Protecting Software Code By Guards Hoi Chang and Mikhail J. Atallah CERIAS, Purdue University and Arxan Technologies, Inc.

Slides:



Advertisements
Similar presentations
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Advertisements

Module 1: Introduction to SQL Server Reporting Services.
Protecting Software Code By Guards - by Hoi Chang and Mikhail J. Atallah “Many software-based mechanisms for protecting program code are too weak[…] or.
Remote Controlled Agent Avital Yachin Ran Didi SoftLab – June 2006.
Cloakware Corporation, 260 Hearst Way, Suite 311, Kanata, Ontario, Canada K2L 3H1 Spencer Cheng Trusting DRM Software Presentation.
Building Secure, DRM-Enabled Devices Avni Rambhia Program Manager John C. Simmons Program Manager Strategic Relations & Policy Windows Client Division.
Tamper-Tolerant Software: Modeling and Implementation International Workshop on Security (IWSEC 2009) October 28-30, 2009 – Toyama, Japan Mariusz H. Jakubowski.
Moving Target Defense in Cyber Security
Dec 5, 2007University of Virginia1 Efficient Dynamic Tainting using Multiple Cores Yan Huang University of Virginia Dec
Autonomic Systems Justin Moles, Winter 2006 Security in an Autonomic Computing Environment Paper by: D. M. Chess, C. C. Palmer S. R. White Presentation.
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
1 IBM SanFrancisco Product Evaluation Negotiated Option Presentation By Les Beckford May 2001.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
1 ICS 51 Introductory Computer Organization Fall 2006 updated: Oct. 2, 2006.
©TheMcGraw-Hill Companies, Inc. Permission required for reproduction or display. COMPSCI 125 Introduction to Computer Science I.
Security Considerations in Adaptive Middleware Security and Mobile Agents Ajanta – Mobile Agent’s research project papers (
Copyright ©2009 Opher Etzion Event Processing Course Engineering and implementation considerations (related to chapter 10)
Chapter 14 The Second Component: The Database.
Accelerating the Software Development Lifecycle Jim Hirschauer, Technology Evangelist.
March 24, 2003Upadhyaya – IWIA A Tamper-resistant Framework for Unambiguous Detection of Attacks in User Space Using Process Monitors R. Chinchani.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Microsoft Visual Basic 2012 CHAPTER ONE Introduction to Visual Basic 2012 Programming.
Introducing Enterprise Technologies David Dischiave Syracuse University School of Information Studies “The original iSchool” June 3, 2013 Information School,
Construction of efficient PDP scheme for Distributed Cloud Storage. By Manognya Reddy Kondam.
Hands-On Microsoft Windows Server 2008
Application Security Tom Chothia Computer Security, Lecture 14.
© 2010 VMware Inc. All rights reserved Patch Management Module 13.
UNIT 1 INFRASTRUCTURE AND APPLICATION SUPPORT. UNIT OBJECTIVES Name the different ROSS application platforms. Describe the difference between client hardware,
APACS SOFTWARE MODULES Introduction to software functions.
SCADA. 3-Oct-15 Contents.. Introduction Hardware Architecture Software Architecture Functionality Conclusion References.
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
E-Commerce Strategy and Plan Powerpoint Templates.
The Entropia Virtual Machine for Desktop Grids Brad Calder, Andrew A. Chien, Ju Wang, Don Yang – VEE-2005 Raju Kumar CS598C: Virtual Machines.
Contents 1.Introduction, architecture 2.Live demonstration 3.Extensibility.
Compatibility and Interoperability Requirements
Chapter 2: System Models. Objectives To provide students with conceptual models to support their study of distributed systems. To motivate the study of.
Advanced Principles of Operating Systems (CE-403).
1 Diversifying Sensors to Improve Network Resilience Wenliang (Kevin) Du Electrical Engineering & Computer Science Syracuse University.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU.
VMware vSphere Configuration and Management v6
Module 1 Introduction to SQL Server® 2008 R2 and its Toolset.
Chapter 5 Introduction To Form Builder. Lesson A Objectives  Display Forms Builder forms in a Web browser  Use a data block form to view, insert, update,
1 UNIT 19 Data Security 2. Introduction 2 AGENDA Hardware and Software protect ion Network protect ion Some authentication technologies :smart card Storage.
TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.
CS4315A. Berrached:CMS:UHD1 Introduction to Operating Systems Chapter 1.
Presentation subtitle: 20pt Arial Regular, green R223 | G255 | B102 Recommended maximum length: 2 lines Confidentiality/date line: 13pt Arial Regular,
Introduction to InfoSec – Recitation 3 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net)
Standardized Fault Reporting in Electronic Commerce Software University of St. Thomas MBIF 705 – Foundations of Electronic Commerce Jeff D. Conrad December.
Cofax Scalability Document Version Scaling Cofax in General The scalability of Cofax is directly related to the system software, hardware and network.
Managing Large Linux Farms at CERN OpenLab: Fabric Management Workshop Tim Smith CERN/IT.
11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.
Memory Protection through Dynamic Access Control Kun Zhang, Tao Zhang and Santosh Pande College of Computing Georgia Institute of Technology.
Tool Support for Testing
Introduction to Visual Basic 2008 Programming
Self Healing and Dynamic Construction Framework:
UNIT 19 Data Security 2.
by Prasad Mane (05IT6012) School of Information Technology
Cloud Testing Shilpi Chugh.
Fundamentals of Computer Organisation & Architecture
Student: Ying Hong Course: Database Security Instructor: Dr. Yang
Information Security - 2
Analysis models and design models
Chapter-1 Computer is an advanced electronic device that takes raw data as an input from the user and processes it under the control of a set of instructions.
Overview of Computer system
ONAP Architecture Principle Review
Presentation transcript:

Protecting Software Code By Guards Hoi Chang and Mikhail J. Atallah CERIAS, Purdue University and Arxan Technologies, Inc.

2/11 Contents  Introduction  Related work  The guarding framework  Description of system  Experimental result  Conclusion

3/11 Introduction  Existing TRS  Single point of failure or high cost  Protection mechanisms should have …  Resilience: no single point of failure, hard to disable  Self-defense: detect tampering  Configurability: customizable  White-box security: security based on secret key  Network of Guards  Security is shared among all guard  Many ways to form a network  More guard  greater level of security

4/11 Related work  Hardware based protection  Coprocessor  Smart card  Dongles  Software based protection  Code obfuscation  Self-modifying code  Code encryption/decryption

5/11 The guarding framework (1/2)  Guards  Checksum code: 1-way property  Repair code  Strengthening individual guards  Stealthiness  Guard templates: polymorphic instance  Delayed alarm upon detection of an attack  Blurred boundaries between the runtime code and data  Tamper-resistance  Guard protect itself (not by other guards)  Code obfuscation

6/11 The guarding framework (2/2)  Guards network  Security  Distributedness  Multiplicity  Dynamism  Scalability  Strengthening the network  Without any “loose end” (unprotected guards)  Strongly connected graph

7/11 Description of system (1/2)  Version 1.0 for protecting Win32 executables  Automated guard installation  Process Win32 binary code directly  Guard template: object code stored in database Unguarded Win32 EXE Guard graph specification Guard Installation System Guarded Win32 executable The guarding system guard: add ebp, -checksum mov eax, client_addr for: cmp eax, client_end jg end mov ebx, dword[eax] add ebp, ebx add eax, 4 jmp for End: Guard template

8/11 Description of system (2/2) Memory Layout of guarded program (307 guards)

9/11 Experimental result (1/2)  Impact on program size  Proportional to the number of installed guards and their average size  Storage space is not a problem to guarding Statistics of the guarded programs and their guards

10/11 Experimental result (2/2)  Impacts on program performance Increases in execution time of controlled and uncontrolled guard invocations

11/11 Conclusion  Software based TRS by Guards  Distributed protection  Variety of protection schemes  Configurable tamper-resistance  Our TRS provides...  Automated guard installation in Win32 executables  With configurable manner  Graphical user interface

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.