37 research outputs found
Runtime protection via dataflow flattening
Software running on an open architecture, such as the PC, is vulnerable to inspection and modification. Since software may process valuable or sensitive information, many defenses against data analysis and modification have been proposed. This paper complements existing work and focuses on hiding data location throughout program execution. To achieve this, we combine three techniques: (i) periodic reordering of the heap, (ii) migrating local variables from the stack to the heap and (iii) pointer scrambling. By essentialy flattening the dataflow graph of the program, the techniques serve to complicate static dataflow analysis and dynamic data tracking. Our methodology can be viewed as a data-oriented analogue of control-flow flattening techniques. Dataflow flattening is useful in practical scenarios like DRM, information-flow protection, and exploit resistance. Our prototype implementation compiles C programs into a binary for which every access to the heap is redirected through a memory management unit. Stack-based variables may be migrated to the heap, while pointer accesses and arithmetic may be scrambled and redirected. We evaluate our approach experimentally on the SPEC CPU2006 benchmark suit
О проблемах защиты интеллектуальной собственности в программных системах
Рассматривается проблема защиты интеллектуальной собственности, воплощенной в алгоритмах и данных, содержащихся в
исполняемом коде программ. Изучается современное состояние проблемы, приводятся основные достижения и открытые вопросы,
а также обзор и анализ существующих методов защиты интеллектуальной собственности.The article considers existing approaches to protection of intellectual property represented by algorithms and data structure contained in
software executable. The contemporary state of the problem is studied, most important achievements and actual issues are considered. An
overview and analysis of existing methods of intellectual property protection is performed
JDATATRANS for Array Obfuscation in Java Source Code to Defeat Reverse Engineering from Decompiled Codes
Software obfuscation or obscuring a software is an approach to defeat the
practice of reverse engineering a software for using its functionality
illegally in the development of another software. Java applications are more
amenable to reverse engineering and re-engineering attacks through methods such
as decompilation because Java class files store the program in a semi complied
form called 'byte' codes. The existing obfuscation systems obfuscate the Java
class files. Obfuscated source code produce obfuscated byte codes and hence two
level obfuscation (source code and byte code level) of the program makes it
more resilient to reverse engineering attacks. But source code obfuscation is
much more difficult due to richer set of programming constructs and the scope
of the different variables used in the program and only very little progress
has been made on this front. Hence programmers resort to adhoc manual ways of
obscuring their program which makes it difficult for its maintenance and
usability. To address this issue partially, we developed a user friendly tool
JDATATRANS to obfuscate Java source code by obscuring the array usages. Using
various array restructuring techniques such as 'array splitting', 'array
folding' and 'array flattening', in addition to constant hiding, our system
obfuscate the input Java source code and produce an obfuscated Java source code
that is functionally equivalent to the input program. We also perform a number
of experiments to measure the potency, resilience and cost incurred by our
tool.Comment: Manuscript submitted to ACM COMPUTE 2009 Conference,Bangalor
A Survey on Software Protection Techniques against Various Attacks
Software security and protection plays an important role in software engineering. Considerable attempts have been made to enhance the security of the computer systems because of various available software piracy and virus attacks. Preventing attacks of software will have a huge influence on economic development. Thus, it is very vital to develop approaches that protect software from threats. There are various threats such as piracy, reverse engineering, tampering etc., exploits critical and poorly protected software. Thus, thorough threat analysis and new software protection schemes, needed to protect software from analysis and tampering attacks becomes very necessary. Various techniques are available in the literature for software protection from various attacks. This paper analyses the various techniques available in the literature for software protection. The functionalities and the characteristic features are various software protection techniques have been analyzed in this paper. The main goal of this paper is to analyze the existing software protection techniques and develop an efficient approach which would overcome the drawbacks of the existing techniques
Revisiting software protection
We provide a selective survey on software protection, including approaches to software tamper resistance, obfuscation, software diversity, and white-box cryptography. We review the early literature in the area plus recent activities related to trusted platforms, and discuss challenges and future directions