Protecting Software Code By Guards

1
Protecting Software Code By Guards

• Hoi Chang and Mikhail J. Atallah
• CERIAS, Purdue University
• and Arxan Technologies, Inc.
• changh,mja_at_cerias.purdue.edu

2
Contents

• Introduction
• Related work
• The guarding framework
• Description of system
• Experimental result
• Conclusion

3
Introduction

• Existing TRS ? Single point of failure or high
  cost
• Protection mechanisms should have
• Resilience no single point of failure, hard to
  disable
• Self-defense detect tampering
• Configurability customizable
• White-box security security based on secret key
• Network of Guards
• Security is shared among all guard
• Many ways to form a network
• More guard ? greater level of security

4
Related work

• Hardware based protection
• Coprocessor
• Smart card
• Dongles
• Software based protection
• Code obfuscation
• Self-modifying code
• Code encryption/decryption

5
The guarding framework (1/2)

• Guards
• Checksum code 1-way property
• Repair code
• Strengthening individual guards
• Stealthiness
• Guard templates polymorphic instance
• Delayed alarm upon detection of an attack
• Blurred boundaries between the runtime code and
  data
• Tamper-resistance
• Guard protect itself (not by other guards)
• Code obfuscation

6
The guarding framework (2/2)

• Guards network
• Security
• Distributedness
• Multiplicity
• Dynamism
• Scalability
• Strengthening the network
• Without any loose end (unprotected guards)
• Strongly connected graph

7
Description of system (1/2)

• Version 1.0 for protecting Win32 executables
• Automated guard installation
• Process Win32 binary code directly
• Guard template object code stored in database

8
Description of system (2/2)
Memory Layout of guarded program (307 guards)
9
Experimental result (1/2)

• Impact on program size
• Proportional to the number of installed guards
  and their average size
• Storage space is not a problem to guarding

10
Experimental result (2/2)

• Impacts on program performance

11
Conclusion

• Software based TRS by Guards
• Distributed protection
• Variety of protection schemes
• Configurable tamper-resistance
• Our TRS provides ...
• Automated guard installation in Win32 executables
• With configurable manner
• Graphical user interface