Journal of the ACM (JACM)
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Fast Probabilistic Algorithms for Verification of Polynomial Identities
Journal of the ACM (JACM)
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Discovering affine equalities using random interpretation
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Oblivious Hashing: A Stealthy Software Integrity Verification Primitive
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
On the Impossibility of Obfuscation with Auxiliary Input
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Obfuscating straight line arithmetic programs
Proceedings of the nineth ACM workshop on Digital rights management
Tamper-Tolerant Software: Modeling and Implementation
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Hi-index | 0.00 |
We introduce software integrity checking expressions (Soft-ICEs), which are program predicates that can be used in software tamper detection. We present two candidates, probabilistic verification conditions (PVCs) and Fourier-learning approximations (FLAs), which can be computed for certain classes of programs,. We show that these predicates hold for any valid execution of the program, and fail with some probability for any invalid execution (e.g., when the output value of one of the variables is tampered). PVCs work with straight-line integer programs that have operations { *,+,- }. We also sketch how we can extend this class to include branches and loops. FLAs can work over programs with arbitrary operations, but have some limitations in terms of efficiency, code size, and ability to handle various classes of functions. We describe a few applications of this technique, such as program integrity checking, program or client identification, and tamper detection. As a generalization of oblivious hashing (OH), our approach resolves several troublesome issues that complicate practical application of OH towards tamper-resistance.