Presentation is loading. Please wait.

Presentation is loading. Please wait.

Self-Protecting Mobile Agents Tom Van Vleck Lee Badger Doug Kilpatrick Larry D’Anna Brian Matt Funded by both OASIS and Active Networks Programs NAI Labs.

Published byAnn Briggs Modified over 8 years ago

Similar presentations

Presentation on theme: "Self-Protecting Mobile Agents Tom Van Vleck Lee Badger Doug Kilpatrick Larry D’Anna Brian Matt Funded by both OASIS and Active Networks Programs NAI Labs."— Presentation transcript:

1 Self-Protecting Mobile Agents Tom Van Vleck Lee Badger Doug Kilpatrick Larry D’Anna Brian Matt Funded by both OASIS and Active Networks Programs NAI Labs March 2002 Not for Public Release

2 Problem and Objective Problem: Mobile programs are vulnerable to tampering by hosts on which they run. Objective: Protect mobile agents from tampering while allowing: Host Operating System Agent Execution Server Running Agent Code Data Attack   High mobility.   Detached operation.   Extended deployment periods.   Realistic infrastructure requirements. Web Server Code Red

3 Not for Public Release Technical Approach (in a nutshell) agentlet agentlet1 Host 2 Host 3 Host N Host... Distribution: replicate agents across multiple, unrelated hosts.Distribution: replicate agents across multiple, unrelated hosts. –Present a moving target Monitoring/Recovery: regenerate corrupted “agentlets.”Monitoring/Recovery: regenerate corrupted “agentlets.” Code/data Obfuscation: prevent host-based analysisCode/data Obfuscation: prevent host-based analysis –Refresh obfuscation before analysis can be completed Self-Protecting Agent agent agent Host Traditional Agent

4 Not for Public Release Time-limited Black Box Hohl, Fritz, “An Approach to Solve the Problem of Malicious Hosts” A host can deny execution, or lie, but it can’t disrupt the programs’ internal consistency for n seconds.SourceCodePolicyA ObfuscationTransform Run for n seconds Stop. Obfuscated Source code De-obfuscation takes m >> n seconds

5 Not for Public Release Goals of Obfuscator Prevent understanding of –Implementation structure –Data values –Algorithms For some amount of time (work) Not a toy

6 Not for Public Release Obfuscator Non-Goals As strong as cryptography Smaller or faster than original Weak obscurity -> strong protection Barak, Goldreich, et al, CRYPTO 2001: “Obfuscation is impossible.” … for their definition Random slashdot poster sl956: “… We all know that anybody using the words 'tamper resistant' to describe a software-based solution is incompetent at best....”

7 Not for Public Release What We’ve Done Lately Obfuscation Techniques Evaluation Report Jbet obfuscation tool –Obfuscation transforms Control, data –Packaging Modular architecture Automated test suite (197 tests, one with >300 cases) Nightly build

8 Not for Public Release Jbet Obfuscation Tool - Context JBET classes obfuscated classes Plugin Transforms Obfuscation policy

9 Not for Public Release Obfuscation Pipeline Reader classes DAG xforms xforms CodeGen DAG DAG classes Variableobfuscations Control flow Obfuscations Optimization & obfuscation

10 Not for Public Release DAG Representation method Basicblock Basicblock Basicblock method Basicblock Basicblock NodeNode Node NodeNode NodeNode Node Node Node NodeNodeNode NodeNode params params

11 Not for Public Release Obfuscation Transforms Transient Variable Obfuscation –Offset, CRT, XOR, etc Control Flow Obfuscation –Switchify, method and class merging Method combination Field access Introduction of dummy blocks Name regeneration

12 Not for Public Release Control Flow No method calls except –A few utility calls –Calls to external classes Internal simulated call stack Stub classes passed to external methods

13 Not for Public Release Control Flow Obfuscation: Switchify CB E A condition_1 condition_2D switch A condition_1 D condition_2 CBE exit

14 Not for Public Release Merged Methods push()pop() alloc()free() make_ frame() free_ frame() push()pop() internal()

15 Not for Public Release Class Merging Classes with native methods left separate Internal classes fully emulated, vanish

16 Not for Public Release Method Calls Simulated call stack Virtual methods become table of function addreses, stored as fields, subject to further obfuscation Alternative virtual dispatch mechanisms

17 Not for Public Release Field Access All variables replaced by refs to storage container class. class Memory { int[] I; int[] I; float[] F; float[] F; Object[] L; Object[] L; long[] J; long[] J; double[] D; double[] D; memory[] N; memory[] N;}

18 Not for Public Release Exceptions Semantics preserved but athrow not used Try/catch/throw internal to a method –Handler address known statically General –Emulated with dynamic list of active handlers

19 Not for Public Release Simple Demo public class Test { public static void main(String[] a) { for (int i = 0; i < 10; i++) { for (int i = 0; i < 10; i++) { System.out.println(i); System.out.println(i); }} This is a hard program to obfuscate Transient variable obfuscation is easy to see through. Control flow obfuscation really works – –Program grows in size

20 Not for Public Release Hard Demo DES test (public domain code) –6 classes, 3179 lines More obfuscation Code volume and runtime increase

21 Not for Public Release Demo

22 Results - Simple ObfuscationBytes none 634 ( 1 class) Transient variable 835 ( 3 classes) Control flow109162 ( 3 classes)

23 Not for Public Release Results - DES ObfuscationBytes none 42913 ( 6 classes) Transient variable 66349 ( 3 classes) Control flow757468 ( 3 classes)

24 Not for Public Release What’s Next More transforms –Plug-in architecture Optimum determination of transforms –Data flow driven –Metrics Speed and space improvement Integrate with agentlets

25 Not for Public Release Feb. 28, 2001 Policy Specification and Architecture Report April 30, 2001 Prototype Distributed Agent Generation Tool Administrative Info (Milestones) Dec. 15, 2002 Distributed, Self- Healing Obfuscated Agentlet Prototype March 15, 2002 Obfuscated Agentlet Prototype March 14, 2000 Start Date March 15, 2003 End Date2001200020022003 Jan. 15, 2003 Final Report Nov. 15, 2001 Obfuscation Techniques Evaluation Report    

26 Not for Public Release The End!

27 Not for Public Release Commercial Obfuscators & Decompilers Severe limitations Obfuscation mostly limited to name removal

28 Not for Public Release Deferred Java Features Floating point Reflection Serialization Synchronization

29 Not for Public Release Java Challenges Typed memory management Java verifier –Forces correct type and stack at every point Limited control flow Rich program object

30 Not for Public Release Static and Dynamic Static analysis –Branch loses information of where from Trace based analysis –Program slicing –Interpretive execution for given input Threading –Separate thread for interactions with environment –Nondeterministic execution

31 Not for Public Release Ideal State Obfuscation POP obfuscation transform … … … … …

Download ppt "Self-Protecting Mobile Agents Tom Van Vleck Lee Badger Doug Kilpatrick Larry D’Anna Brian Matt Funded by both OASIS and Active Networks Programs NAI Labs."

Similar presentations

Threads, SMP, and Microkernels

Threads, SMP, and Microkernels
Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.
Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.

Programming Languages Marjan Sirjani 2 2. Language Design Issues Design to Run efficiently : early languages Easy to write correctly : new languages.
Memory Management Chapter 7.

Memory Management Chapter 7.
Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.

Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.
Introduction CSCI 444/544 Operating Systems Fall 2008.

Introduction CSCI 444/544 Operating Systems Fall 2008.
Microkernels How to build a dependable, modular and secure operating system?

Microkernels How to build a dependable, modular and secure operating system?
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
Describe the concept of lightweight process (LWP) and the advantages to using LWPs Lightweight process (LWP) lies in a hybrid form of user-level & kernel-level.

Describe the concept of lightweight process (LWP) and the advantages to using LWPs Lightweight process (LWP) lies in a hybrid form of user-level & kernel-level.
CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.

CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.
Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.

Contiki A Lightweight and Flexible Operating System for Tiny Networked Sensors Presented by: Jeremy Schiff.
Combining Static and Dynamic Data in Code Visualization David Eng Sable Research Group, McGill University PASTE 2002 Charleston, South Carolina November.

Combining Static and Dynamic Data in Code Visualization David Eng Sable Research Group, McGill University PASTE 2002 Charleston, South Carolina November.
Scripting Languages For Virtual Worlds. Outline Necessary Features Classes, Prototypes, and Mixins Static vs. Dynamic Typing Concurrency Versioning Distribution.

Scripting Languages For Virtual Worlds. Outline Necessary Features Classes, Prototypes, and Mixins Static vs. Dynamic Typing Concurrency Versioning Distribution.
The Bio-Networking Architecture: An Infrastructure of Autonomic Agents in Pervasive Networks Jun Suzuki netresearch.ics.uci.edu/bionet/

The Bio-Networking Architecture: An Infrastructure of Autonomic Agents in Pervasive Networks Jun Suzuki netresearch.ics.uci.edu/bionet/
VB in Context Michael B. Spring Department of Information Science and Telecommunications University of Pittsburgh Pittsburgh, Pa 15260

VB in Context Michael B. Spring Department of Information Science and Telecommunications University of Pittsburgh Pittsburgh, Pa 15260
Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.

Automatic Implementation of provable cryptography for confidentiality and integrity Presented by Tamara Rezk – INDES project - INRIA Joint work with: Cédric.
Fundamentals of Python: From First Programs Through Data Structures

Fundamentals of Python: From First Programs Through Data Structures
Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar Stony Brook.
Advances in Language Design

Advances in Language Design

Similar presentations

Ads by Google