F-LaaS: A Control-Flow-Attack Immune License-as-a-Service Model

We use license servers to verify users' credentials and to restrict access to proprietary software. Due to logistical reasons, it is often economical to use third-party servers to manage licenses. Sadly, users on client machines can mount sophisticated attacks on the executables and try to circumvent the license check. This can be used to crack the software, and thus it is necessary for software writers to prevent such attacks, which include the use of additional code to check the integrity of the binary and the control flow. In spite of such techniques, modern control flow bending(CFB) techniques that rely on running instrumented binaries on virtual machines can circumvent such checks and change the behavior of branches and jumps at runtime. They are however extremely computationally inefficient. We propose an AI-based technique that is an order of magnitude faster than the state-of-the-art and show its efficacy by breaking three widely used license managers, and five popularly used software. Finally, we propose a new license management service, F-LaaS, which hides key functions in the binary. These functions are downloaded at runtime upon the successful verification of the license. We show that the mean performance overhead of F-LaaS is negligible: 0.26%.

[1]  Trent Jaeger,et al.  GRIFFIN: Guarding Control Flows Using Intel Processor Trace , 2017, ASPLOS.

[2]  Sergei Vassilvitskii,et al.  k-means++: the advantages of careful seeding , 2007, SODA '07.

[3]  Todd M. Austin,et al.  Regaining lost cycles with HotCalls: A fast interface for SGX secure enclaves , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[4]  H. Abdi,et al.  Principal component analysis , 2010 .

[5]  Jure Leskovec,et al.  node2vec: Scalable Feature Learning for Networks , 2016, KDD.

[6]  Kaivalya M. Dixit,et al.  Overview of the SPEC Benchmarks , 1993, The Benchmark Handbook.

[7]  Wolfgang Ziegler A Framework for managing Quality of Service in Cloud Computing through Service Level Agreements , 2017 .

[8]  Kate Ehrlich,et al.  Empirical Studies of Programming Knowledge , 1984, IEEE Transactions on Software Engineering.

[9]  Ahmad-Reza Sadeghi,et al.  HAFIX: Hardware-Assisted Flow Integrity eXtension , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[10]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[11]  Linda Dailey Paulson,et al.  Building Rich Web Applications with Ajax , 2005, Computer.

[12]  Nael B. Abu-Ghazaleh,et al.  Jump over ASLR: Attacking branch predictors to bypass ASLR , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[13]  Prathmesh Kallurkar,et al.  Tejas: A java based versatile micro-architectural simulator , 2015, 2015 25th International Workshop on Power and Timing Modeling, Optimization and Simulation (PATMOS).

[14]  David A. Wagner,et al.  Control-Flow Bending: On the Effectiveness of Control-Flow Integrity , 2015, USENIX Security Symposium.

[15]  Wolfgang Ziegler,et al.  Leveraging Use of Software-license-protected Applications in Clouds , 2016, CLOSER.

[16]  Arun Lakhotia,et al.  Restructuring functions with low cohesion , 1999, Sixth Working Conference on Reverse Engineering (Cat. No.PR00303).

[17]  Srinivas Devadas,et al.  Intel SGX Explained , 2016, IACR Cryptol. ePrint Arch..