Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU

Motives Software cracking is a serious threat to many in the software industry. Attackers can insert an unconditional jump to overpass the serial number checker. How to protect important segment of code has became an issue.

The Guarding Framework: Types of guard Guard: a piece of code responsible for performing certain security-related actions during program execution. Checksum code: Checksum another piece of program code at runtime and verify its integrity Repair code: Restore a piece of damaged code to its original form before it is executed or used.

The Guarding Framework: Guard Graph

The Guarding Framework: Features Distributed-ness Multiplicity Dynamism Scalability

The Guarding Framework: System Guard template Binary manipulation Logical boundary between the data and executable code should be blurred. Obfuscate guard code

The Guarding Framework: Template Example

Conclusion Distributed protection Various protection schemes Configurable tamper-resistance

Reference Protecting Software Codes By Guards Hoi Chang, Mikhail J. Atallah Center for Education and Research in Information Assurance and Security & Arxan Technologies PC Assembly Language (NASM) Paul A. Carter

Software Watermarking: Models and Dynamic Embeddings The George Washington University CS297 YU-HAO HU

Types of Attacks to Watermarking System Subtractive attack: attackers can crop out watermarks. Distortive attack: attackers can twist watermarks. Additive attack: attackers can override watermarks.

Fingerprinting System Similar to watermarking system except it gives different secret messages to different receivers. Vulnerable to collusive attack. Attackers can locate the secret messages by comparing different copies of messages.

Types of Watermarks: Static Watermarks Data Watermark  Ex. string C = “Copyright…”. Code Watermark  Ex. Additional data stored in an object or wherever in the code. Easy to be destroyed by optimization techniques.

Types of Watermarks: Dynamic Watermarks Easter Eggs Dynamic Data Structure  Embedded within the state of a program and showed with a particular input. Dynamic Execution Trace  It is extracted by monitoring a special sequence of operations

Dynamic Graph Watermarking: Central Ideas Use the topology of a graph to represent watermark. Graph is dynamically built in the heap. Examine the runtime object heap with the special input sequence.

Dynamic Graph Watermarking: Embedding Watermarks Pick number P & Q, n = P * Q Represent n as a graph Program W could build graph.

Dynamic Graph Watermarking : Embedding Watermarks Embed W into original program Add temper-proofing Obfuscation

Dynamic Graph Watermarking : Embedding Watermarks Remove recognizer to be product version

Dynamic Graph Watermarking: Verifying Watermarks Links recognizer with the product Gives special input set I and gets the number n Factoring n to get P and Q

Obfuscation Techniques: Loop i = 1; while ( i< 100){ … i += 1; … }

Obfuscation Techniques: Loop i = 1, j = 100; while ( (i< 100)&&((i+j)!=-1)){ … i += 1; j = (j*100)%50; … }

Obfuscation Techniques: Class Inheritance Class One Class A Class Z

Obfuscation Techniques: Class Inheritance Class One Class A Class Z Class AA Interface A

Dynamic Graph Watermarking: Conclusion Resistant to optimization, obfuscation transformation because they don’t affect heap allocation. Using reflection to prevent renaming or reordering graph nodes Constantly checking graph to ensure the graph is not cropped out.

References Software Watermarking: Models and Dynamic Embeddings Christian Collberg, Clark Thomborson Software Watermarking: Models and Dynamic Embeddings Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs Christian Collberg, Clark Thomborson, Douglas Low Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs Breaking Abstractions and Unstructuring Data Structures Christian Collberg, Clark Thomborson, Douglas Low Breaking Abstractions and Unstructuring Data Structures