skip to main content
10.1145/3274694.3274732acmotherconferencesArticle/Chapter ViewAbstractPublication PagesacsacConference Proceedingsconference-collections
research-article

Practical Integrity Protection with Oblivious Hashing

Published: 03 December 2018 Publication History

Abstract

Oblivious hashing (OH) is an integrity protection technique that checks the (side) effects resulting from the executed code, in contrast to checking the code itself as done by self-checking (SC). SC introduces atypical behavior in the program logic, like reading the code section loaded in memory. Since such atypical behavior can be detected by attackers, OH is more appealing to be employed in practice than SC. However, OH is incapable of protecting a presumable majority of program instructions, those that depend on nondeterministic (input) data or branches, which have to be manually identified and subsequently skipped. In this paper, we extend OH into a practical protection scheme by proposing i) a technique for automatic segregation of deterministic instructions, and ii) a novel extension, Short Range Oblivious Hashing (SROH), for OH to cover control-flow instructions dependent on nondeterministic data. Our SROH technique increases the range of instructions that OH can protect to nondeterministic branches. Moreover, we intertwine OH with SC to cover (nondeterministic) data dependent instructions and enhance the resilience against tampering attacks. We evaluate the performance overhead as well as the security of our scheme using the MiBench dataset and 3 open source games. Our experiments show that the proposed technique yields a 20-fold increase in the median number of protected instructions and, on non-CPU-intensive programs, imposes an overhead of 52%.

References

[1]
Bert Abrath, Bart Coppens, Stijn Volckaert, Joris Wijnant, and Bjorn De Sutter. 2016. Tightly-coupled Self-debugging Software Protection. In Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering (SSPREW '16). ACM, New York, NY, USA, Article 7, 10 pages.
[2]
Mohsen Ahmadvand, Alexander Pretschner, and Florian Kelbert. {n. d.}. A Taxonomy of Software Integrity Protection Techniques. Elsevier, --.
[3]
Dennis Andriesse, Herbert Bos, and Asia Slowinska. 2015. Parallax: Implicit code integrity verification using return-oriented programming. In Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on. IEEE, 125--135.
[4]
David Aucsmith. 1996. Tamper resistant software: An implementation. Proceedings of the First International Workshop on Information Hiding (1996), 317--333.
[5]
Sebastian Banescu, Mohsen Ahmadvand, Alexander Pretschner, Robert Shield, and Chris Hamilton. 2017. Detecting Patching of Executables without System Calls. In Proceedings of the Conference on Data and Application Security and Privacy.
[6]
Sebastian Banescu, Martín Ochoa, Nils Kunze, and Alexander Pretschner. 2015. Idea: Benchmarking Indistinguishability Obfuscation -- A Candidate Implementation. In Engineering Secure Software and Systems, Frank Piessens, Juan Caballero, and Nataliia Bielova (Eds.). Springer International Publishing, Cham, 149--156.
[7]
Sebastian Banescu, Alexander Pretschner, Dominic Battré, Stéfano Cazzulani, Robert Shield, and Greg Thompson. 2015. Software-based protection against changeware. In Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. ACM, 231--242.
[8]
Benoit Baudry and Martin Monperrus. 2015. The multiple facets of software diversity: Recent developments in year 2000 and beyond. ACMComputing Surveys (CSUR) 48, 1 (2015), 16.
[9]
Brian Blietz and Akhilesh Tyagi. 2006. Software tamper resistance through dynamic program monitoring. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 3919 LNCS (2006), 146--163.
[10]
Business Software Alliance (BSA). 2016. Seizing opportunity through license compliance: BSA global software survey. http://globalstudy.bsa.org/2016/index.html
[11]
Hoi Chang and Mikhail J Atallah. 2001. Protecting software code by guards. In ACM Workshop on Digital Rights Management. Springer, 160--175.
[12]
Hsiang-Yang Chen, Ting-Wei Hou, and Chun-Liang Lin. 2007. Tamper-proofing Basis Path by Using Oblivious Hashing on Java. SIGPLAN Not. 42, 2 (Feb. 2007), 9--16.
[13]
Yuqun Chen, Ramarathnam Venkatesan, Matthew Cary, Ruoming Pang, Saurabh Sinha, and Mariusz H Jakubowski. 2002. Oblivious hashing: A stealthy software integrity verification primitive. In International Workshop on Information Hiding. Springer, 400--414.
[14]
Stanley Chow, Philip Eisen, Harold Johnson, and Paul C. Van Oorschot. 2003. White-Box Cryptography and an AES Implementation. In Selected Areas in Cryptography, Kaisa Nyberg and Howard Heys (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 250--270.
[15]
Frederick B Cohen. 1993. Operating system protection through program evolution. Computers & Security 12, 6 (1993), 565--584.
[16]
Christian Collberg, Jasvir Nagra, and Fei-Yue Wang. 2007. Surreptitious software: Models from biology and history. In International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security. Springer, 1--21.
[17]
Christian Collberg, Clark Thomborson, and Douglas Low. 1998. Manufacturing cheap, resilient, and stealthy opaque constructs. In Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM, 184--196.
[18]
Christian S Collberg, Ieee Computer Society, Clark Thomborson, and Senior Member. 2002. Obfuscation Tools for Software Protection. 28, 8 (2002), 735--746.
[19]
Christian S. Collberg and Clark Thomborson. 2002. Watermarking, tamper-proofing, and obfuscation-tools for software protection. IEEE Transactions on software engineering 28, 8 (2002), 735--746.
[20]
Wu-chang Feng, Ed Kaiser, and Travis Schluessler. 2008. Stealth measurements for cheat detection in on-line games. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. ACM, 15--20.
[21]
Jeanne Ferrante, Karl J Ottenstein, and Joe D Warren. 1987. The program dependence graph and its use in optimization. ACM Transactions on Programming Languages and Systems (TOPLAS) 9, 3 (1987), 319--349.
[22]
S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, and B. Waters. 2013. Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits. In 2013 IEEE 54th Annual Symposium on Foundations of Computer Science. 40--49.
[23]
Sudeep Ghosh, Jason Hiser, and Jack W Davidson. 2013. Software protection for dynamically-generated code. In Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop. ACM, 1.
[24]
Sudeep Ghosh, Jason D. Hiser, and Jack W. Davidson. 2010. A secure and robust approach to software tamper resistance. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 6387 LNCS (2010), 33--47.
[25]
M. R. Guthaus, J. S. Ringenberg, D. Ernst, T. M. Austin, T. Mudge, and R. B. Brown. 2001. MiBench: A free, commercially representative embedded benchmark suite. In Proceedings of the Fourth Annual IEEE International Workshop on Workload Characterization. WWC-4 (Cat. No.01EX538). 3--14.
[26]
Bill Horne, Lesley Matheson, Casey Sheehan, and Robert Tarjan. 2002. Dynamic Self-Checking Techniques for Improved Tamper Resistance. Security and Privacy in Digital Rights Management (2002), 141--159.
[27]
Amjad Ibrahim and Sebastian Banescu. 2016. StIns4CS: A State Inspection Tool for C. In Proceedings of the 2016 ACM Workshop on Software PROtection. ACM, 61--71.
[28]
Matthias Jacob, Mariusz H Jakubowski, and Ramarathnam Venkatesan. 2007. Towards integral binary execution: Implementing oblivious hashing using overlapped instruction encodings. In Proceedings of the 9th workshop on Multimedia & security. ACM, 129--140.
[29]
Markus Jakobsson and Karl-Anders Johansson. 2010. Retroactive Detection of Malware with Applications to Mobile Platforms. In Proceedings of the 5th USENIX Conference on Hot Topics in Security (HotSec'10). USENIX Association, Berkeley, CA, USA, 1--13.
[30]
Markus Jakobsson and Karl-Anders Johansson. 2011. Practical and secure software-based attestation. In Lightweight Security & Privacy: Devices, Protocols and Applications (LightSec), 2011 Workshop on. IEEE, 1--9.
[31]
Stamatis Karnouskos. 2011. Stuxnet worm impact on industrial cyber-physical system security. In IECON 2011--37th Annual Conference on IEEE Industrial Electronics Society. IEEE, 4490--4494.
[32]
Kaspersky Lab. 2017. ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms. https://securelist.com/75533/faq-the-projectsauron-apt/
[33]
Barbara Kordy, Piotr Kordy, Sjouke Mauw, and Patrick Schweitzer. 2013. ADTool: Security Analysis with Attack--Defense Trees. In Quantitative Evaluation of Systems, Kaustubh Joshi, Markus Siegle, Mariëlle Stoelinga, and Pedro R. D'Argenio (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 173--176.
[34]
Thomas Lengauer and Robert Endre Tarjan. 1979. A Fast Algorithm for Finding Dominators in a Flowgraph. ACM Trans. Program. Lang. Syst. 1, 1 (Jan. 1979), 121--141.
[35]
Kin-Keung Ma, Khoo Yit Phang, Jeffrey S. Foster, and Michael Hicks. 2011. Directed Symbolic Execution. In Static Analysis, Eran Yahav (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 95--111.
[36]
Corey Malone, Mohamed Zahran, and Ramesh Karri. 2011. Are Hardware Performance Counters a Cost Effective Way for Integrity Checking of Programs. Proceedings of the sixth ACM workshop on Scalable trusted computing - STC '11 (2011), 71.
[37]
Lorenzo Martignoni, Roberto Paleari, and Danilo Bruschi. 2010. Conqueror: Tamper-proof code execution on legacy systems. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 6201 LNCS (2010), 21--40.
[38]
Vasilis Pappas, Michalis Polychronakis, and Angelos D Keromytis. 2013. Transparent ROP exploit mitigation using indirect branch tracing. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13). 447--462.
[39]
M. Protsenko, S. Kreuter, and T. MÃijller. 2015. Dynamic Self-Protection and Tamperproofing for Android Apps Using Native Code. In Availability, Reliability and Security (ARES), 2015 10th International Conference on. 129--138.
[40]
Jing Qiu, Babak Yadegari, Brian Johannesmeyer, Saumya Debray, and Xiaohong Su. 2015. Identifying and Understanding Self-Checksumming Defenses in Software. (2015), 207--218.
[41]
Bernhard Scholz, Chenyi Zhang, and Cristina Cifuentes. 2008. User-input Dependence Analysis via Graph Reachability. Technical Report. Mountain View, CA, USA.
[42]
Arvind Seshadri, Mark Luk, Elaine Shi, Adrian Perrig, Leendert van Doorn, and Pradeep Khosla. 2005. Pioneer: Verifying Code Integrity and Enforcing Untampered Code Execution on Legacy Systems. ACM SIGOPS Operating Systems Review (2005).
[43]
Jiri Slaby, Jan Strejček, and Marek Trtík. 2013. Symbiotic: Synergy of Instrumentation, Slicing, and Symbolic Execution. In Tools and Algorithms for the Construction and Analysis of Systems, Nir Piterman and Scott A. Smolka (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 630--632.
[44]
Yulei Sui and Jingling Xue. 2016. SVF: Interprocedural Static Value-flow Analysis in LLVM. In Proceedings of the 25th International Conference on Compiler Construction (CC 2016). ACM, New York, NY, USA, 265--266.
[45]
Frank Tip. 1994. A Survey of Program Slicing Techniques. Technical Report. Amsterdam, The Netherlands, The Netherlands.
[46]
Chenxi Wang, Jack Davidson, Jonathan Hill, and John Knight. 2001. Protection of software-based survivability mechanisms. In Dependable Systems and Networks, 2001. DSN 2001. International Conference on. IEEE, 193--202.
[47]
Glenn Wurster, P. C. Van Oorschot, and Anil Somayaji. 2005. A generic attack on checksumming-based software tamper resistance. Proceedings - IEEE Symposium on Security and Privacy (2005), 127--135.
[48]
Brecht Wyseur. 2011. White-Box Cryptography. Springer US, Boston, MA, 1386--1387.
[49]
C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. 2013. Practical Control Flow Integrity and Randomization for Binary Executables. In 2013 IEEE Symposium on Security and Privacy. 559--573.

Cited By

View all

Index Terms

  1. Practical Integrity Protection with Oblivious Hashing

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    ACSAC '18: Proceedings of the 34th Annual Computer Security Applications Conference
    December 2018
    766 pages
    ISBN:9781450365697
    DOI:10.1145/3274694
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    In-Cooperation

    • ACSA: Applied Computing Security Assoc

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 03 December 2018

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Man-At-The-End
    2. Oblivious hashing
    3. Self-checking
    4. Software protection
    5. Tamper detection

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    ACSAC '18

    Acceptance Rates

    Overall Acceptance Rate 104 of 497 submissions, 21%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)21
    • Downloads (Last 6 weeks)3
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2022)Efficient Generation of Program Execution HashIEEE Access10.1109/ACCESS.2022.318128310(61707-61720)Online publication date: 2022
    • (2021)Dynamic Taint Analysis versus Obfuscated Self-CheckingProceedings of the 37th Annual Computer Security Applications Conference10.1145/3485832.3485926(182-193)Online publication date: 6-Dec-2021
    • (2020)DG: Analysis and Slicing of LLVM BitcodeAutomated Technology for Verification and Analysis10.1007/978-3-030-59152-6_33(557-563)Online publication date: 12-Oct-2020
    • (2019)SIP shakerProceedings of the 35th Annual Computer Security Applications Conference10.1145/3359789.3359848(203-214)Online publication date: 9-Dec-2019
    • (2019)VirtSCProceedings of the 3rd ACM Workshop on Software Protection10.1145/3338503.3357723(53-63)Online publication date: 15-Nov-2019

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media