. Preneel, B. Anckaert, M. Madou, and K. De Bosschere. Towards tamper resistant code encryption: Practice and experience. lecture notes in Computer Science, 4991:86--100, 2008.

Digital Library

[2]

H. Chang and M. J. Atallah. Protecting software code by guards. In Security and privacy in digital rights management, pages 160--175. Springer, 2002.

Digital Library

[3]

Y. Chen, R. Venkatesan, M. Cary, R. Pang, S. Sinha, and M. H. Jakubowski. Oblivious hashing: A stealthy software integrity verification primitive. In Information Hiding, pages 400--414. Springer, 2003.

Digital Library

[4]

C. Collberg and J. Nagra. Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education, 2009.

Digital Library

[5]

D. Dolev and A. Yao. On the security of public key protocols. IEEE Transactions on information theory, 29(2):198--208, 1983.

Digital Library

[6]

P. Falcarin, C. Collberg, M. Atallah, and M. Jakubowski. Guest editors' introduction: Software protection. Software, IEEE, 28(2):24--27, 2011.

Digital Library

[7]

J. T. Giffin, M. Christodorescu, and L. Kruger. Strengthening software self-checksumming via self-modifying code. In Computer Security Applications Conference, 21st Annual, pages 10--pp. IEEE, 2005.

Digital Library

[8]

Globalstudy.bsa.org. Bsa global software survey: The compliance gap: Home, 2013.

[9]

P. Godefroid, P. De Halleux, A. V. Nori, S. K. Rajamani, W. Schulte, N. Tillmann, and M. Y. Levin. Automating software testing using program analysis. Software, IEEE, 25(5):30--37, 2008.

Digital Library

[10]

B. Horne, L. Matheson, C. Sheehan, and R. E. Tarjan. Dynamic self-checking techniques for improved tamper resistance. In Security and privacy in digital rights management, pages 141--159. Springer, 2002.

Digital Library

[11]

M. Jacob, M. H. Jakubowski, and R. Venkatesan. Towards integral binary execution: Implementing oblivious hashing using overlapped instruction encodings. In Proceedings of the 9th workshop on Multimedia & security, pages 129--140. ACM, 2007.

Digital Library

[12]

K. Jamrozik, G. Fraser, N. Tillman, and J. De Halleux. Generating test suites with augmented dynamic symbolic execution. In Tests and Proofs, pages 152--167. Springer, 2013.

[13]

J. Leitch. Iat hooking revisited, 2011.

[14]

L. Martignoni, R. Paleari, and D. Bruschi. Conqueror: tamper-proof code execution on legacy systems. In Detection of Intrusions and Malware, and Vulnerability Assessment, pages 21--40. Springer, 2010.

Digital Library

[15]

N. Mavrogiannopoulos, N. Kisserli, and B. Preneel. A taxonomy of self-modifying code for obfuscation. Computers & Security, 30(8):679--691, 2011.

Digital Library

[16]

M. D. Network. Attributes (c# programming guide).

[17]

J. Qiu, B. Yadegari, B. Johannesmeyer, S. Debray, and X. Su. Identifying and understanding self-checksumming defenses in software. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pages 207--218. ACM, 2015.

Digital Library

[18]

A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. ACM SIGOPS Operating Systems Review, 39(5):1--16, 2005.

Digital Library

[19]

G. Tan, Y. Chen, and M. H. Jakubowski. Delayed and controlled failures in tamper-resistant systems. In In Proceedings of 8th Information Hiding Workshop. Citeseer, 2006.

Digital Library

[20]

N. Tillmann and J. De Halleux. Pex--white box test generation for. net. In Tests and Proofs, pages 134--153. Springer, 2008.

Digital Library

[21]

N. Tillmann and W. Schulte. Unit tests reloaded: Parameterized unit testing with symbolic execution. Software, IEEE, 23(4):38--47, 2006.

Digital Library

[22]

G. Wurster, P. C. Van Oorschot, and A. Somayaji. A generic attack on checksumming-based software tamper resistance. In Security and Privacy, 2005 IEEE Symposium on, pages 127--138. IEEE, 2005.

Digital Library

Cited By

Jin HLee JYang SKim KLee D(2024)A Framework to Quantify the Quality of Source Code ObfuscationApplied Sciences10.3390/app1412505614:12(5056)Online publication date: 10-Jun-2024
https://doi.org/10.3390/app14125056
Ebad SDarem AAbawajy J(2021)Measuring Software Obfuscation Quality–A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2021.30945179(99024-99038)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3094517
Ahmadvand MHayrapetyan ABanescu SPretschner A(2018)Practical Integrity Protection with Oblivious HashingProceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274732(40-52)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.1145/3274694.3274732

Index Terms

StIns4CS: A State Inspection Tool for C#
1. Security and privacy
  1. Software and application security
    1. Software security engineering

Recommendations

CheckMATE '24 - Research on Offensive and Defensive Techniques in the context of Man At The End (MATE) Attacks
CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security

MATE (Man-At-The-End) is an attacker model where an adversary has access to the target software and/or hardware environment of his victim and the ability to observe and modify it in order to extract secrets such as cryptographic keys or sensitive ...
Replacement attacks against VM-protected applications
VEE '12: Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments

Process-level virtualization is increasingly being used to enhance the security of software applications from reverse engineering and unauthorized modification (called software protection). Process-level virtual machines (PVMs) can safeguard the ...
Comparing the effectiveness of commercial obfuscators against MATE attacks
SSPREW '16: Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering

The ability to protect software from malicious reverse engineering remains a challenge faced by commercial software companies who invest a large amount of resources in the development of their software product. In order to protect their investment from ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SPRO '16: Proceedings of the 2016 ACM Workshop on Software PROtection

October 2016

100 pages

ISBN:9781450345767

DOI:10.1145/2995306

General Chair:
Brecht Wyseur
Nagravision S.A., Switzerland
,
Program Chair:
Bjorn De Sutter
Ghent University, Belgium

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Bavarian Ministry of Economic Affairs and Media Energy and Technology (StMWi) through the Center Digitisation.Bavaria

Conference

CCS'16

Sponsor:

SIGSAC

CCS'16: 2016 ACM SIGSAC Conference on Computer and Communications Security

October 28, 2016

Vienna, Austria

Acceptance Rates

SPRO '16 Paper Acceptance Rate 8 of 14 submissions, 57%;

Overall Acceptance Rate 8 of 14 submissions, 57%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
114
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jin HLee JYang SKim KLee D(2024)A Framework to Quantify the Quality of Source Code ObfuscationApplied Sciences10.3390/app1412505614:12(5056)Online publication date: 10-Jun-2024
https://doi.org/10.3390/app14125056
Ebad SDarem AAbawajy J(2021)Measuring Software Obfuscation Quality–A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2021.30945179(99024-99038)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3094517
Ahmadvand MHayrapetyan ABanescu SPretschner A(2018)Practical Integrity Protection with Oblivious HashingProceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274732(40-52)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.1145/3274694.3274732

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten