ABYSS : An Architecture for Software Protection

Slides:



Advertisements
Similar presentations
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Advertisements

Operating System Security
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University VISA 2009.
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Superdistribution --- The Concept and the Architecture Ryoichi Mori and Masaji Kawahara presented by Ping Xu 1. Introduction to Superdistribution 2. Protect.
Achieving Better Privacy Protection in WSNs Using Trusted Computing Yanjiang YANG, Robert DENG, Jianying ZHOU, Ying QIU.
1 An Overview of Computer Security computer security.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Figure 1.1 Interaction between applications and the operating system.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
G53SEC 1 Reference Monitors Enforcement of Access Control.
Architecture for Protecting Critical Secrets in Microprocessors Ruby Lee Peter Kwan Patrick McGregor Jeffrey Dwoskin Zhenghong Wang Princeton Architecture.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Trusted Computing Or How I Learned to Stop Worrying and Love the MPAA.
Identity-Based Secure Distributed Data Storage Schemes.
Key Mangement Marjan Causevski Sanja Zakovska. Contents Introduction Key Management Improving Key Management End-To-End Scheme Vspace Scheme Conclusion.
Privacy Communication Privacy Confidentiality Access Policies Systems Crypto Enforced Computing on Encrypted Data Searching and Reporting Fully Homomorphic.
D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar.
Accountability in Hosted Virtual Networks Eric Keller, Ruby B. Lee, Jennifer Rexford Princeton University.
© 2005 Prentice Hall10-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.
Computers Operating System Essentials. Operating Systems PROGRAM HARDWARE OPERATING SYSTEM.
G53SEC 1 Reference Monitors Enforcement of Access Control.
Introduction Database integral part of our day to day life Collection of related database Database Management System : software managing and controlling.
Digital Rights Management for Mobiles Jani Suomalainen Research Seminar on Telecommunications Business II Telecommunications Software and Multimedia Laboratory.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
1 Pascal URIEN, IETF 61th, Washington DC, 10th November 2004 draft-urien-eap-smartcard-06.txt “EAP-Support in Smartcard”
BY S.S.SUDHEER VARMA (13NT1D5816)
Security Issues in Information Technology
Securing Network Servers
Outline The basic authentication problem
Hardware-rooted Trust for Secure Key Management & Transient Trust
Lightweight Mutual Authentication for IoT and Its Applications
Trusted Computing and the Trusted Platform Module
Operating System Concepts
4. NCdisk SP-based SoC Architecture 5. NCdisk Security Protocol
Outline What does the OS protect? Authentication for operating systems
Hardware Cryptographic Coprocessor
pVault Sharing Architecture
Efficient Time-Bound Hierarchical Key Assignment Scheme
Outline What does the OS protect? Authentication for operating systems
Resource Management Chapter 19 9/20/2018 Crowley OS Chap. 19.
Chapter 14: Protection.
A BRIEF INTRODUCTION TO UNIX OPERATING SYSTEM
Enhancing Web Application Security with Secure Hardware Tokens
Module 2: Computer-System Structures
Introduction to Symmetric-key and Public-key Cryptography
Protect Your Hardware from Hacking and Theft
User-mode Secret Protection (SP) architecture
Student: Ying Hong Course: Database Security Instructor: Dr. Yang
Chapter 28: User Security
Module 2: Computer-System Structures
Chapter 29: Program Security
Operating Systems : Overview
Sai Krishna Deepak Maram, CS 6410
Operating Systems : Overview
Physical Unclonable Functions and Applications
Shielding applications from an untrusted cloud with Haven
Aimee Coughlin, Greg Cusack, Jack Wampler, Eric Keller, Eric Wustrow
O/S Organization © 2004, D. J. Foreman.
Module 2: Computer-System Structures
Module 2: Computer-System Structures
O/S Organization © 2004, D. J. Foreman.
Preventing Privilege Escalation
A lighttwiht reconfigurable security mechanism for 3G/4G mobile devices 2019/7/1 A Lightweight reconfigurable security mechanism for 3G/4G mobile devices.
Presentation transcript:

ABYSS : An Architecture for Software Protection IEEE Transactions on Software Engineering June 1990 Steve R. White and Liam Comerford Jaewon Lee

Introduction Traditional S/W protection method Problem Exploration writing in unusual way copy protection by feature on the distribution diskette attachment of special H/W devices Problem both logically and physically open system unacceptable burdens on the legitimate user Exploration physically secure tamper-resistant modules cryptographic approach crypto-microprocessor

Overview of ABYSS A Basic Yorktown Security System guarantees to execute exactly as it was written cannot be modified arbitrarily by the user the only encryption and decryption keys must be kept secret need physically secure device

Architecture of ABYSS Unprotected Processes Protected Processes … … Part of Application 1 High Privilege Supervisor Process Protected Part of Application 1 … … Right-To- Execute Storage Protected Part of Application N Unprotected Part of Application N Authorization Process

Protected Processors Minimal, but complete, computing system real-time clock random or pseudo-random number generator memory logically, physically, and procedurally secure unit Supervisor process ensuring the logical and procedural security of the protected processor cryptographic facility

S/W Partitioning Protected parts encrypted only decrypted when it is loaded into protected processor physically secure while inside the protected processor cryptographically secure while outside

Tokens New authorization mechanism queries responses generated randomly by protected processors sufficiently numerous that no collision different queries generate different responses responses sufficiently numerous that a correct random guessing is improbable sufficiently independent of each other token data is erased from the token as it is read

How Tokens Work   Query Line Query = UP Up Down 1  Response Line 1 2 3 n Up Down 1  Response Line 1  Query Line  2 3 4 n Up Down 1 1 1  1 Response Line Response = 0 1 

Attacks on The System Plaintext software Cryptanalytic attacks nonchosen plaintext attack Physical attacks On trusting the H/W manufacturer

New Capabilities Technical enforcement of terms and conditions Protection of distribution channels

Conclusion ABYSS enables the protected execution of application on protected processors logical, physical, and procedural security S/W is separated from its Right-To-Execute Doesn’t require changes to S/W distribution methods

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.