Self destructive tamper response for software protection

Quantified Score

Visualization

Abstract

A method of creating tamper resistant software that is resistant to unauthorized modification is proposed. It utilizes a primitive that combines self-modifying based instruction camouflage and self integrity verification, and a method to construct a structure in which the multiple primitives are interlocked each other. Tamper resistant software created by the proposed method contains multiple camouflaged instructions in the object program, so that it is difficult for attacker to correctly understand the content of processing using static analysis. When attacker tries to do dynamic analysis, anti-debugging techniques prevent the attempt. The tamper resistant software, at runtime, continuously executes detecting and preventing dynamic analysis, verifying its integrity, and self-modifying itself in such a way that target of self-modifying is dynamically determined according to result of self integrity verification. If unauthorized modification is detected, then it self-modifies a part of instruction which is different from the part of camouflaged instruction to be self-modified, and executes different instructions from its original. As a result, it generates a series of unpredictable abnormal self destructive behaviors such as error or termination, so that attacker's analysis and modification are strongly disturbed. Cost of analysis is increased as the numbers of self integrity verification and instruction camouflage are increased, hence, the tamper resistance can be strengthened quantitatively.