A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico.

Slides:

Advertisements

Similar presentations

AspectWerkz 2 - and the road to AspectJ 5 Jonas Bonér Senior Software Engineer BEA Systems.

Advertisements

IEEE/FIPA WG Mobile Agents Ulrich Pinsdorf Fraunhofer-Institute IGD, Germany Dept. Security Technology

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

CS Body of Knowledge (ACM) Discrete Structures Programming Fundamentals Algorithms & Complexity Operating Systems Architecture & Organization Social &

Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.

Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.

Dynamic Self-Checking Techniques for Improved Tamper Resistance Bill Horne, Lesley Matheson, Casey Sheehan, Robert E. Tarjan STAR Lab, InterTrust Technologies.

Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.

® IBM Software Group © 2010 IBM Corporation What’s New in Profiling & Code Coverage RAD V8 April 21, 2011 Kathy Chan

ASTA Aspect Software Testing Assistant Juha Gustafsson, Juha Taina, Jukka Viljamaa University of Helsinki.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.

Aspect Oriented Programming - AspectJ Radhika Rajput.

H Apr-01 Clark Thomborson Software Security CompSci 725 Handout 28: Report Writing #2 (Sample Titles & Abstracts) Clark Thomborson University of.

1 Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code (DOME) Subha Ramanathan & Arun Krishnamurthy Nov 15, 2005.

University of British Columbia Software Practices Lab Fluid AOP Join Point Models Terry Hon Gregor Kiczales.

University of British Columbia Software Practices Lab 2005 CASCON A Fluid AOP Editor Terry Hon Gregor Kiczales.

Review Amit Shabtay. March 3rd, 2004 Object Oriented Design Course 2 Review What have we done during the course? Where to learn more? What is for the.

ASPECT ORIENTED SOFTWARE DEVELOPMENT Prepared By: Ebru Doğan.

University of British Columbia Software Practices Lab CAS Seminar 06 Fluid AJ - A Simple Fluid AOP Tool Terry Hon Gregor Kiczales.

Review David Rabinowitz. March 3rd, 2004 Object Oriented Design Course 2 Review What have we done during the course? Which topics we have not discussed?

1 ES 314 Advanced Programming Lec 2 Sept 3 Goals: Complete the discussion of problem Review of C++ Object-oriented design Arrays and pointers.

Software Uniqueness: How and Why? Puneet Mishra Dr. Mark Stamp Department of Computer Science San José State University, San José, California.

Project supported by YESS 2009 Young Engineering Scientist Symposium « Identity Management » Cryptography for the Security of Embedded Systems Ambient.

1 Aspects and Modularity: The Hope and the Challenge Jonathan Aldrich Institute for Software Research International School of Computer Science Carnegie.

Developing Adaptive J2ME Applications Using AspectJ Ayla Débora and Paulo Borba {add, Centro de Informática - UFPE.

Secure Systems Research Group - FAU Aspects and mobile applications Sergio Soares Paulo Borba, “PaDA: A Pattern for Distribution Aspects” In Second Latin.

Introduction to Aspect Oriented Programming Presented By: Kotaiah Choudary. Ravipati M.Tech IInd Year. School of Info. Tech.

Aspect Oriented Programming (AOP) in.NET Brent Krueger 12/20/13.

Aspect Oriented Programming Razieh Asadi University of Science & Technology Mazandran Babol Aspect Component Based Software Engineering (ACBSE)

Abc Compiler Zak Fry. Who and Where Programming Tools Group at Oxford University, UK – Oege de Moor Sable Research Group at McGill University, Quebec.

VERIFICATION OF ASPECT ORIENTED MODELS BY DON MARTIN JAYASHREE VENKIPURAM PATHANGI PIYUSH SRIVASTAVA REFERENCES F. Mostefaoui and J. Vachon,” Design level.

Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development 1.

Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.

Aspect Oriented Programming Sumathie Sundaresan CS590 :: Summer 2007 June 30, 2007.

POSL (Principles of Software Languages) Gr. Kyushu Institute of Technology, Japan Pointcut-based Architectural Interface.

Aspect Oriented Programming Gülşah KARADUMAN.

VERIFICATION OF ASPECT-ORIENTED MODELS Review of Aspect-Oriented Definitions aspect – crosscutting concern that may involve multiple classes pointcut –

A Meta-Level Specification and Profile for AspectJ in UML Joerg Evermann School of Information Management Victoria University of Wellington.

Methodology: The AOP Refactoring Process Aspect-Oriented Refactoring of the Apache Cocoon Shared-Object Resource Allocation System Jeff Dalton Advisor:

AOP-1 Aspect Oriented Programming. AOP-2 Aspects of AOP and Related Tools Limitation of OO Separation of Concerns Aspect Oriented programming AspectJ.

UHD::3320::CH121 DESIGN PHASE Chapter 12. UHD::3320::CH122 Design Phase Two Aspects –Actions which operate on data –Data on which actions operate Two.

IDENTIFYING SEMANTIC DIFFERENCES IN ASPECTJ PROGRAMS Martin Görg and Jianjun Zhao Computer Science Department, Shanghai Jiao Tong University.

Introducing Allors Applications, Tools & Platform.

Slicing AspectJ Woven Code Luca Cavallaro Mattia Monga Antonio Castaldo D'Ursi Davide Balzarotti Politecnico di Milano.

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University IWPSE 2003 Program.

Aspect Oriented Development Alex Beatty.  Purpose  Cross-cutting Concerns  Join Points, Pointcuts, and Advices  Weaving  Invasive vs. Non-Invasive.

Dynamic Self-checking Techniques for Improved Tamper Resistance Bill Horne Lesley Matheson Casey Sheehan Robert E.Tarjan Presented by YAN MIN (Jasmine)

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

CrossCheckSimulation Results Conclusions References Model Instrumentation Modeling with CUTS Property Specification SPRUCE Challenge Problem Checking Model.

F1 BOX/SECURITY/SERVER SYSTEM SPTECH FEEDBACK(DRAFT2) 12012/9/21Sony/SPTech Confidential.

Aspect Oriented Programming in.NET with CodeBricks Antonio Cisternino Academic Days Milan, 2004 Università di Pisa Supported by Microsoft Research grant.

Applying Aspect-Orientation in Designing Security Systems Shu Gao Florida International University Center for Advanced Distributed Systems Engineering.

Tamper Resistant Software: An Implementation By David Aucsmith, IAL In Information Hiding Workshop, RJ Anderson (ed), LNCS, 1174, pp , “Integrity.

Lecture1 Instructor: Amal Hussain ALshardy. Introduce students to the basics of writing software programs including variables, types, arrays, control.

Secure Execution of Computations in Untrusted Hosts S. H. K. Narayanan 1, M.T. Kandemir 1, R.R. Brooks 2 and I. Kolcu 3 1 Embedded Mobile Computing Center.

Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University.

A Framework For Trusted Instruction Execution Via Basic Block Signature Verification Milena Milenković, Aleksandar Milenković, and Emil Jovanov Electrical.

Compilers and Security

Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.

Software Engineering Lecture 7

Walter Binder Giovanna Di Marzo Serugendo Jarle Hulaas

Aspect-Oriented Programming with the Eclipse AspectJ plug-in

Secure Processing On-Chip

Structuring Adaptive Applications using AspectJ and AOM

Intel Active Management Technology

AspectAda Aspect-Oriented Programming for Ada95

Presentation transcript:

A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico di Torino) Trento, June, 28 th 2004

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Tamper resistance approaches Integrity-checking Static self-checking Dynamic self-checking[Horne01, Chen02] Making Reverse-Engineering complex Customization [Aucsmith96] Obfuscation[Collberg02] Anti-debugging Code identification Watermarking [Barak01, Collberg99] Code signature

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Our approach Self-checking relies on code checkers whose position is hidden in the application whose behavior is obfuscated Our solution extends the power of code checkers in two ways remote verification that self-checking has been performed continuous replacement of self-checking code

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, A First Prototype at Turin PolytechnicTFG Code checker Entrusted software TFC TFG is periodically updated

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Aspect-Oriented Programming Aspect is extra-code that modularizes the implementation of a crosscutting concern An Aspect encapsulates pointcuts and advices A Pointcut defines at which points (Join Points) in the execution of the program, extra code should be inserted An Advice defines the extra-code that runs when a join-point is matched The final code is obtained merging base code and aspect code At compile time with an aspect compiler At run time with a dynamic AOP platform

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Why AOP ? Software-tampering detection is a crosscutting concern Aspect Oriented Programming (AOP) Modularizes self-checking code in an aspect Eases the design of different self-checking techniques Aspect behavior is continuously updated with mobile code Dynamic self-checking vs. adversary With analysis tools Knowledge of our algorithm Most details of our implementation

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, A Proof of Concept: Chat System Java Chat server/reflector with TFC TFC generates aspects code TFC pushes code to oblivious clients Java Chat client with TFG AOP to intercept calls to application methods Mobile Code (aspects) is woven by AOP platform Aspect contains Session key TFG and encryption algorithm Pointcuts to application code

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Threats & Countermeasures Discovery Static inspection to find self-checking code Mobile code against static inspection Disablement Disable checking Disablement stops tag generation TFC can block untrusted client Replacement Disable checking but sending correct info Replacement must be applied before TFG expires Overlapping aspects checking each other

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Future Work Implementation with JVMTI API in Java 1.5 Full control on JVM events through agent Agent in C language using JNI Can avoid using AOP platforms, but More complicated implementation No more help from pointcuts Need to implement dynamic downloading of code in C Access to memory info can be used to apply and update signature to bytecode at run time Ideal solution: new dynamic AOP platforms relying on JVMTI

Politecnico di Torino Paolo Falcarin Trento, IP-Flow meeting, June 28 th, Related Work links [Chen02] Y. Chen, R. Venkatesan, M. Cary, R. Pang, S. Sinha, M. Jakubowski, Oblivious hashing: Silent Verification of Code Execution. In Proceedings of 5th international workshop on information hiding (IHW 2002), Noordwijkerhout, The Netherlands, 7–9 October [Collberg02] C. Collberg, C. Thomborson and D. Low, Watermarking, Tamper-Proofing, and Obfuscation-- Tools for Software Protection, IEEE Transactions on Software Engineering, vol. 28, [TCPA] S. Pearson, B. Balacheff, D. Plaquin, and G. Proudler, Trusted Computing Platforms: TCPA Technology in Context [Barak01] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, K. Yang, On the (Im)possibility of Obfuscating Programs - CRYPTO 2001 [Horne01] B. Horne, L. Matheson, C. Sheehan, and R. E. Tarjan, Dynamic Self-Checking Techniques for Improved Tamper Resistance. On ACM Workshop on Security and Privacy in Digital Rights Management, [Aucsmith96] D. Aucsmith. Tamper resistant software: An implementation. In R.J. Anderson, editor, Information Hiding, Lecture Notes in Computer Science Springer-Verlag, [Collberg99] C. Collberg and C. Thomborson. Software watermarking: Models and dynamic embeddings. In Principles of Programming Languages, San Antonio,USA, January [PROSE]PROSE homepage. [Aspectj]AspectJ homepage. On-line at