Secure Software Licensing: Models, Constructions, and Proofs

The problem of secure software licensing is to enforce meaningful restrictions on how software is run on machines outside the control of the software author/vendor. The problem has been addressed through a variety of approaches from software obfuscation to hardware-based solutions, but existent solutions offer only heuristic guarantees which are often invalidated by attacks. This paper establishes foundations for secure software licensing in the form of rigorous models. We identify and formalize two key properties. Privacy demands that licensed software does not leak unwanted information, and integrity ensures that the use of licensed software is compliant with a license - the license is a parameter of our models. Our formal definitions and proposed constructions leverage the isolation/attestation capabilities of recently proposed trusted hardware like SGX which proves to be a key enabling technology for provably secure software licensing.

[1]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[2]  Hoeteck Wee,et al.  On obfuscating point functions , 2005, STOC '05.

[3]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[4]  Juan del Cuvillo,et al.  Using innovative instructions to create trustworthy software solutions , 2013, HASP '13.

[5]  Jonathan M. McCune,et al.  Memoir: Practical State Continuity for Protected Modules , 2011, 2011 IEEE Symposium on Security and Privacy.

[6]  Bogdan Warinschi,et al.  Foundations of Hardware-Based Attested Computation and Application to SGX , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[7]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[8]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[9]  Frank Piessens,et al.  ICE: a passive, high-speed, state-continuity scheme , 2014, ACSAC.

[10]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[11]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[12]  T. Alves,et al.  TrustZone : Integrated Hardware and Software Security , 2004 .

[13]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[14]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[15]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[16]  Ramakrishna Kotla,et al.  Pasture: Secure Offline Data Access Using Commodity Trusted Hardware , 2012, OSDI.

[17]  Jacob R. Lorch,et al.  TrInc: Small Trusted Hardware for Large Distributed Systems , 2009, NSDI.

[18]  Christos Gkantsidis,et al.  VC 3 : Trustworthy Data Analytics in the Cloud , 2014 .

[19]  Guy N. Rothblum,et al.  Obfuscating Conjunctions , 2015, Journal of Cryptology.