Docstoc

A Secure and Robust Approach to Software Tamper Resistance

Document Sample
A Secure and Robust Approach to Software Tamper Resistance Powered By Docstoc
					 A Secure and Robust
 Approach to Software
 Tamper Resistance
Sudeep Ghosh, Jason D. Hiser and
       Jack W. Davidson
      University of Virginia
Motivation
 Software performs critical functionality.
          Needs to be protected


 Limitations with current AT technology
    Vulnerable to dynamic analysis.
    Require special hardware.
    A number of solutions incur high overhead
     or require strict resource guarantees.


                                                 2
Threat Model
 White-box attack model
       Adversary can inspect, modify or forge any
        information.
       They can modify the OS to return inaccurate
        information.
       Hardware cannot be trusted.

 Given enough time and resources, the adversary can
  succeed in manually inspecting and modifying
  programs.
 Most attacks are supported by automated analysis.




                                                       3
Goal


       The goal of this research is to
       hamper automated analysis and
       modification of programs.




                                         4
Security Architecture




                        5
Compile Time




Chang, H., Atallah, M.: Protecting software code by guards. In: Proceedings of the   6
ACM Workshop on Security and Privacy in Digital Rights Management. (2002)
Run time
               VM

SOFTWARE             DECRYPT
CACHE                                   ENCRYPTED
                                        APPLICATION
            FLUSH              X-LATE
                                                BB1
                                        BB2

           CONTEXT                              G1
                           ENTROPY
            SWITCH

                                                      G2
                                         BB3

                                                 G2

                                                      7
Contributions
 Mutual Reinforcement
      Encryption protects guards
     Guards protect the decryption and flushing
      code
     Flushing provides variance in the location of
      guards and prevents persistent changes to
      application code
 Imparts missing dynamism
     Can be combined with other protection
      mechanisms (e.g. branch functions)
                                                      8
Experimental Setup
 Automated prototype for evaluating and
  assessing our ideas.
 X86 platform
 Linux OS
 GCC toolchain
 Max Code Cache Size = 4 MB
 SPEC2000 C language benchmarks
 Guard coverage (number of guards protecting
  each byte of application code) = 4
                                            9
Distribution of Guards
                              420 1,481 400 448                             902 688 473 645 368
                       100%

                       80%
 % of Guards by Type




                       60%
                                                                                                                                                         Combined
                       40%                                                                                                                               VM protecting App.
                                                                                                                                                         VM protecting VM
                       20%                                                                                                                               App. Protecting VM
                                                                                                                                                         App. Protecting App
                        0%




                                                                                                                                           Arith. Mean
                                                                            253.perlbmk

                                                                                          255.vortex
                                                               197.parser




                                                                                                       300.twolf



                                                                                                                              183.equake
                                164.gzip

                                           176.gcc

                                                     181.mcf




                                                                                                                   177.mesa



                                                                                                                                                                               10
            Time in seconds (Log scale)
                                                         100




                   0.1
                                           10



                                1
        164.gzip                 0.91
         175.vpr                    1.52
        176.gcc          0.21
        181.mcf                                 11.5566
                                                               Effectiveness




      197.parser         0.26
     253.perlbmk         0.199
        254.gap                  0.96
      255.vortex                        2.65
        256.bzip                                11.25
       300.twolf                           4.95
       177.mesa            0.35
         179.art                         3.5
     183.equake            0.41
      188.ammp                                  9.8655
           AVG                           3.47
11
Flushing
                        50
                        45
% of Application text




                        40
                        35
                        30
                        25
                        20
                        15
                        10
                        5
                        0
                             0    10   20   30   40   50    60   70   80   90
                                                 Elapsed Time
                                 No Flushing     ~0.1 sec    ~1 sec    ~10 sec
                                                                                 12
     Number of Application guards




               10%
               20%
               30%
               40%
               60%
               70%
               80%
               90%



               50%




                0%
              100%
       164.gzip

        175.vpr

       176.gcc

       181.mcf

     197.parser
                                    Code Shifting




253.perlbmk

       254.gap

     255.vortex

       256.bzip

      300.twolf

     177.mesa

        179.art

 183.equake

     188.ammp
                  11
                  10
                  12
                  13
                  14+




13
                                   Performance Overhead




                                   0
                                             1
                                                       2




                                       0.5
                                                 1.5
                       164.gzip

                       175.vpr

                       176.gcc




 Strata
                       181.mcf
                                                           Performance



                      197.parser

                     253.perlbmk




 Encryption
                       254.gap

                      255.vortex




 Guard
                      256.bzip2

                       300.twolf

                     177.mesa

                       179.art

                     183.equake
 Flushing (~1 sec)




                     188.ammp
 Total




                         Average
14
Security Discussion
 Effectiveness against static and dynamic analysis

      Encryption prevents static analysis
           Knowledge of VM code irrelevant


      Dynamic code relocation hampers analysis at run time
           Difficult to launch iterative attacks.




                                                          15
Split Memory Attack on Guards
 ORIGINAL
 APP

                         MODIFIED
    P’                   BINARY




             FETCH      INSTRUCTION
                        EXECUTION
            INDECODE
                        CHKSUM
            OP FETCH    CALCULATION

              EX
                                      16
            WB/MEM
    Skype Case Study
     Security Problems
              Bulk decryption
              Collusion attack on guards
     Our defenses
              On demand decryption and periodic flushing
               makes it hard for the adversary to analyze
               whole application.
              Guards execute from different locations across
               runs, so collusion attacks will not be
               successful.
Biondi, P., Fabrice, D.: Silver needle in the skype. In: Black Hat Europe, Amsterdam, the   17
Netherlands (2006)
Related Works
       Software Tamper Resistance
          Aucsmith, D.: Tamper resistant software:An implementation.
          Chang, H., Atallah, M.: Protecting software code by guards.
       Code Encryption
          Cappaert, J., Preneel, B., Anckaert, B., Madou, M., Bosschere, K.D.: Towards tamper
           resistant code encryption: Practice and experience
       Remote Tamper-proofing
          Collberg, C., Nagra, J., Snavely, W.: bianlian: Remote tamper-resistance
           with continuous replacement.
       VM based approaches
          Anckaert, B., Jakubowski, M., Venkatesan, R.: Proteus: virtualization for
           diversified tamper-resistance.




                                                                                            18
Conclusions
 We have introduced a novel approach to
  software tamper resistance, using process-
  level virtualization.
 Contributions
     Dynamic code obfuscation.
     Granularity of decryption is much finer than previous
      work
     Increased resistance against OS based attacks on
      guards
     Periodic flushing ensures any successful modification
      is temporary.
                                                              19

				
DOCUMENT INFO