Oblivious Hashing: A Stealthy Software Integrity Verification Primitive
We describe a novel software verification primitive called Oblivious Hashing. Unlike previous techniques that mainly verify the static shape of code, this primitive allows implicit computation of a hash value based on the actual execution (i.e., space-time history of computation) of the code. We also discuss its applications in local software tamper resistance and remote code authentication.
Unable to display preview. Download preview PDF.
- D. Aucsmith, □Tamper Resistant Software: An Implementation,□ in Proceedings of the First International Workshop on Information Hiding, May 1996.Google Scholar
- M. Blum and S. Kannan, “Designing Programs That Check Their Work,□ in Proceedings of ACM Symposium on Theory of Computing, pgs 86–97, 1989.Google Scholar
- C. Collberg, C. Thomborson and D. Low, □Breaking Abstractions and Unstructuring Data Structures,□ in Proceedings of IEEE International Conference on Computer Languages, ICCL’98, May 1998.Google Scholar
- C. Collberg, C. Thomborson and D. Low, “Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs”, in Proceedings of Symposium on Principles of Programming Languages, pp. 184–196, 1998.Google Scholar
- C. Collberg and C. Thomborson, □Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection.□Google Scholar
- F. Ergun, S. Kannan, S. R. Kumar, R. Rubinfeld and M. Viswanathan, □Spot-Checkers,□ in Proceedings of ACM Symposium on Theory of Computing, pgs 259–268, 1998.Google Scholar
- G. Hunt and D. Brubacher, □Detours: Binary Interception of Win32 Functions,□ in Proceedings of the 3rd USENIX Windows NT Symposium, pgs 135–143, July 1999.Google Scholar
- R. Venkatesan, V. Vazirani, and S. Sinha, □A Graph Theoretic Approach to Software Watermarking,□ in Proceedings of the Fourth International Workshop on Information Hiding, April 2001.Google Scholar
- C. Wang, J. Hill, J. Knight and J. Davidson, □Software Tamper Resistance: Obstructing Static Analysis of Programs,□ Technical Report CS-2000-12, University of Virginia, December 2000.Google Scholar
- B. Horne, L. Matheson, C. Sheehan and R. Tarjan, □Dynamic Self-Checking Techniques for Improved Tamper Resistance,□ in Proceedings of the Workshop on Security and Privacy in Digital Rights Management, November 2001.Google Scholar
- H. Chang and M. Atallah, □Protecting Software Code by Guards,□ in Proceedings of the Workshop on Security and Privacy in Digital Rights Management, November 2001.Google Scholar
- F. Monrose, P. Wyckoff, and A. Rubin, □Distributed Execution with Remote Audit,□ in Proceedings of the ISOC Network and Distributed System Security (NDSS) Symposium, February 1999.Google Scholar
- B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan and K. Yang, □On the (impossibility) of Obfuscating Programs,□ Advances in Cryptology-CRYPTO’ 01, vol. 2139 of Springer-Verlag Lecture Notes in Computer Science, pp. 1–18, August 19-23, 2001.Google Scholar
- D. Knuth, □The Art of Computer Programming, Volume 2, Seminumerical Algorithms,□ Addison-Wesley Publishing Company, Inc., 1973.Google Scholar
- Menezes, P. van Oorschot and S. Vanstone, □Handbook of Applied Cryptography,□ CRC Press, 1997.Google Scholar
- SoftICE debugger, Compuware Corporation, http://www.compuware.com.