Software Tamper Resistance: Obstructing Static Analysis of Programs Chenxi Wang, Jonathan Hill, John Knight, Jack Davidson at university of Virginia This.

Slides:



Advertisements
Similar presentations
Course Outline Traditional Static Program Analysis Software Testing
Advertisements

Context-Sensitive Interprocedural Points-to Analysis in the Presence of Function Pointers Presentation by Patrick Kaleem Justin.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Runtime Protection via Dataflow Flattening Bertrand Anckaert Ghent University/ Boston Consulting Group The Third International Conference on Emerging Security.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
Chapter 9 – Network Theorems
On the complexity of orthogonal compaction maurizio patrignani univ. rome III.
Program analysis Mooly Sagiv html://
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
Program analysis Mooly Sagiv html://
Overview of program analysis Mooly Sagiv html://
Software Uniqueness: How and Why? Puneet Mishra Dr. Mark Stamp Department of Computer Science San José State University, San José, California.
Overview of program analysis Mooly Sagiv html://
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
Ben Livshits Based in part of Stanford class slides from
BRASS Analysis of QuasiStatic Scheduling Techniques in a Virtualized Reconfigurable Machine Yury Markovskiy, Eylon Caspi, Randy Huang, Joseph Yeh, Michael.
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
Software Testing and QA Theory and Practice (Chapter 4: Control Flow Testing) © Naik & Tripathy 1 Software Testing and Quality Assurance Theory and Practice.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Bitwidth Analysis with Application to Silicon Compilation Mark Stephenson Jonathan Babb Saman Amarasinghe MIT Laboratory for Computer Science.
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.
Secure Virtual Architecture John Criswell, Arushi Aggarwal, Andrew Lenharth, Dinakar Dhurjati, and Vikram Adve University of Illinois at Urbana-Champaign.
Software testing techniques Testing Maturity Model Presentation on the seminar Kaunas University of Technology.
Cryptography on Non-Trusted Machines Stefan Dziembowski.
© SERG Dependable Software Systems (Mutation) Dependable Software Systems Topics in Mutation Testing and Program Perturbation Material drawn from [Offutt.
Containment and Integrity for Mobile Code Security policies as types Andrew Myers Fred Schneider Department of Computer Science Cornell University.
1 Specialization Tools and Techniques for Systematic Optimization of System Software McNamee, Walpole, Pu, Cowan, Krasic, Goel, Wagle, Consel, Muller,
The Complexity of Optimization Problems. Summary -Complexity of algorithms and problems -Complexity classes: P and NP -Reducibility -Karp reducibility.
Computer Science Detecting Memory Access Errors via Illegal Write Monitoring Ongoing Research by Emre Can Sezer.
Auther: Kevian A. Roudy and Barton P. Miller Speaker: Chun-Chih Wu Adviser: Pao, Hsing-Kuo.
IDENTIFYING SEMANTIC DIFFERENCES IN ASPECTJ PROGRAMS Martin Görg and Jianjun Zhao Computer Science Department, Shanghai Jiao Tong University.
Page 1 5/2/2007  Kestrel Technology LLC A Tutorial on Abstract Interpretation as the Theoretical Foundation of CodeHawk  Arnaud Venet Kestrel Technology.
Chapter 1 Introduction. Chapter 1 - Introduction 2 The Goal of Chapter 1 Introduce different forms of language translators Give a high level overview.
Embedded Lab. Park Yeongseong.  Introduction  State of the art  Core values  Design  Experiment  Discussion  Conclusion  Q&A.
CBSE'051 Component-Level Dataflow Analysis Atanas (Nasko) Rountev Ohio State University.
NP-Complete Problems. Running Time v.s. Input Size Concern with problems whose complexity may be described by exponential functions. Tractable problems.
Optimal Resource Allocation for Protecting System Availability against Random Cyber Attack International Conference Computer Research and Development(ICCRD),
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
On the Relation between SAT and BDDs for Equivalence Checking Sherief Reda Rolf Drechsler Alex Orailoglu Computer Science & Engineering Dept. University.
ESEC/FSE-99 1 Data-Flow Analysis of Program Fragments Atanas Rountev 1 Barbara G. Ryder 1 William Landi 2 1 Department of Computer Science, Rutgers University.
Mobile Agent Security Presented By Sayuri Yonekawa October 17, 2000.
Pointer Analysis for Multithreaded Programs Radu Rugina and Martin Rinard M I T Laboratory for Computer Science.
Reducing Combinatorics in Testing Product Lines Chang Hwan Peter Kim, Don Batory, and Sarfraz Khurshid University of Texas at Austin.
Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.
1 Compiler & its Phases Krishan Kumar Asstt. Prof. (CSE) BPRCE, Gohana.
CS412/413 Introduction to Compilers Radu Rugina Lecture 18: Control Flow Graphs 29 Feb 02.
1 Control Flow Graphs. 2 Optimizations Code transformations to improve program –Mainly: improve execution time –Also: reduce program size Can be done.
1 Combining Abstract Interpreters Mooly Sagiv Tel Aviv University
Chapter 15 P, NP, and Cook’s Theorem. 2 Computability Theory n Establishes whether decision problems are (only) theoretically decidable, i.e., decides.
Conditional Lower Bounds for Dynamic Programming Problems Karl Bringmann Max Planck Institute for Informatics Saarbrücken, Germany.
/ PSWLAB Evidence-Based Analysis and Inferring Preconditions for Bug Detection By D. Brand, M. Buss, V. C. Sreedhar published in ICSM 2007.
1 Iterative Program Analysis Mooly Sagiv Tel Aviv University Textbook: Principles of Program.
Points-to Analysis as a System of Linear Equations Rupesh Nasre. Computer Science and Automation Indian Institute of Science Advisor: Prof. R. Govindarajan.
Mutation Testing Breaking the application to test it.
CSC 8505 Compiler Construction
Experience with Software Watermarking Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, Yi Zhang CERIAS and Department of Computer.
Enabling Control over Adaptive Program Transformation for Dynamically Evolving Mobile Software Validation Mike Jochen, Anteneh Anteneh, Lori Pollock University.
Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.
Phoenix Based Dynamic Slicing Debugging Tool Eric Cheng Lin Xu Matt Gruskin Ravi Ramaseshan Microsoft Phoenix Intern Team (Summer '06)
Introduction to Machine Learning, its potential usage in network area,
A Review of Software Testing - P. David Coward
How to Read a Paper.
BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML
Software Security Lesson Introduction
ME 123 Computer Applications I
Topics to be Discussed Superposition Theorem. Thevenin’s Theorem.
Language-based Security
Control Structure Testing
Presentation transcript:

Software Tamper Resistance: Obstructing Static Analysis of Programs Chenxi Wang, Jonathan Hill, John Knight, Jack Davidson at university of Virginia This presentation consists of 4 parts:  Introduction  Techniques employed to hinder static analysis  Theoretical foundation and experimental results  Conclusion

Introduction Problem addressed: protecting trusted software against tampering on untrustworthy hosts. The solution: tamper resistant software. Why is access control infeasible? One aspect of software tamper resistance: prevention of static analysis of programs.

Static Analysis of Programs “Static analysis refers to techniques designed to extract [semantic] information from a static image of a computer program.” Entails two steps: control-flow analysis and data-flow analysis. Can be defeated by making the program control-flow data-dependent.

Control-flow Transformations Modify high-level control transfers to obstruct static detection of branch targets and call destinations. Two steps of transformation are illustrated in the following figures.

Dismantling of High-level Constructs int a,b; a=1; b=2; while(a 10) b--; a++; } use(b); a=1 b=2 b=a+b if(!(b>10)) goto L2 L2: a++ goto L1 L4: use (b) b-- L1: if(!(a<10)) goto L4

Transform to indirect control transfers L1: a=1; b=2; swVar=2; L3: b=b+a; if(!(b>10)) swVar=5; else swVar=4; L5: a++; swVar=2; goto switch switch(swVar) swVar=1 L2: if(!(a<10)) swVar=6; else swVar=3; L4: b--; swVar=5; L6: use(b);

Data-flow Transformations Dynamic computation of branch targets. The introduction of non-trivial aliases into the program.

dynamic computation of the switch variable L3: b=b+a; if(!(b>10)) swVar=5; else swVar=4; switch(swVar) goto switch; L3: b=b+a; if(!(b>10)) swVar=global_array[f1()]; else swVar=global_array[f2()]; switch(swVar) goto switch int global_array[];

Introducing aliases through pointers *p = a; a = a +b; *p = b b = 3; L2: *p = b; b = 3; swVar = f2(); L1: *p = a; a = a+b; swVar = f1(); A A

Complexity Evaluation Theorem 1: in the presence of general pointers, the problem of determining precise indirect branch target addresses is NP-hard. Proof: constructing a polynomial time reduction from 3SAT problem to it. Cannot be solved in polynomial time under the assumption that P!=NP.

Experimental Results Transformations considerably hindered the optimization that the compiler(gcc) is able to perform. Defeated PAF which is a static analysis tool from Rutgers university. Replacing 50% of the branches will result in an increase of a factor of 4 in the execution time and a factor of 2 in program size. Does the runtime cost justify the protection we gain?

Conclusion We have shown that static analysis can be defeated by making the control-flow analysis dependent on the data in the program. Future work includes establishing the practical lower bound on the time needed to analyze a transformed program. Thank you!