Automated Software Engineering

, Volume 16, Issue 2, pp 235–261 | Cite as

Trading-off security and performance in barrier slicing for remote software entrusting

  • Mariano Ceccato
  • Mila Dalla Preda
  • Jasvir Nagra
  • Christian Collberg
  • Paolo Tonella


Network applications often require that a trust relationship is established between a trusted host (e.g., the server) and an untrusted host (e.g., the client). The remote entrusting problem is the problem of ensuring the trusted host that whenever a request from an untrusted host is served, the requester is in a genuine state, unaffected by malicious modifications or attacks.

Barrier slicing helps solve the remote entrusting problem. The computation of the sensitive client state is sliced and moved to the server, where it is not possible to tamper with it. However, this solution might involve unacceptable computation and communication costs for the server, especially when the slice to be moved is large. In this paper, we investigate the trade-off between security loss and performance overhead associated with moving only a portion of the barrier slice to the server and we show that this trade-off can be reduced to a multi-objective optimization problem. We describe how to make decisions in practice with reference to a case study, for which we show how to choose among the alternative options.


Program slicing Security Source code transformation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Carroll, A., Juarez, M., Polk, J., Leininger, T.: Microsoft “Palladium”: a business overview. Microsoft Content Security Business Unit, August 2002 Google Scholar
  2. Ceccato, M., Dalla Preda, M., Nagra, J., Collberg, C., Tonella, P.: Barrier slicing for remote software trusting. In: Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007), Paris, France, pp. 1–10 (2007) Google Scholar
  3. Collette, Y., Siarry, P.: Multiobjective Optimization: Principles and Case Studies. Springer, Berlin (2004) MATHGoogle Scholar
  4. Defense, D.: Trusted computer security evaluation criteria. Washington, DC DOD 5200.28-STD (1985) Google Scholar
  5. Dorigo, M., Gambardella, L.M.: Ant colony system: a cooperative learning approach to the traveling salesman problem. IEEE Trans. Evol. Comput. 1(1), 53–66 (1997) CrossRefGoogle Scholar
  6. Goldberg, D.E.: Genetic Algorithms in Search, Optimization and Machine Learning. Kluwer Academic, Boston (1989) MATHGoogle Scholar
  7. Kennell, R., Jamieson, L.H.: Establishing the genuinity of remote computer systems. In: Proceedings of 12th USENIX Security Symposium (2003) Google Scholar
  8. Kirkpatrick, S., Gelatt, C.D., Vecchi, M.P.: Optimization by simulated annealing. Science 220(4598), 671–680 (1983) CrossRefMathSciNetGoogle Scholar
  9. Krinke, J.: Barrier slicing and chopping. In: Proceedings Third IEEE International Workshop on Source Code Analysis and Manipulation, pp. 81–87 (2003) Google Scholar
  10. Krinke, J.: Slicing, chopping, and path conditions with barriers. Softw. Qual. J. 12(4), 339–360 (2004) CrossRefGoogle Scholar
  11. Lampson, B., Abadi, M., Burrows, M., Wobber, E.: Authentication in distributed systems: theory and practice. ACM Trans. Comput. Syst. 10(4), 265–310 (1992) CrossRefGoogle Scholar
  12. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture, pp. 223–238 (2004) Google Scholar
  13. Seshadri, A., Perrig, A., van Doorn, L., Khosla, P.K.: SWATT: software-based attestation for embedded devices. In: IEEE Symposium on Security and Privacy, pp. 272–283 (2004) Google Scholar
  14. Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P.K.: Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. In: Proceedings of the 20th ACM Symposium on Operating Systems Principles (SOSP), Brighton, UK, October 23–26, pp. 1–16 (2005) Google Scholar
  15. Tovey, C.A.: Hill climbing with multiple local optima. SIAM J. Matrix Anal. Appl. 6(3), 384–393 (1985) MATHMathSciNetGoogle Scholar
  16. Umesh Shankar, M.C., Tygar, J.D.: Side effects are not sufficient to authenticate software. Technical Report UCB/CSD-04-1363, EECS Department, University of California, Berkeley (2004) Google Scholar
  17. van Oorschot, P., Somayaji, A., Wurster, G.: Hardware-assisted circumvention of self-hashing software tamper resistance. IEEE Trans. Dependable Secure Comput. 2(2), 82–92 (2005) CrossRefGoogle Scholar
  18. Weiser, M.D.: Program slices: formal, psychological, and practical investigations of an automatic program abstraction method. PhD dissertation, The University of Michigan, Ann Arbor (1979) Google Scholar
  19. Zhang, X., Gupta, R.: Hiding program slices for software security. In: CGO ’03: Proceedings of the International Symposium on Code Generation and Optimization, Washington, DC, USA, pp. 325–336 (2003) Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • Mariano Ceccato
    • 1
  • Mila Dalla Preda
    • 2
  • Jasvir Nagra
    • 2
  • Christian Collberg
    • 3
  • Paolo Tonella
    • 1
  1. 1.Fondazione Bruno KesslerTrentoItaly
  2. 2.University of TrentoTrentoItaly
  3. 3.University of ArizonaTucsonUSA

Personalised recommendations