Tamper Resistant Software: An Implementation
Proceedings of the First International Workshop on Information Hiding
Dynamic Self-Checking Techniques for Improved Tamper Resistance
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Protecting Software Code by Guards
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance
IEEE Transactions on Dependable and Secure Computing
Strengthening Software Self-Checksumming via Self-Modifying Code
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Software Protection through Anti-Debugging
IEEE Security and Privacy
Proceedings of the 9th workshop on Multimedia & security
Hi-index | 0.00 |
A method of creating tamper resistant software that is resistant to unauthorized modification is proposed. It utilizes a primitive that combines self-modifying based instruction camouflage and self integrity verification, and a method to construct a structure in which the multiple primitives are interlocked each other. Tamper resistant software created by the proposed method contains multiple camouflaged instructions in the object program, so that it is difficult for attacker to correctly understand the content of processing using static analysis. When attacker tries to do dynamic analysis, anti-debugging techniques prevent the attempt. The tamper resistant software, at runtime, continuously executes detecting and preventing dynamic analysis, verifying its integrity, and self-modifying itself in such a way that target of self-modifying is dynamically determined according to result of self integrity verification. If unauthorized modification is detected, then it self-modifies a part of instruction which is different from the part of camouflaged instruction to be self-modified, and executes different instructions from its original. As a result, it generates a series of unpredictable abnormal self destructive behaviors such as error or termination, so that attacker's analysis and modification are strongly disturbed. Cost of analysis is increased as the numbers of self integrity verification and instruction camouflage are increased, hence, the tamper resistance can be strengthened quantitatively.