Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Published byCamila Easton Modified over 9 years ago

Similar presentations

Presentation on theme: "Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski."— Presentation transcript:

1 Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski Chit Wei (Nick) Saw Ramarathnam Venkatesan Microsoft Research Redmond, WA (USA)

2 IWSEC 2009 Toyama, Japan October 28-30, 20092 Introduction Software integrity –Enforcing “correct” program execution –Copy protection, licensing, DRM, anti-malware, OS security, … Fault tolerance –Enhancing system robustness –Redundancy, rollback, failover, … Goals of our work: –Adapt fault tolerance to the malicious-attacker scenario. –Study real-life security of tamper-tolerant software.

3 IWSEC 2009 Toyama, Japan October 28-30, 20093 Overview Introduction Background Tamper-tolerant software Implementation and experiments Conclusion Fault tolerance and software protection

4 IWSEC 2009 Toyama, Japan October 28-30, 20094 Fault Tolerance Methods to enhance system robustness: –Redundancy (duplicated components) –Voting (majority-logic error correction) –Rollback (redoing operations upon failure) –Failover (switching to fresh component) –… Designed to handle “random” faults Not intended against intelligent attackers

5 IWSEC 2009 Toyama, Japan October 28-30, 20095 Overview Introduction Background Tamper-tolerant software Implementation and experiments Conclusion Fault tolerance and software protection

6 IWSEC 2009 Toyama, Japan October 28-30, 20096 Tamper-Tolerant Software Main idea: Detect and correct tampering at runtime. Distinct from traditional anti-tamper responses: –Error messages –Crashes –Graceful degradation –Other forms of obfuscated failure

7 IWSEC 2009 Toyama, Japan October 28-30, 20097 Building Blocks Techniques adapted from fault tolerance –Code redundancy: Multiple copies to prevent single points of attack. –Code individualization: Diversified copies to force extra analysis. –State checkpointing: Rollback of execution to undo tampering. Additional techniques from software protection –Integrity checks: Detect tampering (e.g., oblivious hashing or integrity-checking expressions). –Delayed responses: Prevent easy discovery of integrity checks. –Error correction: Fix tampering (e.g., by voting).

8 IWSEC 2009 Toyama, Japan October 28-30, 20098 Basic Tamper-Tolerance Scheme

9 IWSEC 2009 Toyama, Japan October 28-30, 20099 Tamper-Tolerance Techniques Individualized modular redundancy (IMR) –Multiple redundant, individualized code blocks –“Secure” version of standard TMR/V (triple modular redundancy with voting) and related schemes Schemes using IMR: –Voting (IMR/V): Execute multiple blocks and output most common (or corrected) result. –Detection and correction (IMR/DC): Roll back and execute a redundant block upon tamper detection. –Randomized execution (IMR/RE): Choose different individualized blocks for execution.

10 IWSEC 2009 Toyama, Japan October 28-30, 200910 Tamper-Tolerance Modeling Graph-based tamper-resistance model [Dedić et al. ’07] –Program: Graph (e.g., control-flow graph) –Execution: “Semi-random” walk on the graph –Integrity checks: Verification of correct execution –Tamper responses: Delayed crashes or failures Attack model: “Graph game” involving tampering of nodes and observation of effects. Main result: Attacker must take a “long” time to find all checks. For tamper-tolerance: Replace delayed crashes with delayed fixes.

11 IWSEC 2009 Toyama, Japan October 28-30, 200911 Tamper-Tolerance Modeling Simplified model: –n: number of integrity checks in program –p: probability of executing a check per program run –d: effort required to attack each check per run Analysis –1/p runs to trigger and analyze one check –n/p runs to analyze n independent checks –dn/p effort to analyze n checks Set p = 1/n. Then attacker’s work factor is dn 2 (quadratic in number of checks).

12 IWSEC 2009 Toyama, Japan October 28-30, 200912 Overview Introduction Background Tamper-tolerant software Implementation and experiments Conclusion Tamper-tolerant software

13 IWSEC 2009 Toyama, Japan October 28-30, 200913 Implementation Compiler plug-in (C++) –Based on Phoenix compiler infrastructure –Transforms high-level intermediate representation (close to source code) Experiments on SPEC benchmarks –Redundant blocks with randomized execution (IMR/RE) –Stack-frame rollback

14 IWSEC 2009 Toyama, Japan October 28-30, 200914 Experimental Results IMR/RE (randomized execution) over 25% of SPEC benchmark code

15 IWSEC 2009 Toyama, Japan October 28-30, 200915 Experimental Results IMR/RE (randomized execution) over 100% of SPEC benchmark code

16 IWSEC 2009 Toyama, Japan October 28-30, 200916 Experimental Results Performance impact of rollback Simulated attacks with different probabilities of tampering

17 IWSEC 2009 Toyama, Japan October 28-30, 200917 Conclusion Tamper-tolerant software –Fixing tampering instead of crashing –Adaptation of fault tolerance to software protection Future work –Methods to diversify and hide tamper correction –Metrics for security evaluation

Download ppt "Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski."

Similar presentations

Randomized Detection for Spread- Spectrum Watermarking: Defending Against Sensitivity and Other Attacks Ramarathnam Venkatesan and Mariusz H. Jakubowski.

Randomized Detection for Spread- Spectrum Watermarking: Defending Against Sensitivity and Other Attacks Ramarathnam Venkatesan and Mariusz H. Jakubowski.
Principles of Engineering System Design Dr T Asokan

Principles of Engineering System Design Dr T Asokan
Christian Delbe1 Christian Delbé OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis November 29 2006 Automatic Fault Tolerance in ProActive.

Christian Delbe1 Christian Delbé OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis November Automatic Fault Tolerance in ProActive.
Testing and Quality Assurance

Testing and Quality Assurance
Iterated Transformations and Quantitative Metrics for Software Protection International Conference on Security and Cryptography SECRYPT 2009 July 7-10,

Iterated Transformations and Quantitative Metrics for Software Protection International Conference on Security and Cryptography SECRYPT 2009 July 7-10,
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Chapter 4 Quality Assurance in Context

Chapter 4 Quality Assurance in Context
Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.

Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.
A Graph Game Model for Software Tamper Protection Information Hiding ‘07 June 11-13, 2007 Mariusz Jakubowski Ramarathnam Venkatesan Microsoft Research.

A Graph Game Model for Software Tamper Protection Information Hiding ‘07 June 11-13, 2007 Mariusz Jakubowski Ramarathnam Venkatesan Microsoft Research.
Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security.

Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security.
Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.

Software Fault Injection for Survivability Jeffrey M. Voas & Anup K. Ghosh Presented by Alison Teoh.
3. Hardware Redundancy Reliable System Design 2010 by: Amir M. Rahmani.

3. Hardware Redundancy Reliable System Design 2010 by: Amir M. Rahmani.
Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.

Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.
Yingping Huang and Gregory Madey University of Notre Dame A W S utonomic eb-based imulation Presented by Tariq M. King Published by the IEEE Computer Society.

Yingping Huang and Gregory Madey University of Notre Dame A W S utonomic eb-based imulation Presented by Tariq M. King Published by the IEEE Computer Society.
Making Services Fault Tolerant

Making Services Fault Tolerant
RUGRAT: Runtime Test Case Generation using Dynamic Compilers Ben Breech NASA Goddard Space Flight Center Lori Pollock John Cavazos University of Delaware.

RUGRAT: Runtime Test Case Generation using Dynamic Compilers Ben Breech NASA Goddard Space Flight Center Lori Pollock John Cavazos University of Delaware.
SIM5102 Software Evaluation

SIM5102 Software Evaluation
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.

7. Fault Tolerance Through Dynamic or Standby Redundancy 7.5 Forward Recovery Systems Upon the detection of a failure, the system discards the current.
The Superdiversifier: Peephole Individualization for Software Protection Mariusz H. Jakubowski Prasad Naldurg Chit Wei (Nick) Saw Ramarathnam Venkatesan.

The Superdiversifier: Peephole Individualization for Software Protection Mariusz H. Jakubowski Prasad Naldurg Chit Wei (Nick) Saw Ramarathnam Venkatesan.

Similar presentations

Ads by Google