Harden Tamper-Proofing to Combat MATE Attack

  • Zhe Chen
  • Chunfu JiaEmail author
  • Tongtong Lv
  • Tong Li
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11337)


The malicious modification on software is a major threat on software copyright. As a common protection method, tamper-proofing can detect and respond the malicious modification. However, existing works consider less about the security of tamper-proofing itself. When launching MATE (Man-At-The-End) attacks based on reverse engineering to the software equipped with embedded tamper-proofing, adversary is enabled to obtain all privileges to the execution code and device configure, which lead tamper proofing being attacked. In this paper, we design a novel tamper-proofing scheme to ensure the code integrity. Different from previous works, our tamper-proofing technique has executed in an isolated zone, Intel SGX (Software Guard Extension) enclave instances, such that the MATE attacks cannot compromise the tamper-proofing functions. Moreover, our scheme performs considerably high execution efficiency since it only introduces the constant extra cost of time and space. We deploy our work on SPECint-2006 benchmark suit. The experimental results demonstrate our scheme is light-weight for computation and storage.


Tamper proofing Trusted execution Software Guard Extension 


  1. 1.
    Business Software Alliance: BSA global software survey (2016).
  2. 2.
    Akhunzada, A., et al.: Man-at-the-end attacks: analysis, taxonomy, human aspects, motivation and future directions. J. Netw. Comput. Appl. 48, 44–57 (2015)CrossRefGoogle Scholar
  3. 3.
    Collberg, C., Thomborson, C.: Software watermarking: models and dynamic embeddings. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 311–324. ACM (1999)Google Scholar
  4. 4.
    Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education (2009)Google Scholar
  5. 5.
    Arnautov, S., et al.: Scone: secure Linux containers with Intel SGX. In: USENIX Symposium on Operating Systems Design and Implementation, vol. 16, pp. 689–703. USENIX Association (2016)Google Scholar
  6. 6.
    Baumann, A., Peinado, M., Hunt, G.: Shielding applications from an untrusted cloud with haven. ACM Trans. Comput. Syst. 33(3), 1–26 (2014)CrossRefGoogle Scholar
  7. 7.
    Tsai, C., Porter, D.E., Vij, M.: Graphene-SGX: a practical library OS for unmodified applications on SGX. In: 2017 USENIX Annual Technical Conference (USENIX ATC 2017), pp. 645–658. USENIX Association (2017)Google Scholar
  8. 8.
    Jain, R., Trivedi, M.C., Tiwari, S.: Digital audio watermarking: a survey. In: Bhatia, S.K., Mishra, K.K., Tiwari, S., Singh, V.K. (eds.) Advances in Computer and Computational Sciences. AISC, vol. 554, pp. 433–443. Springer, Singapore (2018). Scholar
  9. 9.
    Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.H.: Oblivious hashing: a stealthy software integrity verification primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003). Scholar
  10. 10.
    Chen, H.Y., Hou, T.W., Lin, C.L.: Tamper-proofing basis path by using oblivious hashing on Java. ACM Sigplan Not. 42(2), 9–16 (2007)CrossRefGoogle Scholar
  11. 11.
    Jacob, M., Jakubowski, M.H., Venkatesan, R.: Towards integral binary execution: implementing oblivious hashing using overlapped instruction encodings. In: Proceedings of the 9th workshop on Multimedia & security, pp. 129–140. ACM (2007)Google Scholar
  12. 12.
    Tan, G., Chen, Y., Jakubowski, M.H.: Delayed and controlled failures in tamper-resistant software. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 216–231. Springer, Heidelberg (2007). Scholar
  13. 13.
    Chen, Z., Wang, Z., Jia, C.: Semantic-integrated software watermarking with tamper-proofing. Multimed. Tools Appl. 77(9), 11159–11178 (2018)CrossRefGoogle Scholar
  14. 14.
    Cappaert, J., Preneel, B., Anckaert, B., Madou, M., De Bosschere, K.: Towards tamper resistant code encryption: practice and experience. In: Chen, L., Mu, Y., Susilo, W. (eds.) ISPEC 2008. LNCS, vol. 4991, pp. 86–100. Springer, Heidelberg (2008). Scholar
  15. 15.
    Sharif, M.I., Lanzi, A., Giffin, J.T., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: The Network and Distributed System Security Symposium. ISOC (2008)Google Scholar
  16. 16.
    Ren, C., Chen, K., Liu, P.: Droidmarking: resilient software watermarking for impeding android application repackaging. In: Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering, pp. 635–646. ACM (2014)Google Scholar
  17. 17.
    Intel software guard extensions.
  18. 18.
    Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptology ePrint Archive 2016, 86 (2016)Google Scholar
  19. 19.
    Tian, H., Zhang, Y., Xing, C., Yan, S.: SGXKernel: a library operating system optimized for Intel SGX. In: Computing Frontiers Conference, pp. 35–44. ACM (2017)Google Scholar
  20. 20.
    Wang, S.,Wang, W., Bao, Q.,Wang, P.,Wang, X.,Wu, D.: Binary code retrofitting and hardening using SGX. In: Proceedings of the 2017 Workshop on Forming an Ecosystem Around Software Transformation, pp. 43–49. ACM (2017)Google Scholar
  21. 21.
    Schuster, F., et al.: VC3: trustworthy data analytics in the cloud using SGX. In: IEEE Symposium on Security and Privacy, pp. 38–54. IEEE (2015)Google Scholar
  22. 22.
    Ohrimenko, O., et al.: Oblivious multi-party machine learning on trusted processors. In: USENIX Security Symposium, pp. 619–636. USENIX Association (2016)Google Scholar
  23. 23.
    Kim, S.M., Han, J., Ha, J., Kim, T., Han, D.: Enhancing security and privacy of Tor’s ecosystem by using trusted execution environments. In: 14th USENIX Symposium on Networked Systems Design and Implementation, pp. 145–161. USENIX Association (2017)Google Scholar
  24. 24.
    Hunt, T., Zhu, Z., Xu, Y., Peter, S., Witchel, E.: Ryoan: a distributed sandbox for untrusted computation on secret data. In: USENIX Conference on Operating Systems Design and Implementation, pp. 533–549. USENIX Association (2016)Google Scholar
  25. 25.
    Kobza, J.E., Jacobson, S.H., Vaughan, D.E.: A survey of the coupon collectors problem with random sample sizes. Methodol. Comput. Appl. Probab. 9(4), 573–584 (2007)MathSciNetCrossRefGoogle Scholar
  26. 26.
    Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. In: Polychronakis, M., Meier, M. (eds.) DIMVA 2017. LNCS, vol. 10327, pp. 3–24. Springer, Cham (2017). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.College of ComputerNankai UniversityTianjinChina
  2. 2.Information Security Evaluation Center of Civil AviationCivil Aviation University of ChinaTianjinChina
  3. 3.Key Laboratory on High Trusted Information System in Hebei ProvinceBaodingChina
  4. 4.School of Computer ScienceGuangzhou UniversityGuangzhouChina

Personalised recommendations