Trading-off security and performance in barrier slicing for remote software entrusting

Ceccato, Mariano; Preda, Mila Dalla; Nagra, Jasvir; Collberg, Christian; Tonella, Paolo

doi:10.1007/s10515-009-0047-y

Cited by 7 publications

(7 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This transformation was initially designed as a way to protect programs from malicious tampering [7,8]. In fact, if sensitive portions or critical functionalities are moved to a remote server, they can run securely and without being tampered with by the attacker.…”

Section: Client/server Code Splittingmentioning

confidence: 99%

“…The identification of the most appropriate part to split can be automated, for example as suggested by Ceccato et al [8]. They relied on static analysis to identify and minimise control and data dependencies that would be impacted by the transformation.…”

Section: Considerations On Client/server Code Splittingmentioning

confidence: 99%

“…Although automation can be implemented according to algorithm available in the literature [8], the current implementation requires to manually annotate slicing barriers and criteria. Once barriers and criteria are available, the computation of the slice and all the program transformation steps are fully automated.…”

Section: Client/server Code Splitting Modulementioning

confidence: 99%

“…The concept of barrier slicing was also used by Ceccato et al [7,8] to design a protection technique against malicious tampering, with the idea of using barrier slicing to ensure that security critical portions of client computation are executed on the secure server. In our work, barrier slicing is applied to required although less critical functionalities, to turn the application server dependent and to perform the reaction is case of tampering detection.…”

Section: Client/server Code Splittingmentioning

confidence: 99%

See 3 more Smart Citations

Reactive Attestation

Viticchié

Basile

Avancini

et al. 2016

Proceedings of the 2016 ACM Workshop on Software PROtection

Self Cite

View full text Add to dashboard Cite

Anti-tampering is a form of software protection conceived to detect and avoid the execution of tampered programs. Tamper detection assesses programs' integrity with load-or execution-time checks. Avoidance reacts to tampered programs by stopping or rendering them unusable. General purpose reactions (such as halting the execution) stand out like a lighthouse in the code and are quite easy to defeat by an attacker. More sophisticated reactions, which degrade the user experience or the quality of service, are less easy to locate and remove but are too tangled with the program's business logic, and are thus difficult to automate by a general purpose protection tool. In the present paper, we propose a novel approach to antitampering that (i) fully automatically applies to a target program, (ii) uses Remote Attestation for detection purposes and (iii) adopts a server-side reaction that is difficult to block by an attacker. By means of Client/Server Code Splitting, a crucial part of the program is removed from the client and executed on a remote trusted server in sync with the client. If a client program provides evidences of its integrity, the part moved to the server is executed. Otherwise, a server-side reaction logic may (temporarily or definitely) decide to stop serving it. Therefore, a tampered client application can not continue its execution. We assessed our automatic protection tool on a case study Android application. Experimental results show that all the original and tampered executions are correctly detected, reactions are promptly applied, and execution overhead is on an acceptable level.

show abstract

Section: Client/server Code Splittingmentioning

confidence: 99%

Section: Considerations On Client/server Code Splittingmentioning

confidence: 99%

Section: Client/server Code Splitting Modulementioning

confidence: 99%

Section: Client/server Code Splittingmentioning

confidence: 99%

See 2 more Smart Citations

Reactive Attestation

Viticchié

Basile

Avancini

et al. 2016

Proceedings of the 2016 ACM Workshop on Software PROtection

Self Cite

View full text Add to dashboard Cite

show abstract

“…This solution introduces both a communication overhead and a computation overhead on the server. The trade-off between the security and cost of this protection scheme has been studied in [5]. It is worth mentioning that the idea of splitting an application between client and server has been already used by Zhang and Gupta in order to prevent software piracy [19].…”

Section: Related Workmentioning

confidence: 99%

Remote software protection by orthogonal client replacement

Ceccato

Tonella

Preda

et al. 2009

Proceedings of the 2009 ACM Symposium on Applied Computing

Self Cite

View full text Add to dashboard Cite

In a typical client-server scenario, a trusted server provides valuable services to a client, which runs remotely on an untrusted platform. Of the many security vulnerabilities that may arise (such as authentication and authorization), guaranteeing the integrity of the client code is one of the most difficult to address. This security vulnerability is an instance of the malicious host problem, where an adversary in control of the client's host environment tries to tamper with the client code.We propose a novel client replacement strategy to counter the malicious host problem. The client code is periodically replaced by new orthogonal clients, such that their combination with the server is functionally-equivalent to the original client-server application. The reverse engineering efforts of the adversary are deterred by the complexity of analysis of frequently changing, orthogonal program code. We use the underlying concepts of program obfuscation as a basis for formally defining and providing orthogonality. We also give preliminary empirical validation of the proposed approach.

show abstract