Software tamper resistance through dynamic program monitoring

  • Authors:

  • Brian Blietz;Akhilesh Tyagi

  • Affiliations:

  • Dept. of Electrical & Computer Engineering, Iowa State University, Ames, Iowa;Dept. of Electrical & Computer Engineering, Iowa State University, Ames, Iowa

  • Venue:
  • DRMTICS'05 Proceedings of the First international conference on Digital Rights Management: technologies, Issues, Challenges and Systems
  • Year:
  • 2005

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper describes a two instruction-stream (two-process) model for tamper resistance. One process (Monitor process, M-Process) is designed explicitly to monitor the control flow of the main program process (P-Process). The compilation phase compiles the software into two co-processes: P-process and M-process. The monitor process contains the control flow consistency conditions for the P-process. The P-process sends information on its instantiated control flow at a compiler specified fixed period to the M-process. If there is a violation of the control flow conditions captured within the M-process, the M-process takes an anti-tamper action such as termination of the P-process. By its very design, the monitor process is expected to be compact. Hence, we can afford to protect the M-process with a more expensive technique, a variant of Aucsmith's scheme. This scheme has been implemented with the Gnu C compiler gcc. There are several other monitoring, obfuscation, and dynamic decryption techniques that are embedded in this system. We quantify the performance overhead of the scheme for a variety of programs. The performance of such an anti-tamper schema can be significantly improved by leveraging a decoupled processor architecture to support the decoupled M- and P- processes. We describe one instance of such a two-stream decoupled architecture that can make the scheme more robust and efficient.