Advertisement

Software Integrity Checking Expressions (ICEs) for Robust Tamper Detection

  • Mariusz Jakubowski
  • Prasad Naldurg
  • Vijay Patankar
  • Ramarathnam Venkatesan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4567)

Abstract

We introduce software integrity checking expressions (SoftICEs), which are program predicates that can be used in software tamper detection. We present two candidates, probabilistic verification conditions (PVCs) and Fourier-learning approximations (FLAs), which can be computed for certain classes of programs,. We show that these predicates hold for any valid execution of the program, and fail with some probability for any invalid execution (e.g., when the output value of one of the variables is tampered). PVCs work with straight-line integer programs that have operations { ∗ , + , − }. We also sketch how we can extend this class to include branches and loops. FLAs can work over programs with arbitrary operations, but have some limitations in terms of efficiency, code size, and ability to handle various classes of functions. We describe a few applications of this technique, such as program integrity checking, program or client identification, and tamper detection. As a generalization of oblivious hashing (OH), our approach resolves several troublesome issues that complicate practical application of OH towards tamper-resistance.

Keywords

Polynomial Ring Basis Polynomial Code Fragment Provable Security Program Fragment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Cousot, P., Cousot, R.: Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fix points. In: 4th Annual ACM Symposium on Principles of Programming Languages, pp. 234–252 (1977)Google Scholar
  2. 2.
    Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K.: Automatic Predicate Abstraction of C Programs. PLDI 2001, SIGPLAN Notices 36(5), 203–213 (2001)CrossRefGoogle Scholar
  3. 3.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Software Verification with Blast. In: Ball, T., Rajamani, S.K. (eds.) Model Checking Software. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Schwartz, J.T.: Fast probabilistic algorithms for verification of polynomial identities. JACM 27(4), 701–717 (1980)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Necula, G.C.: Proof Carrying Code. In: 24th Annual ACM Symposium on Principles of Programming Languages, ACM Press, New York (1997)Google Scholar
  6. 6.
    Gulwani, S., Necula, G.C.: Discovering affine equalities using random interpretation. In: 30th Annual ACM Symposium on Principles of Programming Languages, pp. 74–84 (January 2003)Google Scholar
  7. 7.
    Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, Springer, Heidelberg (2001)Google Scholar
  8. 8.
    Kalai, Y.T., Goldwasser, S.: On the Impossibility of Obfuscation with Auxiliary Inputs. In: Proc. 46th IEEE Symposium on Foundations of Computer Science (FOCS 2005) (2005)Google Scholar
  9. 9.
    Lynn, B., Prabhakaran, M., Sahai, A.: Positive Results and Techniques for Obfuscation. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.: Oblivious hashing: a stealthy software integrity verification primitive. In: Proceedings of the 5th International Workshop on Information Hiding, pp. 400–414 (2002)Google Scholar
  11. 11.
    Shamir, A.: IP = PSPACE. Journal of the ACM 39(4), 869–877 (1992)MathSciNetCrossRefGoogle Scholar
  12. 12.
    Jacobson, N.: Basic Algebra I. W H Freeman and Co., New York (1985)zbMATHGoogle Scholar
  13. 13.
    Mansour, Y.: Learning boolean functions via the Fourier transform. In: Roychowdhury, V., Siu, K.-Y., Orlitsky, A. (eds.) Theoretical Advances in Neural Computation and Learning, Kluwer Academic Publishers, Dordrecht (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Mariusz Jakubowski
    • 1
  • Prasad Naldurg
    • 2
  • Vijay Patankar
    • 2
  • Ramarathnam Venkatesan
    • 3
  1. 1.Microsoft Research RedmondUSA
  2. 2.Microsoft ResearchIndia
  3. 3.Microsoft Research Redmond and Microsoft ResearchIndia

Personalised recommendations