A Graph Game Model for Software Tamper Protection

We present a probabilistic program-transformation algorithm to render a given program tamper-resistant. In addition, we suggest a model to estimate the required effort for an attack.Wemake some engineering assumptions about local indistinguishability on the transformed program and model an attacker's steps as making a walk on the program flow graph. The goal of the attacker is to learn what has been inserted by the transformation, in which case he wins. Our heuristic estimate counts the number of steps of his walk on the graph. Our model is somewhat simplified, but we believe both the constructions and models can be made more realistic in the future.

[1]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[2]  Zheng Wang,et al.  BMAT - A Binary Matching Tool for Stale Profile Propagation , 2000, J. Instr. Level Parallelism.

[3]  Amit Sahai,et al.  Positive Results and Techniques for Obfuscation , 2004, EUROCRYPT.

[4]  Gang Tan,et al.  Delayed and Controlled Failures in Tamper-Resistant Software , 2006, Information Hiding.

[5]  Adi Shamir,et al.  Playing "Hide and Seek" with Stored Keys , 1999, Financial Cryptography.

[6]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[7]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[8]  Ramarathnam Venkatesan,et al.  Proteus: virtualization for diversified tamper-resistance , 2006, DRM '06.

[9]  Murali K. Ganapathy Robust Mixing , 2006, APPROX-RANDOM.

[10]  Clark Thomborson,et al.  Manufacturing cheap, resilient, and stealthy opaque constructs , 1998, POPL '98.

[11]  Ramarathnam Venkatesan,et al.  Oblivious Hashing: A Stealthy Software Integrity Verification Primitive , 2002, Information Hiding.

[12]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[13]  Paul C. van Oorschot,et al.  Hardware-assisted circumvention of self-hashing software tamper resistance , 2005, IEEE Transactions on Dependable and Secure Computing.

[14]  Yael Tauman Kalai,et al.  On the impossibility of obfuscation with auxiliary input , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[15]  T. Scharping Hide-and-seek: China's elusive population data , 2001 .

[16]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[17]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[18]  Christian S. Collberg,et al.  Breaking abstractions and unstructuring data structures , 1998, Proceedings of the 1998 International Conference on Computer Languages (Cat. No.98CB36225).