Presentation is loading. Please wait.

Presentation is loading. Please wait.

A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico.

Published byCaroline Holloway Modified over 10 years ago

Similar presentations

Presentation on theme: "A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico."— Presentation transcript:

1 A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico di Torino) Trento, June, 28 th 2004

2 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 2 Tamper resistance approaches Integrity-checking Static self-checking Dynamic self-checking[Horne01, Chen02] Making Reverse-Engineering complex Customization [Aucsmith96] Obfuscation[Collberg02] Anti-debugging Code identification Watermarking [Barak01, Collberg99] Code signature

3 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 3 Our approach Self-checking relies on code checkers whose position is hidden in the application whose behavior is obfuscated Our solution extends the power of code checkers in two ways remote verification that self-checking has been performed continuous replacement of self-checking code

4 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 4 A First Prototype at Turin PolytechnicTFG Code checker Entrusted software TFC TFG is periodically updated

5 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 5 Aspect-Oriented Programming Aspect is extra-code that modularizes the implementation of a crosscutting concern An Aspect encapsulates pointcuts and advices A Pointcut defines at which points (Join Points) in the execution of the program, extra code should be inserted An Advice defines the extra-code that runs when a join-point is matched The final code is obtained merging base code and aspect code At compile time with an aspect compiler At run time with a dynamic AOP platform

6 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 6 Why AOP ? Software-tampering detection is a crosscutting concern Aspect Oriented Programming (AOP) Modularizes self-checking code in an aspect Eases the design of different self-checking techniques Aspect behavior is continuously updated with mobile code Dynamic self-checking vs. adversary With analysis tools Knowledge of our algorithm Most details of our implementation

7 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 7 A Proof of Concept: Chat System Java Chat server/reflector with TFC TFC generates aspects code TFC pushes code to oblivious clients Java Chat client with TFG AOP to intercept calls to application methods Mobile Code (aspects) is woven by AOP platform Aspect contains Session key TFG and encryption algorithm Pointcuts to application code

8 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 8 Threats & Countermeasures Discovery Static inspection to find self-checking code Mobile code against static inspection Disablement Disable checking Disablement stops tag generation TFC can block untrusted client Replacement Disable checking but sending correct info Replacement must be applied before TFG expires Overlapping aspects checking each other

9 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 9 Future Work Implementation with JVMTI API in Java 1.5 Full control on JVM events through agent Agent in C language using JNI Can avoid using AOP platforms, but More complicated implementation No more help from pointcuts Need to implement dynamic downloading of code in C Access to memory info can be used to apply and update signature to bytecode at run time Ideal solution: new dynamic AOP platforms relying on JVMTI

10 Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, 2004 10 Related Work links [Chen02] Y. Chen, R. Venkatesan, M. Cary, R. Pang, S. Sinha, M. Jakubowski, Oblivious hashing: Silent Verification of Code Execution. In Proceedings of 5th international workshop on information hiding (IHW 2002), Noordwijkerhout, The Netherlands, 7–9 October 2002. [Collberg02] C. Collberg, C. Thomborson and D. Low, Watermarking, Tamper-Proofing, and Obfuscation-- Tools for Software Protection, IEEE Transactions on Software Engineering, vol. 28, 2002. [TCPA] S. Pearson, B. Balacheff, D. Plaquin, and G. Proudler, Trusted Computing Platforms: TCPA Technology in Context [Barak01] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, K. Yang, On the (Im)possibility of Obfuscating Programs - CRYPTO 2001 [Horne01] B. Horne, L. Matheson, C. Sheehan, and R. E. Tarjan, Dynamic Self-Checking Techniques for Improved Tamper Resistance. On ACM Workshop on Security and Privacy in Digital Rights Management, 2001. [Aucsmith96] D. Aucsmith. Tamper resistant software: An implementation. In R.J. Anderson, editor, Information Hiding, Lecture Notes in Computer Science 1174. Springer-Verlag, 1996. [Collberg99] C. Collberg and C. Thomborson. Software watermarking: Models and dynamic embeddings. In Principles of Programming Languages, San Antonio,USA, January 1999. [PROSE]PROSE homepage. http://prose.ethz.ch/ [Aspectj]AspectJ homepage. On-line at http://eclipse.org/aspectj/

Download ppt "A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico."

Similar presentations

AspectWerkz 2 - and the road to AspectJ 5 Jonas Bonér Senior Software Engineer BEA Systems.

AspectWerkz 2 - and the road to AspectJ 5 Jonas Bonér Senior Software Engineer BEA Systems.
IEEE/FIPA WG Mobile Agents Ulrich Pinsdorf Fraunhofer-Institute IGD, Germany Dept. Security Technology

IEEE/FIPA WG Mobile Agents Ulrich Pinsdorf Fraunhofer-Institute IGD, Germany Dept. Security Technology
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
CS Body of Knowledge (ACM) Discrete Structures Programming Fundamentals Algorithms & Complexity Operating Systems Architecture & Organization Social &

CS Body of Knowledge (ACM) Discrete Structures Programming Fundamentals Algorithms & Complexity Operating Systems Architecture & Organization Social &
Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.

Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.

Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan

® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan
ASTA Aspect Software Testing Assistant Juha Gustafsson, Juha Taina, Jukka Viljamaa University of Helsinki.

ASTA Aspect Software Testing Assistant Juha Gustafsson, Juha Taina, Jukka Viljamaa University of Helsinki.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.
Aspect Oriented Programming - AspectJ Radhika Rajput.

Aspect Oriented Programming - AspectJ Radhika Rajput.
H28.1 6-Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.

H Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.
1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.
University of British Columbia Software Practices Lab Fluid AOP Join Point Models Terry Hon Gregor Kiczales.

University of British Columbia Software Practices Lab Fluid AOP Join Point Models Terry Hon Gregor Kiczales.
University of British Columbia Software Practices Lab 2005 CASCON A Fluid AOP Editor Terry Hon Gregor Kiczales.

University of British Columbia Software Practices Lab 2005 CASCON A Fluid AOP Editor Terry Hon Gregor Kiczales.
Review Amit Shabtay. March 3rd, 2004 Object Oriented Design Course 2 Review What have we done during the course? Where to learn more? What is for the.

Review Amit Shabtay. March 3rd, 2004 Object Oriented Design Course 2 Review What have we done during the course? Where to learn more? What is for the.
ASPECT ORIENTED SOFTWARE DEVELOPMENT Prepared By: Ebru Doğan.

ASPECT ORIENTED SOFTWARE DEVELOPMENT Prepared By: Ebru Doğan.
University of British Columbia Software Practices Lab CAS Seminar 06 Fluid AJ - A Simple Fluid AOP Tool Terry Hon Gregor Kiczales.

University of British Columbia Software Practices Lab CAS Seminar 06 Fluid AJ - A Simple Fluid AOP Tool Terry Hon Gregor Kiczales.
Review David Rabinowitz. March 3rd, 2004 Object Oriented Design Course 2 Review What have we done during the course? Which topics we have not discussed?

Review David Rabinowitz. March 3rd, 2004 Object Oriented Design Course 2 Review What have we done during the course? Which topics we have not discussed?

Similar presentations

Ads by Google