The protection of computer software---its technology and applications
Communications of the ACM
Internetworking with TCP/IP (vol. 2, 2nd ed.): design, implementation, and internals
Internetworking with TCP/IP (vol. 2, 2nd ed.): design, implementation, and internals
Software protection and simulation on oblivious RAMs
Journal of the ACM (JACM)
Manufacturing cheap, resilient, and stealthy opaque constructs
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Linux Journal
Formal requirements for virtualizable third generation architectures
Communications of the ACM
Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
Tamper Resistant Software: An Implementation
Proceedings of the First International Workshop on Information Hiding
Dynamic Self-Checking Techniques for Improved Tamper Resistance
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Protecting Software Code by Guards
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
Retargetable and reconfigurable software dynamic translation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
An infrastructure for adaptive dynamic optimization
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
AEGIS: architecture for tamper-evident and tamper-resistant processing
ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Code Cache Management Schemes for Dynamic Optimizers
INTERACT '02 Proceedings of the Sixth Annual Workshop on Interaction between Compilers and Computer Architectures
Software Tamper Resistance: Obstructing Static Analysis of Programs
Software Tamper Resistance: Obstructing Static Analysis of Programs
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
SAFE-OPS: An approach to embedded software security
ACM Transactions on Embedded Computing Systems (TECS)
A Generic Attack on Checksumming-Based Software Tamper Resistance
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Pin: building customized program analysis tools with dynamic instrumentation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Hybrid static-dynamic attacks against software protection mechanisms
Proceedings of the 5th ACM workshop on Digital rights management
Strengthening Software Self-Checksumming via Self-Modifying Code
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Deobfuscation: Reverse Engineering Obfuscated Code
WCRE '05 Proceedings of the 12th Working Conference on Reverse Engineering
Evaluating fragment construction policies for SDT systems
Proceedings of the 2nd international conference on Virtual execution environments
Cell Broadband Engine™ processor security architecture and digital content protection
Proceedings of the 4th ACM international workshop on Contents protection and security
Proteus: virtualization for diversified tamper-resistance
Proceedings of the ACM workshop on Digital rights management
Virtual Machines: Versatile Platforms for Systems and Processes (The Morgan Kaufmann Series in Computer Architecture and Design)
HDTrans: an open source, low-level dynamic instrumentation system
Proceedings of the 2nd international conference on Virtual execution environments
QEMU, a fast and portable dynamic translator
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Evaluating Indirect Branch Handling Mechanisms in Software Dynamic Translation Systems
Proceedings of the International Symposium on Code Generation and Optimization
Proceedings of the 9th workshop on Multimedia & security
Proceedings of the 13th international conference on Architectural support for programming languages and operating systems
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
Side-Channel Attacks on Cryptographic Software
IEEE Security and Privacy
A secure and robust approach to software tamper resistance
IH'10 Proceedings of the 12th international conference on Information hiding
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Replacement attacks against VM-protected applications
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
Towards Static Analysis of Virtualization-Obfuscated Binaries
WCRE '12 Proceedings of the 2012 19th Working Conference on Reverse Engineering
| Hi-index | 0.00 |
Process-level Virtual machines (PVMs) often play a crucial role in program protection. In particular, virtualization-based tools like VMProtect and CodeVirtualizer have been shown to provide desirable obfuscation properties (i.e., resistance to disassembly and code analysis). To be efficient, many tools cache frequently-executed code in a code cache. This code is run directly on hardware and consequently may be susceptible to unintended, malicious modification after it has been generated. To thwart such modifications, this work presents a novel methodology that imparts tamper detection at run time to PVM-protected applications. Our scheme centers around the run-time creation of a network of software knots (an instruction sequence that checksums portions of the code) to detect tamper. These knots are used to check the integrity of cached code, although our techniques could be applied to check any software-protection properties. Used in conjunction with established static techniques, our solution provides a mechanism for protecting PVM-generated code from modification. We have implemented a PVM system that automatically inserts code into an application to dynamically generate polymorphic software knots. Our experiments show that PVMs do indeed provide a suitable platform for extending guard protection, without the addition of high overheads to run-time performance and memory. Our evaluations demonstrate that these knots add less than 10% overhead while providing frequent integrity checks.