Software Protection with Code Mobility

The analysis of binary code is a common step of Man-At-The-End attacks to identify code sections crucial to implement attacks, such as identifying private key hidden in the code, identifying sensitive algorithms or tamper with the code to disable protections (e.g. license checks or DRM) embedded in binary code, or use the software in an unauthorized manner. Code Mobility can be used to thwart code analysis and debugging by removing parts of the code from the deployed software program and installing it at run-time by downloading binary code blocks from a trusted server. The proposed architecture of the code mobility protection downloads mobile code blocks, which are allocated dynamically at addresses determined at run-time; control transfers into and out of mobile code blocks are rewritten using the Diablo binary-rewriter tool.

[1]  Paolo Falcarin,et al.  Application-Oriented Trust in Distributed Computing , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[2]  Barry E. Mullins,et al.  Program Fragmentation as a Metamorphic Software Protection , 2007 .

[3]  Jasvir Nagra,et al.  biànliǎn : Remote Tamper-Resistance with Continuous Replacement ∗ , 2008 .

[4]  Saumya K. Debray,et al.  Obfuscation of executable code to improve resistance to static disassembly , 2003, CCS '03.

[5]  Ramarathnam Venkatesan,et al.  Oblivious Hashing: A Stealthy Software Integrity Verification Primitive , 2002, Information Hiding.

[6]  David Aucsmith,et al.  Tamper Resistant Software: An Implementation , 1996, Information Hiding.

[7]  Paolo Falcarin,et al.  Exploiting code mobility for dynamic binary obfuscation , 2011, 2011 World Congress on Internet Security (WorldCIS-2011).

[8]  Mikhail J. Atallah,et al.  Protecting Software Code by Guards , 2001, Digital Rights Management Workshop.

[9]  Yuichiro Kanzaki,et al.  Exploiting self-modification mechanism for program protection , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[10]  Koen De Bosschere,et al.  Hybrid static-dynamic attacks against software protection mechanisms , 2005, DRM '05.

[11]  Christian S. Collberg,et al.  Surreptitious Software - Obfuscation, Watermarking, and Tamperproofing for Software Protection , 2009, Addison-Wesley Software Security Series.

[12]  Markus Jakobsson,et al.  Discouraging Software Piracy Using Software Aging , 2001, Digital Rights Management Workshop.

[13]  Christian S. Collberg,et al.  Distributed application tamper detection via continuous software updates , 2012, ACSAC '12.

[14]  Per Larsen,et al.  SoK: Automated Software Diversity , 2014, 2014 IEEE Symposium on Security and Privacy.

[15]  Angelos D. Keromytis,et al.  Retrofitting Security in COTS Software with Binary Rewriting , 2011, SEC.

[16]  Koen De Bosschere,et al.  Protecting Your Software Updates , 2013, IEEE Security & Privacy.

[17]  Paolo Falcarin,et al.  Remote trust with aspect-oriented programming , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[18]  Kevin W. Hamlen,et al.  Binary stirring: self-randomizing instruction addresses of legacy x86 binary code , 2012, CCS.

[19]  K. De Bosschere,et al.  DIABLO: a reliable, retargetable and extensible link-time rewriting framework , 2005, Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 2005..

[20]  James R. Cordy,et al.  The TXL source transformation language , 2006, Sci. Comput. Program..

[21]  Bart Coppens,et al.  Feedback-driven binary code diversification , 2013, TACO.

[22]  Jonathon T. Giffin,et al.  Strengthening software self-checksumming via self-modifying code , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).