High-Performance Software Protection using

One of the key problems facing the computer indus- try today involves ensuring the integrity of end-user applications and data. Researchers in the relatively new field of software protection investigate the development and evaluation of controls that prevent the unauthorized modification or use of system software. While many previously developed protection schemes have provided a strong level of security, their overall effectiveness has been hindered by a lack of transparency to the user in terms of performance overhead. Other approaches take to the opposite extreme and sacrifice security for the sake of this need for transparency. In this work we present an architecture for software protection that provides for a high level of both security and user transparency by utilizing Field Programmable Gate Array (FPGA) technology as the main protection mechanism. We demonstrate that by relying on FPGA technology, this approach can accelerate the execution of programs in a cryp- tographic environment, while maintaining the flexibility through reprogramming to carry out any compiler-driven protections that may be application-specific. Furthermore, we show how programmable FPGA resources not reserved towards software protection can be realized as performance-oriented architectural optimizations, and we evaluate the effectiveness of this concept with an investigation into instruction prefetching.

[1]  Lance J. Hoffman,et al.  BITS: a smartcard protected operating system , 1994, CACM.

[2]  Steve R. White,et al.  ABYSS: ATrusted Architecture for Software Protection , 1987, 1987 IEEE Symposium on Security and Privacy.

[3]  Tao Zhang,et al.  HIDE: an infrastructure for efficiently protecting information leakage on the address bus , 2004, ASPLOS XI.

[4]  Seth Copen Goldstein,et al.  A High-Performance Flexible Architecture for Cryptography , 1999, CHES.

[5]  Christof Paar,et al.  Fast DES Implementation for FPGAs and Its Application to a Universal Key-Search Machine , 1998, Selected Areas in Cryptography.

[6]  Matti Tommiska,et al.  A fully pipelined memoryless 17.8 Gbps AES-128 encryptor , 2003, FPGA '03.

[7]  Todd M. Austin,et al.  The SimpleScalar tool set, version 2.0 , 1997, CARN.

[8]  Bennet S. Yee,et al.  Using Secure Coprocessors , 1994 .

[9]  Amit Sahai,et al.  On the (im)possibility of obfuscating programs , 2001, JACM.

[10]  Steve R. White,et al.  An evaluation system for the physical security of computing systems , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[11]  Dirk Balfanz,et al.  A security infrastructure for distributed Java applications , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[12]  Sean W. Smith,et al.  Secure coprocessing applications and research issues , 1996 .

[13]  Miodrag Potkonjak,et al.  MediaBench: a tool for evaluating and synthesizing multimedia and communications systems , 1997, Proceedings of 30th Annual International Symposium on Microarchitecture.

[14]  Adam Shostack,et al.  Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards , 1999, Smartcard.

[15]  Trevor N. Mudge,et al.  Instruction prefetching using branch prediction information , 1997, Proceedings International Conference on Computer Design VLSI in Computers and Processors.

[16]  Vincent Rijmen,et al.  The Block Cipher Rijndael , 1998, CARDIS.

[17]  Bennet S. Yee,et al.  Dyad : a system for using physically secure coprocessors , 1991 .

[18]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[19]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[20]  José D. P. Rolim,et al.  An adaptive cryptographic engine for IPSec architectures , 2000, Proceedings 2000 IEEE Symposium on Field-Programmable Custom Computing Machines (Cat. No.PR00871).

[21]  Miodrag Potkonjak,et al.  Enabling trusted software integrity , 2002, ASPLOS X.

[22]  Christof Paar,et al.  An FPGA Implementation and Performance Evaluation of the AES Block Cipher Candidate Algorithm Finalists , 2000, AES Candidate Conference.

[23]  Ramarathnam Venkatesan,et al.  A Graph Theoretic Approach to Software Watermarking , 2001, Information Hiding.

[24]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[25]  Christian S. Collberg,et al.  Software watermarking: models and dynamic embeddings , 1999, POPL '99.

[26]  Christian S. Collberg,et al.  A Taxonomy of Obfuscating Transformations , 1997 .

[27]  Robert E. Tarjan,et al.  Dynamic Self-Checking Techniques for Improved Tamper Resistance , 2001, Digital Rights Management Workshop.

[28]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[29]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[30]  Trevor Mudge,et al.  MiBench: A free, commercially representative embedded benchmark suite , 2001 .

[31]  Sean W. Smith,et al.  Smart cards in hostile environments , 1996 .

[32]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[33]  Glenn Reinman,et al.  Fetch directed instruction prefetching , 1999, MICRO-32. Proceedings of the 32nd Annual ACM/IEEE International Symposium on Microarchitecture.

[34]  Mikhail J. Atallah,et al.  Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[35]  Bennet S. Yee,et al.  Secure Coprocessors in Electronic Commerce Applications , 1995, USENIX Workshop on Electronic Commerce.

[36]  Tao Zhang,et al.  Hardware assisted control flow obfuscation for embedded processors , 2004, CASES '04.