A generic attack on checksumming-based software tamper resistance

Self-checking software tamper resistance mechanisms employing checksums, including advanced systems as recently proposed by Chang and Atallah (2002) and Horne et al. (2002) have been promoted as an alternative to other software integrity verification techniques. Appealing aspects include the promise of being able to verify the integrity of software independent of the external support environment, as well as the ability to automatically integrate checksumming code during program compilation or linking. In this paper we show that the rich functionality of many modern processors, including UltraSparc and x86-compatible processors, facilitates automated attacks which defeat such checksumming by self-checking programs.

[1]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[2]  William A. Arbaugh,et al.  Copilot - a Coprocessor-based Kernel Runtime Integrity Monitor , 2004, USENIX Security Symposium.

[3]  Eugene H. Spafford,et al.  The design and implementation of tripwire: a file system integrity checker , 1994, CCS '94.

[4]  Robert E. Tarjan,et al.  Dynamic Self-Checking Techniques for Improved Tamper Resistance , 2001, Digital Rights Management Workshop.

[5]  Masahiro Mambo,et al.  An Approach to the Objective and Quantitative Evaluation of Tamper-Resistant Software , 2000, ISW.

[6]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[7]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[8]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[9]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[10]  J. Doug Tygar,et al.  Side Effects Are Not Sufficient to Authenticate Software , 2004, USENIX Security Symposium.

[11]  James R. Gosler,et al.  Software Protection: Myth or Reality? , 1985, CRYPTO.

[12]  Paul C. van Oorschot Revisiting Software Protection , 2003, ISC.

[13]  Mikhail J. Atallah,et al.  Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[14]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[15]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[16]  Ramarathnam Venkatesan,et al.  Oblivious Hashing: A Stealthy Software Integrity Verification Primitive , 2002, Information Hiding.

[17]  Leah H. Jamieson,et al.  AN ANALYSIS OF PROPOSED ATTACKS AGAINST GENUINITY TESTS , 2004 .

[18]  John C. Knight,et al.  A security architecture for survivability mechanisms , 2001 .

[19]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[20]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[21]  G. Edward Suh,et al.  AEGIS: architecture for tamper-evident and tamper-resistant processing , 2003, ICS.

[22]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[23]  Hongxia Jin,et al.  Proactive Software Tampering Detection , 2003, ISC.

[24]  Christian F. Tschudin,et al.  Protecting Mobile Agents Against Malicious Hosts , 1998, Mobile Agents and Security.

[25]  Joos Vandewalle,et al.  (How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions , 2003, TOIT.