Software Tamper Resistance Through Dynamic Program Monitoring
This paper describes a two instruction-stream (two-process) model for tamper resistance. One process (Monitor process, M-Process) is designed explicitly to monitor the control flow of the main program process (P-Process). The compilation phase compiles the software into two co-processes: P-process and M-process. The monitor process contains the control flow consistency conditions for the P-process. The P-process sends information on its instantiated control flow at a compiler specified fixed period to the M-process. If there is a violation of the control flow conditions captured within the M-process, the M-process takes an anti-tamper action such as termination of the P-process. By its very design, the monitor process is expected to be compact. Hence, we can afford to protect the M-process with a more expensive technique, a variant of Aucsmith’s scheme. This scheme has been implemented with the Gnu C compiler gcc. There are several other monitoring, obfuscation, and dynamic decryption techniques that are embedded in this system. We quantify the performance overhead of the scheme for a variety of programs. The performance of such an anti-tamper schema can be significantly improved by leveraging a decoupled processor architecture to support the decoupled M- and P- processes. We describe one instance of such a two-stream decoupled architecture that can make the scheme more robust and efficient.
KeywordsHash Function Basic Block Cache Size Control Flow Graph Assembly Code
Unable to display preview. Download preview PDF.
- 1.Aucsmith, D.: Tamper Resistant Software: An Implementation. In: Proceedings of the First International Workshop on Information Hiding (1996)Google Scholar
- 2.Collberg, C., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation - tools for software protection (2000)Google Scholar
- 3.Jun, G.: Software Obfuscation with Program Permutation. M.S. Thesis, Dept. of Computer Science, Iowa State University, Ames, IA (2004)Google Scholar
- 4.Goloubeva, O., Rebaudengo, M., Sonza Reorda, M., Violante, M.: Soft-error Detection Using Control Flow Assertions. Politecnico di Torino, Dipartimento di Automatica e Informatica, Torino, Italy (2003)Google Scholar
- 5.Horne, B., Matheson, L., Sheehan, C., Tarjan, R.: Dynamic Self-Checking Techniques for Improved Tamper Resistance. In: ACM Workshop on Security and Privacy in Digital Rights Management (2002)Google Scholar
- 6.Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural support for copy and tamper resistant software (2000)Google Scholar
- 7.Linn, C., Debray, S., Kececioglu, J.: Enhancing Software Tamper-Resistance via Stealthy Address Computations. In: Proceedings of 19th Annual Computer Security Applications Conference (ACSAC 2003) (Decemeber 2003)Google Scholar
- 9.Necula, G.C.: Proof-carrying code. In: Conference Record of POPL 1997: The 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Paris, France, pp. 106–119 (1997)Google Scholar
- 10.Tyagi, A.: Branch Decoupled Architectures. In: Proc. of Workshop on Interaction between Compilers and Computer Architectures at 3rd Int’l Symp. on High-Performance Computer Architecture (February 1997)Google Scholar
- 11.Venkatesan, R., Vazirani, V.V., Sinha, S.: A graph theoretic approach to software watermarking. In: Information Hiding, pp. 157–168 (2001)Google Scholar
- 12.Wang, C., Hill, J., Knight, J., Davidson, J.: Software Tamper Resistance: Obstructing Static analysis of Programs. Technical Report CS2000-12, Department of Computer Science, University of Virginia (2000)Google Scholar