Confidentiality and data authenticity are two basic concepts in security. The first guarantees secrecy of a message, while the latter protects its integrity. This paper examines the use of encryption to secure software static analysis and tampering attacks. We present the concept of code encryption, which offers confidentiality, and a method to create code dependencies that implicitly protect integrity. For the latter we propose several dependency schemes based on a static call graph which allow runtime code decryption simultaneous with code verification. If code is modified statically or dynamically, it will result in incorrect decryption of other code, producing a corrupted executable.
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.