Abstract
We introduce a novel copy-protection method for industrial control software. With our method, a program executes correctly only on its target hardware and behaves differently on other machines. The hardware-software binding is based on Physically Unclonable Functions (PUFs). We use symbolic execution to guarantee the preservation of safety properties if the software is executed on a different machine, or if there is a problem with the PUF response. Moreover, we show that the protection method is also secure against reverse engineering.
The research reported in this paper has been funded by BMK, BMDW, and the State of Upper Austria in the frame of the COMET Module Dependable Production Environments with Software Security (DEPS) within the COMET - Competence Centers for Excellent Technologies Programme managed by Austrian Research Promotion Agency FFG.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
VDMA Product Piracy 2022 (https://www.vdma.org/documents/34570/51629660/VDMA+Study+Product+Piracy+2022_final.pdf). Last accessed: 30/01/2023.
- 2.
References
Ahmed, M., Safar, M.: Symbolic execution based verification of compliance with the ISO 26262 functional safety standard. In: DTIS 2019 (2019)
Anagnostopoulos, N.A., et al.: Intrinsic run-time Row Hammer PUFs: leveraging the row hammer effect for run-time cryptography and improved security. Cryptography 2(3), 13 (2018)
Börger, E.: The role of executable abstract programs in software development and documentation. CoRR arXiv:2209.06546 (2022)
Börger, E., Raschke, A.: Modeling Companion for Software Practitioners. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-56641-1
Börger, E., Stärk, R.: Abstract State Machines. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-642-18216-7
Gassend, B. et al.: Silicon physical random functions. In: CCS 2002 (2002)
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_5
Herder, C., et al.: Physical unclonable functions and applications: a tutorial. Proc. IEEE 102(8), 1126–1141 (2014)
Keller, C., et al.: Dynamic memory-based physically unclonable function for the generation of unique identifiers and true random numbers. In: ISCAS 2014 (2014)
Kim, J.S., et al.: The DRAM latency PUF. In: HPCA 2018. IEEE (2018)
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976)
Kohnhäuser, F., Schaller, A., Katzenbeisser, S.: PUF-based software protection for low-end embedded devices. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 3–21. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22846-4_1
Kumar, S.S. et al.: The butterfly PUF protecting IP on every FPGA. In: HOST 2008. IEEE (2008)
McGrath, T. et al.: A PUF taxonomy. Appl. Phys. Rev. 6(1), 011303 (2019)
Pasareanu, C.S.: Symbolic Execution and Quantitative Reasoning: Applications to Software Safety and Security. Morgan & Claypool Publishers (2020)
Paun, V.A., Monsuez, B., Baufreton, P.: Integration of symbolic execution into a formal abstract state machines based language. IFAC-PapersOnLine 50(1), 11251–11256 (2017)
Schaller, A., et al.: Intrinsic Rowhammer PUFs: leveraging the Rowhammer effect for improved security. In: HOST 2017. IEEE (2017)
Sutar, S., Raha, A., Raghunathan, V.: D-PUF: an intrinsically reconfigurable DRAM PUF for device authentication in embedded systems. In: CASES 2016 (2016)
Xiong, W., et al.: Run-time accessible DRAM PUFs in commodity devices. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 432–453. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_21
Xiong, W. et al.: Software protection using dynamic PUFs. IEEE Trans. Inf. Forensics Secur. 15, 2053–2068 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Dorfmeister, D., Ferrarotti, F., Fischer, B., Haslinger, E., Ramler, R., Zimmermann, M. (2023). An Approach for Safe and Secure Software Protection Supported by Symbolic Execution. In: Kotsis, G., et al. Database and Expert Systems Applications - DEXA 2023 Workshops. DEXA 2023. Communications in Computer and Information Science, vol 1872. Springer, Cham. https://doi.org/10.1007/978-3-031-39689-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-39689-2_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-39688-5
Online ISBN: 978-3-031-39689-2
eBook Packages: Computer ScienceComputer Science (R0)