CodeBender: Remote Software Protection Using Orthogonal Replacement

CodeBender implements a novel client replacement strategy to counter the malicious host problem and address the problem of guaranteeing client-code security. CodeBender is a tool that implements a novel client-replacement strategy to counter the malicious host problem. It works by limiting the client code's validity and, when the code expires, by having the server provide a new client that replaces the former one. The complexity of analyzing frequently changing, always different (orthogonal) program code deters an adversary's reverse engineering efforts. We've implemented CodeBender and tested its practicability in two case studies.

[1]  Mariano Ceccato,et al.  Trading-off security and performance in barrier slicing for remote software entrusting , 2009, Automated Software Engineering.

[2]  Pradeep K. Khosla,et al.  SWATT: softWare-based attestation for embedded devices , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[3]  Elaine Shi,et al.  Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems , 2005, SOSP '05.

[4]  Paul C. van Oorschot,et al.  Hardware-assisted circumvention of self-hashing software tamper resistance , 2005, IEEE Transactions on Dependable and Secure Computing.

[5]  Mariano Ceccato,et al.  Remote software protection by orthogonal client replacement , 2009, SAC '09.

[6]  Per Capita,et al.  About the authors , 1995, Machine Vision and Applications.

[7]  Alexandru Telea,et al.  SQuAVisiT: A Software Quality Assessment and Visualisation Toolset , 2007 .

[8]  Marco Torchiano,et al.  The effectiveness of source code obfuscation: An experimental assessment , 2009, 2009 IEEE 17th International Conference on Program Comprehension.

[9]  Wil Michiels,et al.  Mechanism for software tamper resistance: an application of white-box cryptography , 2007, DRM '07.

[10]  Mariano Ceccato,et al.  Barrier Slicing for Remote Software Trusting , 2007, Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007).

[11]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[12]  Paolo Falcarin,et al.  Remote trust with aspect-oriented programming , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[13]  Paolo Falcarin,et al.  Application-Oriented Trust in Distributed Computing , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[14]  Shinji Kusumoto,et al.  CCFinder: A Multilinguistic Token-Based Code Clone Detection System for Large Scale Source Code , 2002, IEEE Trans. Software Eng..

[15]  J. Doug Tygar,et al.  Side Effects Are Not Sufficient to Authenticate Software , 2004, USENIX Security Symposium.

[16]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[17]  Robert E. Tarjan,et al.  Dynamic Self-Checking Techniques for Improved Tamper Resistance , 2001, Digital Rights Management Workshop.