Remote Entrusting by Orthogonal Client Replacement. Ceccato Mariano 1, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella 1.

Similar documents
Remote Entrusting by Orthogonal Client Replacement

Remote software protection by orthogonal client replacement

Probfuscation: An Obfuscation Approach using Probabilistic Control Flows

First year review WP4 overview. Trento - September 24th, 2007

Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 4: Code Obfuscation Minsk, Belarus, Spring 2014

Industrial Approach: Obfuscating Transformations

ISSISP 2014 Code Obfuscation Verona, Italy

Obfuscating Transformations. What is Obfuscator? Obfuscation Library. Obfuscation vs. Deobfuscation. Summary

RUHR-UNIVERSITÄT BOCHUM. Probfuscation: An Obfuscation Approach using Probabilistic Control Flows

Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture *

Code Obfuscation 10**2+(2*a+3)%2. When 2018/11/29 Where JSecIn Who Gaetan Ferry Why For fun!

PLT Course Project Demo Spring Chih- Fan Chen Theofilos Petsios Marios Pomonis Adrian Tang

Formal verification of program obfuscations

Software Similarity Analysis. c April 28, 2011 Christian Collberg

Software Protection via Obfuscation

Third year review WP3 overview HW/SW-based methods. Riva del Garda October 2 nd, 2009

Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 7: Tamperproofing II Minsk, Belarus, Spring 2014

Short Notes of CS201

CS201 - Introduction to Programming Glossary By

Intellectual Property Protection using Obfuscation

G Programming Languages - Fall 2012

Verfying the SSH TLP with ProVerif

Android App Protection via Interpretation Obfuscation

VOT4CS: A Virtualization Obfuscation Tool for C#

An On-demand Secure Routing Protocol Resilient to Byzantine Failures. Routing: objective. Communication Vulnerabilities

Obfuscation Omer Paneth

An On-demand Secure Routing Protocol Resilient to Byzantine Failures

CSE 501: Compiler Construction. Course outline. Goals for language implementation. Why study compilers? Models of compilation

Obfuscation Studio Executive

How to (not) Share a Password:

Symbolic Evaluation/Execution

COURSE 20486B: DEVELOPING ASP.NET MVC 4 WEB APPLICATIONS

Data Structures And Algorithms

20486: Developing ASP.NET MVC 4 Web Applications (5 Days)

Delayed and Controlled Failures in Tamper-Resistant Software

Developing ASP.NET MVC 4 Web Applications

20486-Developing ASP.NET MVC 4 Web Applications

How to (not) Share a Password:

Program Vulnerability Analysis Using DBI

CODESSEAL: Compiler/FPGA Approach to Secure Applications

Data Structures Lecture 3 Order Notation and Recursion

Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data

THE POWER AND RISK OF MOBILE. White paper

Lecture 16 Pointer Analysis

Developing ASP.NET MVC 5 Web Applications

CS111: PROGRAMMING LANGUAGE II

Topics in Systems and Program Security

HOST Authentication Overview ECE 525

Supporting Documentation and Evolution of Crosscutting Concerns in Business Processes

Advanced MEIC. (Lesson #18)

Machine-Independent Optimizations

Hint-based Static Analysis for Automatic Program Parallelization. Steve Simon Joseph Fernandez CSCI 5535 University of Colorado, Boulder

Module: Future of Secure Programming

Reading Assignment. Symbolic Evaluation/Execution. Move from Dynamic Analysis to Static Analysis. Move from Dynamic Analysis to Static Analysis

Developing ASP.NET MVC 5 Web Applications. Course Outline

20486 Developing ASP.NET MVC 5 Web Applications

Protecting binaries. Andrew Griffiths

Aegis: Automatic Enforcement of Security Policies in Workflow-driven Web Applications

CSCI-1200 Data Structures Spring 2018 Lecture 7 Order Notation & Basic Recursion

Context-Based Detection of Clone-Related Bugs. Lingxiao Jiang, Zhendong Su, Edwin Chiu University of California at Davis

CS 161 Computer Security

CSE 307: Principles of Programming Languages

On Demand secure routing protocol resilient to Byzantine failures

LL(k) Parsing. Predictive Parsers. LL(k) Parser Structure. Sample Parse Table. LL(1) Parsing Algorithm. Push RHS in Reverse Order 10/17/2012

Alan Bateman Java Platform Group, Oracle November Copyright 2018, Oracle and/or its affiliates. All rights reserved.!1

A Practical Approach to Programming With Assertions

Approximation of the Worst-Case Execution Time Using Structural Analysis. Matteo Corti and Thomas Gross Zürich

Using Exception Handling to Build Opaque Predicates in Intermediate Code Obfuscation Techniques

Java obfuscator: implementation. Re-Trust quarterly meeting Villach, March 11, 2008

Developing ASP.Net MVC 4 Web Application

CS553 Lecture Dynamic Optimizations 2

Introduction to JavaCard Dynamic Logic

Trojan-tolerant Hardware & Supply Chain Security in Practice

The Checker Framework: pluggable static analysis for Java

IA-64 Compiler Technology

Bouncer: Securing Software by Blocking Bad Input

Developing ASP.NET MVC 5 Web Applications

TRUSTSHADOW: SECURE EXECUTION OF UNMODIFIED APPLICATIONS WITH ARM TRUSTZONE Florian Olschewski

Lecture 27. Pros and Cons of Pointers. Basics Design Options Pointer Analysis Algorithms Pointer Analysis Using BDDs Probabilistic Pointer Analysis

Module: Future of Secure Programming

Lecture 20 Pointer Analysis

Under the Compiler's Hood: Supercharge Your PLAYSTATION 3 (PS3 ) Code. Understanding your compiler is the key to success in the gaming world.

Hybrid STT CMOS Designs for Reverse engineering Prevention

A Simple SQL Injection Pattern

University of East London Institutional Repository:

CS 161 Computer Security

A Tree Kernel Based Approach for Clone Detection

Introduction to Programming Languages and Compilers. CS164 11:00-12:30 TT 10 Evans. UPRM ICOM 4029 (Adapted from: Prof. Necula UCB CS 164)

DETERMINISTIC VARIATION FOR ANTI-TAMPER APPLICATIONS

20486C: Developing ASP.NET MVC 5 Web Applications

Sung-Eun Choi and Steve Deitz Cray Inc.

Memory Management: The process by which memory is shared, allocated, and released. Not applicable to cache memory.

Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 24

Complexity, General. Standard approach: count the number of primitive operations executed.

Software security, secure programming

Software Analysis Tools

Simone Campanoni Loop transformations

Automated static deobfuscation in the context of Reverse Engineering

Naming in OOLs and Storage Layout Comp 412

SE352b: Roadmap. SE352b Software Engineering Design Tools. W3: Programming Paradigms

Transcription:

Remote Entrusting by Orthogonal Client Replacement Ceccato Mariano, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University of Trento, Italy Code integrity problem Orthogonal replacement Obfuscation Code splitting Empirical validation Outline 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 2

Remote software trusting Remote software authentication: ensuring a (server) that an un-trusted host (client) is running a healthy version of a program (code integrity) Before delivering any service the server wants to know that the client is executing according to its expectations Un-trusted client Un-trusted client Un-trusted client Un-trusted client Trusted server Un-trusted client 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 3 Attack model Attacker on un-trusted host: Any dynamic/static analysis tool Any software (buggers, emulators, ) Read/write any memory location, register, network message, file. Attacks: Reverse engineer and direct code change. Runtime modification of the memory. Produce (possibly tampered) copies of P that run in parallel. Interception and change of network messages. 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 4 2

Attacker goal Goal: to tamper with the application code without being detected by the server Substantial program understanding effort by a human to understand the inner logic to attack Client Server 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 5 Our approach Periodically replace the client code with a new version Orthogonal (obfuscated) Semantically different CP CP 2 CP 3 CP 0 Client Server 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 6 3

Obfuscation Transforming a program CP into an equivalent one CP that is harder to reverse engineer, while maintaining its semantics. Potency: obscurity added to a program Resilience: how difficult is to automatically de-obfuscate Cost: computation overhead of P CP T T 2 T 3 CP 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 7 Obfuscation!! "!! # " "#! $%&'( $%&'))( '( '!( '"( '!( '"( '"( )*! + #,, -. Layout obfuscation 2. Data obfuscation 3. Control flow obfuscation 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 8 4

Splitting The code of CP i can be split into (C i, S i ) where: C i remains on the client S i runs on the server This process ensures that the code left on the client is orthogonal with respect to the previous clients An expired client can not longer be used (it would not work with the new server) CP i Client C i Server S i 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 9 Orthogonality c CP i p CP j Statement orthogonality c p if: the understanding of the of c the role in CP i does not reveal information about the role of p in CP j Program orthogonality CP i CP j if: they contains only* orthogonal statements *Not possible to transform or move to the server: System calls Library calls Input output operations 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 0 5

Orthogonal client generation CP C,,C i- repeat CP i = RendomTransform (CP) CP = CP i (C i, S i ) = MoveCompToServer(CP i, C,,C i- ) until (C i C ) (C i C i- ) (C i, S i ) 9/06/2008 Remote Entrusting by Orthogonal Client Replacement Transformation repeat CP i = RendomTransform (CP) CP = CP i (C i, S i ) = MoveCompToServer(CP i, C,,C i- ) until (C i C ) (C i C i- ) Pool of semantic preserving transformations from a catalog Propagations of annotations about black statements and performance information The goal is to obstruct code comprehension 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 2 6

Splitting repeat CP i = RendomTransform (CP) CP = CP i (C i, S i ) = MoveCompToServer(CP i, C,,C i- ) until (C i C ) (C i C i- ) Leave on the client: Statement of CP i that are orthogonal to all previous C C i- Invariable part (black) Performance intensive statements 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 3 Acceptance condition repeat CP i = RendomTransform (CP) CP = CP i (C i, S i ) = MoveCompToServer(CP i, C,,C i- ) until (C i C ) (C i C i- ) The new client is orthogonal is not just black statements (performance) Iteration in case the condition is not met 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 4 7

Empirical validation 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 5 Clone based orthogonality Orthogonality from a program comprehension point of view is hard to define and quantify Practical and computable approximation of orthogonality: based on clones Clones Statement orthogonality c p if: the understanding of the of c the role in CP i does not reveal information about the role of p in CP j CP i CP j 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 6 8

Alias based opaque predicates Opaque predicate: conditional expression whose value is known to the obfuscator, but is difficult for an adversary to deduce statically Precise inter-procedural static analysis is intractable 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 7 Aliases : f = = g g! = h Update : updatealias ( ) class A { int f ; int f2 ; void m ( ) { f = ; f2 = f ++; int tmp = f ; tmp = tmp - f ; f = f + f2 ; Alias based opaque predicates class A { if ( g!= h ) { int f ; updatealias( ) ; int f2 ; tmp = f ; void m ( ) { tmp = tmp - f ; int tmp ; updatealias( ) ; if ( f ==g ) { f = f +f2 ; f = ; updatealias( ) ; else { f2 = f ++; f = tmp / f2 ; tmp = f2%59+f2 ; else { updatealias( ) ; updatealias( ) ; tmp = f +f2 / 5 ; f = f2 - tmp ; 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 8 9

Case studies CarRace (on-line game) CP race = 220 loc Chat application CP chat = 0 loc On line applications Written in java (~K loc each) Source code is sensitive to malicious modifications 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 9 Clone size threshold Small threshold Too many iterations of the algorithm exponential grown of the source code Most of the reposted clones are false positives Improvements do not bring more security Large threshold Algorithm is fast Too many false positives Clients contains clones that could leak information to an attacker repeat CP i = RendomTransform (CP) CP = CP i (C i, S i ) = MoveCompToServer(CP i, C,,C i- ) until (C i C ) (C i C i- ) 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 20 0

Clone size threshold Application CarRace ChatClinet Min. clone length Statements Tokens 4 2 28 3 42 4 56 5 70 2 2 24 3 36 4 48 5 60 Clones 23 33 6 0 69 27 5 0 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 2 Generation Performance Application CarRace ChatClient Application lifetime 5 years A replacement every 2 days No. of clients 0 50 00 500 000 0 50 00 500 000 No. of clones 9 2 60 347 7 97 28 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 22

Attacks Opaque predicates could be attacked through dynamic analysis (debugging) Removing branches that are not executed could cause the elimination of useful code We could add predicates that infrequently evaluate to True (False) and if removed cause the application to malfunction 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 23 Future works Clone size threshold estimation requires further investigation Implementation of a full catalog of obfuscations e.g., variable splitting/encoding of the code left on the client Evaluating how long a piece of code can resist before been attacked Correct estimation of the replacement frequency 9/06/2008 Remote Entrusting by Orthogonal Client Replacement 24 2

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback