Oblivious Hashing: A Stealthy Software Integrity Verification Primitive

  • Yuqun Chen
  • Ramarathnam Venkatesan
  • Matthew Cary
  • Ruoming Pang
  • Saurabh Sinha
  • Mariusz H. Jakubowski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2578)

Abstract

We describe a novel software verification primitive called Oblivious Hashing. Unlike previous techniques that mainly verify the static shape of code, this primitive allows implicit computation of a hash value based on the actual execution (i.e., space-time history of computation) of the code. We also discuss its applications in local software tamper resistance and remote code authentication.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    D. Aucsmith, □Tamper Resistant Software: An Implementation,□ in Proceedings of the First International Workshop on Information Hiding, May 1996.Google Scholar
  2. [2]
    M. Blum and S. Kannan, “Designing Programs That Check Their Work,□ in Proceedings of ACM Symposium on Theory of Computing, pgs 86–97, 1989.Google Scholar
  3. [3]
    C. Collberg, C. Thomborson and D. Low, □Breaking Abstractions and Unstructuring Data Structures,□ in Proceedings of IEEE International Conference on Computer Languages, ICCL’98, May 1998.Google Scholar
  4. [4]
    C. Collberg, C. Thomborson and D. Low, “Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs”, in Proceedings of Symposium on Principles of Programming Languages, pp. 184–196, 1998.Google Scholar
  5. [5]
    C. Collberg and C. Thomborson, □Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection.□Google Scholar
  6. [7]
    F. Ergun, S. Kannan, S. R. Kumar, R. Rubinfeld and M. Viswanathan, □Spot-Checkers,□ in Proceedings of ACM Symposium on Theory of Computing, pgs 259–268, 1998.Google Scholar
  7. [8]
    F. Ergun, S. R. Kumar and D. Sivakumar, □Self-Testing Without the Generator Bottleneck,□ SIAM Journal of Computing, vol. 29, no. 5, pgs 1630–1651, 2000.CrossRefMathSciNetGoogle Scholar
  8. [9]
    G. Hunt and D. Brubacher, □Detours: Binary Interception of Win32 Functions,□ in Proceedings of the 3rd USENIX Windows NT Symposium, pgs 135–143, July 1999.Google Scholar
  9. [11]
    R. Venkatesan, V. Vazirani, and S. Sinha, □A Graph Theoretic Approach to Software Watermarking,□ in Proceedings of the Fourth International Workshop on Information Hiding, April 2001.Google Scholar
  10. [12]
    C. Wang, J. Hill, J. Knight and J. Davidson, □Software Tamper Resistance: Obstructing Static Analysis of Programs,□ Technical Report CS-2000-12, University of Virginia, December 2000.Google Scholar
  11. [13]
    H. Wasserman and M. Blum, □Software Reliability via Run-Time Result-Checking,□ Journal of ACM, vol. 44, no. 6, pgs 826–849, 1997.MATHCrossRefMathSciNetGoogle Scholar
  12. [14]
    B. Horne, L. Matheson, C. Sheehan and R. Tarjan, □Dynamic Self-Checking Techniques for Improved Tamper Resistance,□ in Proceedings of the Workshop on Security and Privacy in Digital Rights Management, November 2001.Google Scholar
  13. [15]
    H. Chang and M. Atallah, □Protecting Software Code by Guards,□ in Proceedings of the Workshop on Security and Privacy in Digital Rights Management, November 2001.Google Scholar
  14. [16]
    F. Monrose, P. Wyckoff, and A. Rubin, □Distributed Execution with Remote Audit,□ in Proceedings of the ISOC Network and Distributed System Security (NDSS) Symposium, February 1999.Google Scholar
  15. [17]
    B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan and K. Yang, □On the (impossibility) of Obfuscating Programs,□ Advances in Cryptology-CRYPTO’ 01, vol. 2139 of Springer-Verlag Lecture Notes in Computer Science, pp. 1–18, August 19-23, 2001.Google Scholar
  16. [18]
    D. Knuth, □The Art of Computer Programming, Volume 2, Seminumerical Algorithms,□ Addison-Wesley Publishing Company, Inc., 1973.Google Scholar
  17. [19]
    Menezes, P. van Oorschot and S. Vanstone, □Handbook of Applied Cryptography,□ CRC Press, 1997.Google Scholar
  18. [20]
    SoftICE debugger, Compuware Corporation, http://www.compuware.com.

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Yuqun Chen
    • 1
  • Ramarathnam Venkatesan
    • 1
  • Matthew Cary
    • 2
  • Ruoming Pang
    • 3
  • Saurabh Sinha
    • 2
  • Mariusz H. Jakubowski
    • 1
  1. 1.Microsoft ResearchOne Microsoft WayRedmond
  2. 2.University of WashingtonSeattle
  3. 3.Princeton UniversityPrinceton

Personalised recommendations