Towards Tamper Resistant Code Encryption: Practice and Experience

Cappaert, Jan; Preneel, Bart; Anckaert, Bertrand; Madou, Matias; Bosschere, Koen De

doi:10.1007/978-3-540-79104-1_7

“…The code can be decrypted by hardware (i.e., a secure co-processor) [56], which can add substantially to the costs. Software decryption is less expensive solution [9], but is vulnerable to dynamic analysis.…”

Section: Related Workmentioning

confidence: 99%

Replacement attacks against VM-protected applications

Ghosh

¹

,

Hiser

²

,

Davidson

³

2012

Proceedings of the 8th ACM SIGPLAN/SIGOPS Conference on Virtual Execution Environments

View full text Add to dashboard Cite

Process-level virtualization is increasingly being used to enhance the security of software applications from reverse engineering and unauthorized modification (called software protection). Processlevel virtual machines (PVMs) can safeguard the application code at run time and hamper the adversary's ability to launch dynamic attacks on the application. This dynamic protection, combined with its flexibility, ease in handling legacy systems and low performance overhead, has made process-level virtualization a popular approach for providing software protection. While there has been much research on using process-level virtualization to provide such protection, there has been less research on attacks against PVM-protected software. In this paper, we describe an attack on applications protected using process-level virtualization, called a replacement attack. In a replacement attack, the adversary replaces the protecting PVM with an attack VM thereby rendering the application vulnerable to analysis and modification. We present a general description of the replacement attack methodology and two attack implementations against a protected application using freely available tools. The generality and simplicity of replacement attacks demonstrates that there is a strong need to develop techniques that meld applications more tightly to the protecting PVM to prevent such attacks.

show abstract

“…Cappaert [8] improved this idea and proposed a new tamper-proof scheme based on cryptography. A part of code is encrypted, and the left parts are used to get the key.…”

Section: Related Workmentioning

confidence: 99%

The Research on Attack Threat Sensing based on qSoftware Security Sensorq

Zhao¹,

Liu²,

Fang³

et al. 2013

Proceedings of the 2nd International Conference on Advances in Computer Science and Engineering

0

View full text Add to dashboard Cite

Abstract-Aim at the different attack threats the running software faced with during reversing, a method of sensing attack threats based on "software security sensor "is proposed in this paper. And the instance has demonstrated that the method is effective and feasible. Drawing lessons from the thought of physical sensors, the code snippet which is used to sense the attack threats is called "software security sensor", SwSensor for short. Firstly, the attack threats and their features are analyzed; then the design of the corresponding SwSensors and the delimiting of sensed areas is discussed in detail; finally, the layout model based on the multi-level gateway in physical sensor network is described.

show abstract

“…These constructs are utilized in obfuscating control-flow information. Code encryption is another useful technique against static analysis [9]. Figure 2 illustrates the creation of the virtualized application which is protected by such techniques.…”

Section: Software Protection Modelmentioning

confidence: 99%

“…Because the encrypted code cannot be run directly on commodity processors, the software decryption of the application code becomes a point of vulnerability. For example, schemes which decrypt the application in bulk are susceptible to dynamic analysis techniques [5], whereas decryption at a lower granularity (e.g., functions) can suffer from high overhead [9,29]. In contrast, executing encrypted applications under the control of a PVM has been shown to have a better performance-security tradeoff [27].…”

Section: Introductionmentioning

confidence: 99%

Replacement attacks against VM-protected applications

Ghosh

¹

,

Hiser

²

,

Davidson

³

2012

View full text Add to dashboard Cite

Process-level virtualization is increasingly being used to enhance the security of software applications from reverse engineering and unauthorized modification (called software protection). Processlevel virtual machines (PVMs) can safeguard the application code at run time and hamper the adversary's ability to launch dynamic attacks on the application. This dynamic protection, combined with its flexibility, ease in handling legacy systems and low performance overhead, has made process-level virtualization a popular approach for providing software protection. While there has been much research on using process-level virtualization to provide such protection, there has been less research on attacks against PVM-protected software. In this paper, we describe an attack on applications protected using process-level virtualization, called a replacement attack. In a replacement attack, the adversary replaces the protecting PVM with an attack VM thereby rendering the application vulnerable to analysis and modification. We present a general description of the replacement attack methodology and two attack implementations against a protected application using freely available tools. The generality and simplicity of replacement attacks demonstrates that there is a strong need to develop techniques that meld applications more tightly to the protecting PVM to prevent such attacks.

show abstract

Towards Tamper Resistant Code Encryption: Practice and Experience

Cited by 31 publications

References 15 publications

Replacement attacks against VM-protected applications

Replacement attacks against VM-protected applications

The Research on Attack Threat Sensing based on qSoftware Security Sensorq

Replacement attacks against VM-protected applications

Contact Info

Product

Resources

About