Presentation is loading. Please wait.

Presentation is loading. Please wait.

A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico.

Similar presentations


Presentation on theme: "A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico."— Presentation transcript:

1 A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico di Torino) Trento, June, 28 th 2004

2 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Tamper resistance approaches Integrity-checking Static self-checking Dynamic self-checking[Horne01, Chen02] Making Reverse-Engineering complex Customization [Aucsmith96] Obfuscation[Collberg02] Anti-debugging Code identification Watermarking [Barak01, Collberg99] Code signature

3 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Our approach Self-checking relies on code checkers whose position is hidden in the application whose behavior is obfuscated Our solution extends the power of code checkers in two ways remote verification that self-checking has been performed continuous replacement of self-checking code

4 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, A First Prototype at Turin PolytechnicTFG Code checker Entrusted software TFC TFG is periodically updated

5 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Aspect-Oriented Programming Aspect is extra-code that modularizes the implementation of a crosscutting concern An Aspect encapsulates pointcuts and advices A Pointcut defines at which points (Join Points) in the execution of the program, extra code should be inserted An Advice defines the extra-code that runs when a join-point is matched The final code is obtained merging base code and aspect code At compile time with an aspect compiler At run time with a dynamic AOP platform

6 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Why AOP ? Software-tampering detection is a crosscutting concern Aspect Oriented Programming (AOP) Modularizes self-checking code in an aspect Eases the design of different self-checking techniques Aspect behavior is continuously updated with mobile code Dynamic self-checking vs. adversary With analysis tools Knowledge of our algorithm Most details of our implementation

7 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, A Proof of Concept: Chat System Java Chat server/reflector with TFC TFC generates aspects code TFC pushes code to oblivious clients Java Chat client with TFG AOP to intercept calls to application methods Mobile Code (aspects) is woven by AOP platform Aspect contains Session key TFG and encryption algorithm Pointcuts to application code

8 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Threats & Countermeasures Discovery Static inspection to find self-checking code Mobile code against static inspection Disablement Disable checking Disablement stops tag generation TFC can block untrusted client Replacement Disable checking but sending correct info Replacement must be applied before TFG expires Overlapping aspects checking each other

9 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Future Work Implementation with JVMTI API in Java 1.5 Full control on JVM events through agent Agent in C language using JNI Can avoid using AOP platforms, but More complicated implementation No more help from pointcuts Need to implement dynamic downloading of code in C Access to memory info can be used to apply and update signature to bytecode at run time Ideal solution: new dynamic AOP platforms relying on JVMTI

10 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Related Work links [Chen02] Y. Chen, R. Venkatesan, M. Cary, R. Pang, S. Sinha, M. Jakubowski, Oblivious hashing: Silent Verification of Code Execution. In Proceedings of 5th international workshop on information hiding (IHW 2002), Noordwijkerhout, The Netherlands, 7–9 October [Collberg02] C. Collberg, C. Thomborson and D. Low, Watermarking, Tamper-Proofing, and Obfuscation-- Tools for Software Protection, IEEE Transactions on Software Engineering, vol. 28, [TCPA] S. Pearson, B. Balacheff, D. Plaquin, and G. Proudler, Trusted Computing Platforms: TCPA Technology in Context [Barak01] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, K. Yang, On the (Im)possibility of Obfuscating Programs - CRYPTO 2001 [Horne01] B. Horne, L. Matheson, C. Sheehan, and R. E. Tarjan, Dynamic Self-Checking Techniques for Improved Tamper Resistance. On ACM Workshop on Security and Privacy in Digital Rights Management, [Aucsmith96] D. Aucsmith. Tamper resistant software: An implementation. In R.J. Anderson, editor, Information Hiding, Lecture Notes in Computer Science Springer-Verlag, [Collberg99] C. Collberg and C. Thomborson. Software watermarking: Models and dynamic embeddings. In Principles of Programming Languages, San Antonio,USA, January [PROSE]PROSE homepage. [Aspectj]AspectJ homepage. On-line at


Download ppt "A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico."

Similar presentations


Ads by Google