Distributed application tamper detection via continuous software updates

ACM International Conference Proceeding Series

Volumn , Issue , 2012, Pages 319-328

  Collberg, Christian ^a   Martin, Sam ^a   Myers, Jonathan ^a   Nagra, Jasvir ^b  

^a UNIVERSITY OF ARIZONA   (United States)

^b GOOGLE INC   (United States)

Author keywords

Distributed systems; Security; Software protection

Indexed keywords

ATTACK TARGET; CLIENT CODE; CLIENT DEVICES; CODE TRANSFORMATION; DISTRIBUTED APPLICATIONS; DISTRIBUTED SYSTEMS; SECURITY; SOFTWARE PROTECTION; SOFTWARE UPDATES; TAMPER DETECTION;

COSINE TRANSFORMS; SECURITY SYSTEMS;

NETWORK SECURITY;

EID: 84872108915     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2420950.2420997     Document Type: Conference Paper

References (31)

1. B. Anckaert, M. Jakubowski, R. Venkatesan, and K. D. Bosschere. Run-time randomization to mitigate tampering. In Proceedings of the second International Workshop on Security, number 4752, pages 153-168, Berlin, Oct. 2007.
2. B. Anckaert, B. D. Sutter, and K. D. Bosschere. Covert communication through executables. In Program Acceleration through Application and Architecture driven Code Transformations, pages 83-85, Sept. 2004.
3. R. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In IWSP: International Workshop on Security Protocols, 1997.
4. D. Aucsmith. Tamper resistant software: An implementation. In R. J. Anderson, editor, Information Hiding, pages 317-333. Springer-Verlag, May 1996.
5. E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovic. Randomized instruction set emulation. ACM Transactions on Information and System Security (TISSEC), 8(1):3-40, Feb. 2005. (Pubitemid 40479428)
6. M. Ceccato and P. Tonella. Codebender: Remote software protection using orthogonal replacement. IEEE Software, 28(2):28-34, 2011.
7. F. M. Cleveland. Cyber security issues for advanced metering infrasttructure (AMI). In Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, pages 1-5. IEEE PES Power Syst. Commun. Comm., July 2008.
8. F. B. Cohen. Operating system protection through program evolution. all.net/books/IP/evolve.html, 1992.
9. C. Collberg and J. Nagra. Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Addison-Wesley, July 2009.
10. C. Collberg, C. Thomborson, and D. Low. Manufacturing cheap, resilient, and stealthy opaque constructs. In POPL'98, Jan. 1998.
11. L.D'Anna, B.Matt, A. Reisse, T.V. Vleck, S. Schwab, and P. LeBlanc. Self-protecting mobile agents obfuscation report - Final report. Technical Report 03-015, NAI Labs, June 2003.
12. J.-F. Dhem, F. Koeune, P.-A. Leroux, P. Mestré, J.-J. Quisquater, and J.-L. Willems. A practical implementation of the timing attack. In CARDIS, pages 167-182, 1998.
13. M. A. Ertl. Stack caching for interpreters. SIGPLAN Not., 30(6):315-327, 1995.
14. P. Falcarin, S. D. Carlo, A. Cabutto, N. Garazzino, and D. Barberis. Exploting code mobility for dynamic binary obfuscation. 2011.
15. S. Forrest, A. Somayaji, and D. Ackley. Building diverse computer systems. In HotOS-VI, pages 67-72, 1997.
16. A. Haeberlen, P. Aditya, R. Rodrigues, and P. Druschel. Accountable virtual machines, 2010.
17. G. Hoglund and G. McGraw. Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley, 2007.
18. F. Hohl. Time limited blackbox security: Protecting mobile agents from malicious hosts. In Mobile Agents and Security, pages 92-113, 1998. (Pubitemid 128104564)
19. M. Jakobsson and M. K. Reiter. Discouraging software piracy using software aging. In DRM Workshop, pages 1-12, 2001.
20. G. C. Necula, S. Mcpeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In Compiler Construction, pages 213-228, Grenoble, 2002.
21. T. Proebsting. Optimizing ANSI C with superoperators. In POPL'96. ACM Press, Jan. 1996.
22. P. R.C. Sandia report: Advanced metering infrastructure security considerations, Nov. 2007.
23. R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn. Design and implementation of a tcg-based integrity measurement architecture. In SSYM'04, pages 16-16, 2004.
24. R. Scandariato, Y. Ofek, P. Falcarin, and M. Baldi. Application-oriented trust in distributed computing. Availability, Reliability and Security, International Conference on, 0:434-439, 2008.
25. S. Schleimer, D. Wilkerson, and A. Aiken. Winnowing: Local algorithms for document fingerprinting. In Proceedings of the 2003 SIGMOD Conference, 2003.
26. B. Schneier. Dr. Dobb's Journal, Dec. 1999.
27. A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems. SIGOPS Oper. Syst. Rev., 39(5):1-16, 2005. (Pubitemid 44892201)
28. S. Shang, N. Zheng, J. Xu, M. Xu, and H. Zhang. Detecting malware variants via function-call graph similarity. In MALWARE, pages 113 -120, Oct. 2010.
29. G. Stoyle, M. Hicks, G. Bierman, P. Sewell, and I. Neamtiu. Mutatis mutandis: safe and predictable dynamic software updating. In POPL '05, pages 183-194. ACM, 2005.
30. C. Wang, J. Hill, J. Knight, and J. Davidson. Protection of software-based survivability mechanisms. Dsn, 00:0193, 2001.
31. J. Xu, Z. Kalbarczyk, and R. K. Iyer. Transparent runtime randomization for security. IEEE Symposium on Reliable Distributed Systems, 0:260, 2003.