Abstract
We provide a selective survey on software protection, including approaches to software tamper resistance, obfuscation, software diversity, and white-box cryptography. We review the early literature in the area plus recent activities related to trusted platforms, and discuss challenges and future directions.
Version: 15 July 2003.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic Security for Mobile Code. In: Proc. 2001 IEEE Symposium on Security and Privacy, pp. 2–11 (May 2001)
Anderson, R.: Trusted Computing FAQ – TCPA/Palladium/NGSCB/TCG, http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html
Anderson, R.J., Kuhn, M.G.: Low Cost Attacks on Tamper-Resistant Devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1997)
Arbaugh, W.A., Farber, D.J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: Proc. 1997 IEEE Symp. Security and Privacy, pp. 65–71 (May 1997)
Arbaugh, W.A., Farber, D.J., Keromytis, A.D., Smith, J.M.: Secure and Reliable Bootstrap Architecture, U.S. Patent 6,185,678 (filed October 2 1998; issued February 6 2001)
Aucsmith, D.: Tamper Resistant Software: An Implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1997)
Aucsmith, D., Graunke, G.: Tamper Resistant Methods and Apparatus, U.S. Patent 5,892,899 (filed June 13 1996; issued April 6 1999)
Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G. (eds.): Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall, Englewood Cliffs (2002)
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)
Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997); Revised: Technion - C.S. Dept. - Technical Report CS0910-revised (1997)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Eliminating Errors in Cryptographic Computations. J. Cryptology 14(2), 101–119 (2001)
Chang, H., Atallah, M.: Protecting Software Code by Guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)
Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.: Oblivious Hashing: A Stealthy Software Integrity Verification Primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003)
Chess, D.M.: Security Issues in Mobile Code Systems. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 1–14. Springer, Heidelberg (1998)
Chow, S., Gu, Y., Johnson, H., Zakharov, V.A.: An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 144–155. Springer, Heidelberg (2001)
Nickerson, J.R., Chow, S.T., Johnson, H.J., Gu, Y.: The Encoder Solution to Implementing Tamper Resistant Software. Presented at the CERT/IEEE Information Survivability Workshop, Vancouver (October 2001)
Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: White-Box Cryptography and an AES Implementation. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003)
Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A White-Box DES Implementation for DRM Applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003) (to appear)
Cohen, F.: Operating System Protection Through Program Evolution. Computers and Security 12(6), 565–584 (1993)
Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations., Technical Report 148, Dept. Computer Science, University of Auckland (July 1997)
Collberg, C., Thomborson, C., Low, D.: Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In: Proc. Symp. Principles of Programming Languages (POPL 1998) (January 1998)
Collberg, C., Thomborson, C., Low, D.: Breaking Abstractions and Unstructuring Data Structures. In: IEEE International Conf. Computer Languages (ICCL 1998) (May 1998)
Collberg, C.S., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection. IEEE Trans. Software Engineering 28(6) (June 2002)
Daemen, J., Rijmen, V.: The Design of Rijndael: aes – The Advanced Encryption Standard. Springer, Heidelberg (2001)
ComputerWeekly.com, U.S. Software Security Takes Off, November 8 (2002), http://www.computerweekly.com/Article117316.htm
England, P., DeTreville, J.D., Lampson, B.W.: Digital Rights Management Operating System, U.S. Patent 6,330,670 (filed January 8 1999; issued December 11 2001)
England, P., DeTreville, J.D., Lampson, B.W.: Loading and Identifying a Digital Rights Management Operating System, U.S. Patent 6,327,652 (filed January 8 1999; issued December 4 2001)
Forrest, S., Somayaji, A., Ackley, D.H.: Building Diverse Computer Systems. In: Proc. 6th Workshop on Hot Topics in Operating Systems, pp. 67–72. IEEE Computer Society Press, Los Alamitos (1997)
Garey, M.R., Johnson, D.S.: Computers and Intractability - A Guide to the Theory of NP-Completeness. W.H. Freeman and Company, New York (1979)
Goldreich, O., Ostrovsky, R.: Software Protection and Simulation on Oblivious RAMs. Journal of the ACM 43(3), 431–473 (1996); Based on earlier ideas of Goldreich (STOC 1987) and Ostrovsky (STOC 1990)
Gosler, J.: Software Protection: Myth or Reality? In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 140–157. Springer, Heidelberg (1985)
Gutmann, P.: An Open-source Cryptographic Co-processor. In: Proc, USENIX Security Symposium (2000)
Herzberg, A., Pinter, S.S.: Public protection of software. ACM Trans. Computer Systems 5(4), 371–393 (1987); Earlier version in Crypto 1985
Horne, B., Matheson, L., Sheehan, C., Tarjan, R.: Dynamic Self-Checking Techniques for Improved Tamper Resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 141–159. Springer, Heidelberg (2002)
Jacob, M., Boneh, D., Felton, E.: Attacking an Obfuscated Cipher by Injecting Faults. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 16–31. Springer, Heidelberg (2003) (to appear)
Jakobsson, M., Reiter, M.K.: Discouraging Software Piracy Using Software Aging. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 1–12. Springer, Heidelberg (2002)
Kent, S.: Protecting Externally Supplied Software in Small Computers, Ph.D. thesis, M.I.T. (September 1980)
Kerckhoffs, A.: La Cryptographie Militaire. Journal des Sciences Militaires 9 (February 1883)
Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: Proc. 9th International Conf. Architectural Support for Programming Languages and Operating Systems (November 2000)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Next-Generation Secure Computing Base (formerly Palladium), Microsoft web site, http://www.microsoft.com/resources/ngscb/default.mspx
Next-Generation Secure Computing Base - Technical FAQ, Microsoft web site, http://www.microsoft.com/technet/security/news/NGSCB.asp
Ogiso, T., Sakabe, U., Soshi, M., Miyaji, A.: Software Tamper Resistance Based on the Difficulty of Interprocedural Analysis. In: 3rd Workshop on Information Security Applications (WISA 2002), Korea (August 2002)
Petitcolas, F., Anderson, R.J., Kuhn, M.G.: Information Hiding – A Survey. Proc. of the IEEE (Special Issue on Protection of Multimedia Content) 87(7), 1062–1078 (1999)
Sander, T., Tschudin, C.F.: Towards Mobile Cryptography. In: Proc. 1998 IEEE Symposium on Security and Privacy, pp. 215–224 (1998)
Sander, T., Tschudin, C.F.: Protecting Mobile Agents Against Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 44–60. Springer, Heidelberg (1998)
Schneider, F. (ed.): Trust in Cyberspace, report of the Committee on Information Systems Trustworthiness, Computer Science and Telecommunications Board (U.S.) National Research Council. National Academy Press (1999)
Trusted Computing Group, http://www.trustedcomputinggroup.org/home
van Someren, N., Shamir, A.: Playing Hide and Seek with Keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)
Wang, J.: Average-Case Computational Complexity Theory. In: Hemaspaandra, L., Selman, A. (eds.) Complexity Theory Retrospective II, pp. 295–328. Springer, Heidelberg (1997)
Wang, C., Hill, J., Knight, J., Davidson, J.: Software Tamper Resistance: Obstructing Static Analysis of Programs., Dept. of Computer Science, Univ. of Virginia, Tech. Report CS-2000-12, Updated in [52] (May 2000)
Wang, C.: A Security Architecture for Survivability Mechanisms, Ph.D. thesis, University of Virginia (October 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
van Oorschot, P.C. (2003). Revisiting Software Protection. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_1
Download citation
DOI: https://doi.org/10.1007/10958513_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive