Mobile code integrity through static program analysis, steganography, and dynamic transformation control

Mobile software provides a highly desirable and flexible form of computing, but creates complex security considerations beyond those associated with the traditional mode of computing. Execution environments with the ability to modify a program at run time compound the risks associated with mobile software. These dynamic program transformation environments could be used to introduce malicious code by transforming an otherwise safe program in a nefarious manner. Inadequate security can have profound, detrimental effects for both the producer and the consumer of mobile code. Validating the integrity of software is one important criterion for safe execution on the client machine. However, networked devices with severely constrained bandwidth or power resources could handle delivery and management of integrity data much more efficiently than methods currently in use today. Techniques to control how a program evolves in a dynamic transformation environment, based on formal security policy, are also lacking. Prior to this research, techniques to control program transformation based on security policy did not exist. This research presents a general tamper detection framework along with the design and implementation of two systems to validate program integrity for various forms of mobile computer programs. The tamper detection framework utilizes hybrid steganographic-cryptographic techniques to encode program authentication data by embedding a fragile watermark within a program. Using steganographic techniques to communicate this authentication data greatly simplifies the storage and management of the data. The fragile watermark can be used to authenticate the sender and to validate the integrity of a mobile program. This dissertation is the first to provide techniques to control dynamic program transformations based upon specified security policy. The developed program transformation control framework is based on a control language which describes transformation policy to the runtime environment. The transformation controls will enable only those program transformations to be applied to the software that are acceptable to the specified policy, thereby controlling how the program is modified at runtime. The major contributions of this dissertation are (1) identifying key weaknesses in current tamper detection techniques, (2) presenting the development and evaluation of novel techniques and frameworks that utilize static analysis of mobile code to embed and validate a tamper detection mark within mobile code, (3) identifying key weaknesses in current validation techniques for dynamically transforming program files, and (4) presenting the development and evaluation of novel techniques and frameworks that utilize a language developed to specify controls for dynamic program transformations to mobile code. The tamper detection component enables the insertion, extraction, and validation of a tamper detection mark in mobile code while maintaining semantic equivalence to the original code. The transformation controls enable dynamic program transformation to occur on a running program within a user-specified set of permissible transformations. The combined effect of tamper detection marking and transformation control helps provide for the safe dissemination and execution of mobile code through validation of program integrity.

[1]  Jeffrey K. Hollingsworth,et al.  An API for Runtime Code Patching , 2000, Int. J. High Perform. Comput. Appl..

[2]  O. Roeva,et al.  Information Hiding: Techniques for Steganography and Digital Watermarking , 2000 .

[3]  Lori L. Pollock,et al.  Bandwidth efficient tamper detection for distributed Java systems , 2002, Proceedings 16th Annual International Symposium on High Performance Computing Systems and Applications.

[4]  Jeffrey K. Hollingsworth,et al.  Efficient instrumentation for code coverage testing , 2002, ISSTA '02.

[5]  Jacques Stern,et al.  Signing on a Postcard , 2000, Financial Cryptography.

[6]  Thomas Vogel,et al.  A high-capacity block based video watermark , 2004 .

[7]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[8]  Nick Benton,et al.  Simple relational correctness proofs for static analyses and program transformations , 2004, POPL.

[9]  Fritz Hohl,et al.  Time Limited Blackbox Security: Protecting Mobile Agents From Malicious Hosts , 1998, Mobile Agents and Security.

[10]  J. A. Whittaker,et al.  Computer Security , 2004, IEEE Secur. Priv..

[11]  Gary McGraw,et al.  Attacking Malicious Code: A Report to the Infosec Research Council , 2000, IEEE Software.

[12]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[13]  Guy L. Steele,et al.  Java Language Specification, Second Edition: The Java Series , 2000 .

[14]  Helen D. Karatza,et al.  Adaptive energy conservation model using dynamic caching for wireless devices , 2004, 37th Annual Simulation Symposium, 2004. Proceedings..

[15]  Christian S. Collberg,et al.  Graph Theoretic Software Watermarks: Implementation, Analysis, and Attacks , 2004, Information Hiding.

[16]  Mary Lou Soffa,et al.  An approach for exploring code improving transformations , 1997, TOPL.

[17]  Lori L. Pollock,et al.  Enabling control over adaptive program transformation for dynamically evolving mobile software validation , 2005, SESS@ICSE.

[18]  Ahmet M. Eskicioglu,et al.  Robust DWT-SVD domain image watermarking: embedding data in all frequencies , 2004, MM&Sec '04.

[19]  Bo Li,et al.  Active, programmable, and mobile code networking , 2000, IEEE Commun. Mag..

[20]  Mauro Barni,et al.  Object watermarking for for MPEG-4 video streams copyright protection , 2000, Electronic Imaging.

[21]  Kathryn S. McKinley,et al.  Dynamic SimpleScalar: Simulating Java Virtual Machines , 2003 .

[22]  S. Samtani,et al.  Reliable and dynamic access to services in battlefield ad hoc networks , 2004, IEEE MILCOM 2004. Military Communications Conference, 2004..

[23]  C.-C. Jay Kuo,et al.  Robust and efficient digital audio watermarking using audio content analysis , 2000, Electronic Imaging.

[24]  Nasir D. Memon,et al.  Preventing Piracy, Reverse Engineering, and Tampering , 2003, Computer.

[25]  Moustafa Youssef,et al.  A framework for wireless LAN monitoring and its applications , 2004, WiSe '04.

[26]  John S. Baras,et al.  Detection and prevention of MAC layer misbehavior in ad hoc networks , 2004, SASN '04.

[27]  Andrew W. Appel,et al.  Foundational proof-carrying code , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[28]  Norman Ramsey,et al.  The design of a resourceable and retargetable binary translator , 1999, Sixth Working Conference on Reverse Engineering (Cat. No.PR00303).

[29]  Aaron Kershenbaum,et al.  Mobile Agents: Are They a Good Idea? , 1996, Mobile Object Systems.

[30]  Patrick Cousot,et al.  An abstract interpretation-based framework for software watermarking , 2004, POPL.

[31]  Wei-Chung Hsu,et al.  The performance of runtime data cache prefetching in a dynamic optimization system , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[32]  James M. Stichnoth,et al.  Practicing JUDO: Java under dynamic optimizations , 2000, PLDI '00.

[33]  Leah H. Jamieson,et al.  Establishing the Genuinity of Remote Computer Systems , 2003, USENIX Security Symposium.

[34]  Diomidis Spinellis,et al.  Reflection as a mechanism for software integrity verification , 2000, TSEC.

[35]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[36]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[37]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[38]  David M. Chess,et al.  Security Issues in Mobile Code Systems , 1998, Mobile Agents and Security.

[39]  Gideon Yuval,et al.  How to Swindle Rabin , 1979, Cryptologia.

[40]  Minerva M. Yeung,et al.  Robust frame-dependent video watermarking , 2000, Electronic Imaging.

[41]  Lori Pollock,et al.  Tamper detection marking for object files , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..

[42]  Gary McGraw,et al.  Mobile Code and Security , 1998 .

[43]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[44]  Matthew Arnold,et al.  Online feedback-directed optimization of Java , 2002, OOPSLA '02.

[45]  George Cybenko,et al.  Mobile Agents: Motivations and State-of-the-Art Systems , 2000 .

[46]  Ralph Howard,et al.  Data encryption standard , 1987 .

[47]  Martin Nilsson,et al.  Investigating the energy consumption of a wireless network interface in an ad hoc networking environment , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[48]  Michael Stepp,et al.  Dynamic path-based software watermarking , 2004, PLDI '04.

[49]  Dengguo Feng,et al.  Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD , 2004, IACR Cryptol. ePrint Arch..

[50]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[51]  Richard C. Linger,et al.  Improving network system security with function extraction technology for automated calculation of program behavior , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[52]  Krishnaswamy Palsberg,et al.  A Functional Taxonomy for Software Watermarking , 2002 .

[53]  Angelos D. Keromytis,et al.  Hydan: Hiding Information in Program Binaries , 2004, ICICS.

[54]  Liuba Shrira,et al.  Modular Software Upgrades for Distributed Systems , 2006, ECOOP.

[55]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[56]  Giovanni Vigna,et al.  Understanding Code Mobility , 1998, IEEE Trans. Software Eng..

[57]  Tadayoshi Kohno,et al.  Trust (and mistrust) in secure applications , 2001, CACM.

[58]  Matthew Arnold,et al.  Adaptive optimization in the Jalapeño JVM , 2000, OOPSLA '00.

[59]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[60]  Christian S. Collberg,et al.  Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection , 2002, IEEE Trans. Software Eng..

[61]  Peter Lee,et al.  Automated techniques for provably safe mobile code , 2003, Theor. Comput. Sci..

[62]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[63]  Kevin Bobier,et al.  Enhanced unattended ground sensor system communications , 2002, MILCOM 2002. Proceedings.

[64]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[65]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.

[66]  Koen De Bosschere,et al.  Hybrid static-dynamic attacks against software protection mechanisms , 2005, DRM '05.

[67]  Lori L. Pollock,et al.  A framework for tamper detection marking of mobile applications , 2003, 14th International Symposium on Software Reliability Engineering, 2003. ISSRE 2003..

[68]  Elsabé Cloete,et al.  Classification of malicious host threats in mobile agent computing , 2002 .

[69]  Markus G. Kuhn,et al.  Information hiding-a survey , 1999, Proc. IEEE.

[70]  Lisa M. Marvel,et al.  Compression-compatible fragile and semifragile tamper detection , 2000, Electronic Imaging.

[71]  K. Ebcioglu,et al.  Daisy: Dynamic Compilation For 10o?40 Architectural Compatibility , 1997, Conference Proceedings. The 24th Annual International Symposium on Computer Architecture.

[72]  Erik R. Altman,et al.  Daisy: Dynamic Compilation For 10o?40 Architectural Compatibility , 1997, Conference Proceedings. The 24th Annual International Symposium on Computer Architecture.

[73]  Luc Moreau,et al.  Certificates for mobile code security , 2002, SAC '02.

[74]  Ramarathnam Venkatesan,et al.  A Graph Theoretic Approach to Software Watermarking , 2001, Information Hiding.

[75]  Margaret Martonosi,et al.  Wattch: a framework for architectural-level power analysis and optimizations , 2000, Proceedings of 27th International Symposium on Computer Architecture (IEEE Cat. No.RS00201).

[76]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[77]  David A. Patterson,et al.  Computer Architecture - A Quantitative Approach, 5th Edition , 1996 .

[78]  Jan Camenisch,et al.  Cryptographic security for mobile code , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[79]  Neil J. Hurley,et al.  Securing Java through software watermarking , 2003, PPPJ.

[80]  Yuichiro Kanzaki,et al.  Exploiting self-modification mechanism for program protection , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[81]  Hong Zhao,et al.  A new content-based digital audio watermarking algorithm for copyright protection , 2004, InfoSecu '04.

[82]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[83]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[84]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1988, SIGP.

[85]  Margaret Martonosi,et al.  The XTREM power and performance simulator for the Intel XScale core: Design and experiences , 2007, TECS.

[86]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[87]  Lori Pollock,et al.  MOST: A Tamper Detection Tool for Mobile Java Software , 2002 .

[88]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[89]  Wei-Chung Hsu,et al.  Performance of runtime optimization on BLAST , 2005, International Symposium on Code Generation and Optimization.

[90]  A. K. Ghosh On certifying mobile code for secure applications , 1998, Proceedings Ninth International Symposium on Software Reliability Engineering (Cat. No.98TB100257).

[91]  Christian F. Tschudin,et al.  Towards mobile cryptography , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[92]  Nasir D. Memon,et al.  Obfuscation of design intent in object-oriented applications , 2003, DRM '03.

[93]  Premkumar T. Devanbu,et al.  Software engineering for security: a roadmap , 2000, ICSE '00.

[94]  M. Jochen,et al.  Towards the safe use of dynamically itinerant software , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[95]  Susan L. Gerhart,et al.  Correctness-preserving program transformations , 1975, POPL '75.

[96]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[97]  Michael Voss,et al.  High-level adaptive program optimization with ADAPT , 2001, PPoPP '01.