Software integrity checking expressions (ICEs) for robust tamper detection

Authors:
Mariusz Jakubowski;Prasad Naldurg;Vijay Patankar;Ramarathnam Venkatesan
Affiliations:
Microsoft Research Redmond;Microsoft Research India;Microsoft Research India;Microsoft Research Redmond and Microsoft Research India
Venue:
IH'07 Proceedings of the 9th international conference on Information hiding
Year:
2007

Citing 9
Cited 2

IP = PSPACE

Journal of the ACM (JACM)
Proof-carrying code

Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Fast Probabilistic Algorithms for Verification of Polynomial Identities

Journal of the ACM (JACM)
Automatic predicate abstraction of C programs

Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Discovering affine equalities using random interpretation

POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Oblivious Hashing: A Stealthy Software Integrity Verification Primitive

IH '02 Revised Papers from the 5th International Workshop on Information Hiding
On the Impossibility of Obfuscation with Auxiliary Input

FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Software verification with BLAST

SPIN'03 Proceedings of the 10th international conference on Model checking software

Obfuscating straight line arithmetic programs

Proceedings of the nineth ACM workshop on Digital rights management
Tamper-Tolerant Software: Modeling and Implementation

IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We introduce software integrity checking expressions (Soft-ICEs), which are program predicates that can be used in software tamper detection. We present two candidates, probabilistic verification conditions (PVCs) and Fourier-learning approximations (FLAs), which can be computed for certain classes of programs,. We show that these predicates hold for any valid execution of the program, and fail with some probability for any invalid execution (e.g., when the output value of one of the variables is tampered). PVCs work with straight-line integer programs that have operations { *,+,- }. We also sketch how we can extend this class to include branches and loops. FLAs can work over programs with arbitrary operations, but have some limitations in terms of efficiency, code size, and ability to handle various classes of functions. We describe a few applications of this technique, such as program integrity checking, program or client identification, and tamper detection. As a generalization of oblivious hashing (OH), our approach resolves several troublesome issues that complicate practical application of OH towards tamper-resistance.