research-article

Software Protection with Code Mobility

Authors:

Alessandro Cabutto,

Paolo Falcarin,

Bjorn De SutterAuthors Info & Claims

MTD '15: Proceedings of the Second ACM Workshop on Moving Target Defense

Pages 95 - 103

https://doi.org/10.1145/2808475.2808481

Published: 12 October 2015 Publication History

Abstract

The analysis of binary code is a common step of Man-At-The-End attacks to identify code sections crucial to implement attacks, such as identifying private key hidden in the code, identifying sensitive algorithms or tamper with the code to disable protections (e.g. license checks or DRM) embedded in binary code, or use the software in an unauthorized manner. Code Mobility can be used to thwart code analysis and debugging by removing parts of the code from the deployed software program and installing it at run-time by downloading binary code blocks from a trusted server. The proposed architecture of the code mobility protection downloads mobile code blocks, which are allocated dynamically at addresses determined at run-time; control transfers into and out of mobile code blocks are rewritten using the Diablo binary-rewriter tool.

References

[1]

Collberg, C., and Nagra, J. 2009. Surreptitious Software: Obfuscation, Watermarking, and Tamper-proofing for Software Protection. Addison-Wesley.

Digital Library

[2]

IDA Pro Disassembler - multi-processor, disassembler and debugger. Online at http://www.hex-rays.com/idapro/

[3]

Madou, M., Anckaert, B., De Sutter, B., and De Bosschere, K. 2005. Hybrid static-dynamic attacks against software protection mechanisms. In Proceedings of the 5th ACM Workshop on Digital Rights Management, 75--82.

Digital Library

[4]

Chang, H., and Atallah, M.J. 2001. Protecting Software Code by Guards. In Proceedings of the ACM Workshop on Security and Privacy in Digital Rights Management, Springer LNCS 2320, 160--175.

Digital Library

[5]

Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., and Jakubowski, M.H. 2002. Oblivious hashing: a stealthy software integrity verification primitive. In the 5th International Workshop on Information Hiding, 400--414.

Digital Library

[6]

Linn, C., and Debray, S. 2003. Obfuscation of executable code to improve resistance to static disassembly. In ACM proceedings of Computer and Communications Security Conference. CCS-03. ACM, 290--299.

Digital Library

[7]

Kanzaki, Y., Monden, A., Nakamura, M., and Matsumoto, K. 2003. Exploiting self-modification mechanism for program protection. In Proceedings of the 27th Annual International Conference on Computer Software and Applications. COMPSAC 2003, 170--179.

Digital Library

[8]

Birrer, B. D., Raines, R. A., Baldwin, R. O., Mullins, B. E., and Bennington, R.W. 2007. Program fragmentation as a metamorphic software protection. In Proceedings of Third IEEE International Symposium on Information Assurance and Security.IAS 2007. 369--374.

Digital Library

[9]

Giffin, J. T., Christodorescu, M., and Kruger, L. 2005. Strengthening software self-checksumming via self-modifying code. In 21st IEEE Annual Computer Security Applications Conference. ACSAC-05. 18--27.

Digital Library

[10]

Jakobsson, M., and Reiter, M.K. 2002. Discouraging software piracy using software aging. In Security and Privacy in Digital Rights Management: 1st ACM Workshop on Digital Rights Management. Springer. 1--12.

Digital Library

[11]

Collberg, C., Nagra, J., and Snavely, W. 2008. bianlian: Remote Tamper-Resistance with Continuous Replacement. Technical Report TR08-03, Department of Computer Science, University of Arizona.

[12]

Collberg, C., Martin, C., Myers, J., and Nagra, J. 2012. Distributed application tamper detection via continuous software updates. In Proceedings of the 28th ACM Annual Computer Security Applications Conference. 319--328.

Digital Library

[13]

Falcarin, P., Di Carlo, S., Cabutto, A., Garazzino, N., and Barberis, D. 2011. Exploiting Code Mobility for Dynamic Binary Obfuscation. In Proceedings IEEE World Congress on Internet Security. WorldCIS. 114--120.

[14]

Falcarin, P., Scandariato, R., and Baldi, M. 2006. Remote trust with aspect oriented programming. In Proceedings of the 20th IEEE International Conference on Advanced Information Networking and Applications. AINA. 451--458.

Digital Library

[15]

Scandariato, R., Ofek, Y., Falcarin, P., and Baldi, M. 2008. Application-Oriented Trust in Distributed Computing. In Proceedings of the IEEE 3rd International Conference on Availability, Reliability and Security. ARES. 434--439.

Digital Library

[16]

ASPIRE project deliverable D1.04: Reference Architecture. Online at https://aspire-fp7.eu/project-deliverables

[17]

Cordy, J. R. The TXL source transformation language. 2006. Science of Computer Programming 61, 3. Elsevier. 190--210.

Digital Library

[18]

Coppens, B., De Sutter, B., and Maebe, J. 2013. Feedback-Driven Binary Code Diversification. ACM Transactions on Architecture and Code Optimization 9, 4, (Jan. 2013).

Digital Library

[19]

Coppens, B., De Sutter, B., and De Bosschere, K. 2013. Protecting your software updates. IEEE Security & Privacy. 11, 2. 47--54.

Digital Library

[20]

O'Sullivan, P., Anand, K., Kotha, A., Smithson, M., Barua, R., and Keromytis, A.D. 2011. Retrofitting Security in COTS Software with Binary Rewriting. In Future Challenges in Security and Privacy for Academia and Industry. Springer Berlin Heidelberg. 154--172

[21]

ASPIRE project website: https://www.aspire-fp7.eu

[22]

Aucsmith, D. 1996. Tamper resistant software: An implementation. In Proceedings of the First International Workshop on Information Hiding. Springer. 317--333.

Digital Library

[23]

Van Put, L., Chanet, D., De Bus, B., De Sutter, B., and De Bosschere, K. 2005. DIABLO: a reliable, retargetable and extensible link-time rewriting framework. In Proceedings of the Fifth IEEE International Symposium on Signal Processing and Information Technology, 7--12.

[24]

Larsen, P., Homescu, A. Brunthaler, S., and Franz, M. 2014. SoK: Automated Software Diversity. In Proceedings of the 35th IEEE Symposium on Security and Privacy. 276--291.

Digital Library

[25]

Wartell, R., Mohan, V., Hamlen, K. W., and Lin, Z. 2012. Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In Proc. of the ACM conference on Computer and communications security. CCS-12. 157--168.

Digital Library

Cited By

Williams RGavazzi AKirda E(2023)Solder: Retrofitting Legacy Code with Cross-Language Patches2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00015(49-60)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00015
Ren TWilliams RGanguly SDe Carli LLu L(2023)Breaking Embedded Software Homogeneity with Protocol MutationsSecurity and Privacy in Communication Networks10.1007/978-3-031-25538-0_40(770-790)Online publication date: 4-Feb-2023
https://doi.org/10.1007/978-3-031-25538-0_40
Abrath BCoppens BBroeck JWyseur BCabutto AFalcarin PSutter B(2020)Code Renewability for Native Software ProtectionACM Transactions on Privacy and Security10.1145/340489123:4(1-31)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3404891
Show More Cited By

Index Terms

Software Protection with Code Mobility
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Correctness
        Access protection

Recommendations

On non-antipodal binary completely regular codes

Binary non-antipodal completely regular codes are characterized. Using a result on nonexistence of nontrivial binary perfect codes, it is concluded that there are no unknown nontrivial non-antipodal completely regular binary codes with minimum distance ...
BugGraph: Differentiating Source-Binary Code Similarity with Graph Triplet-Loss Network
ASIA CCS '21: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security

Binary code similarity detection, which answers whether two pieces of binary code are similar, has been used in a number of applications,such as vulnerability detection and automatic patching. Existing approaches face two hurdles in their efforts to ...
Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Vulnerabilities that disclose executable memory pages enable a new class of powerful code reuse attacks that build the attack payload at runtime. In this work, we present Heisenbyte, a system to protect against memory disclosure attacks. Central to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MTD '15: Proceedings of the Second ACM Workshop on Moving Target Defense

October 2015

114 pages

ISBN:9781450338233

DOI:10.1145/2808475

Program Chairs:
George Cybenko
Dartmouth College, USA
,
Dijiang Huang
Arizona State University, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Seventh Framework Programme

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12, 2015

Colorado, Denver, USA

Acceptance Rates

MTD '15 Paper Acceptance Rate 8 of 19 submissions, 42%;

Overall Acceptance Rate 40 of 92 submissions, 43%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
281
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 18 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Williams RGavazzi AKirda E(2023)Solder: Retrofitting Legacy Code with Cross-Language Patches2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00015(49-60)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00015
Ren TWilliams RGanguly SDe Carli LLu L(2023)Breaking Embedded Software Homogeneity with Protocol MutationsSecurity and Privacy in Communication Networks10.1007/978-3-031-25538-0_40(770-790)Online publication date: 4-Feb-2023
https://doi.org/10.1007/978-3-031-25538-0_40
Abrath BCoppens BBroeck JWyseur BCabutto AFalcarin PSutter B(2020)Code Renewability for Native Software ProtectionACM Transactions on Privacy and Security10.1145/340489123:4(1-31)Online publication date: 25-Aug-2020
https://dl.acm.org/doi/10.1145/3404891
Van den Broeck JCoppens BDe Sutter B(2020)Obfuscated integration of software protectionsInternational Journal of Information Security10.1007/s10207-020-00494-8Online publication date: 18-Mar-2020
https://doi.org/10.1007/s10207-020-00494-8
Na GLim JLee SYi J(2019)Mobile Code Anti-Reversing Scheme Based on Bytecode Trapping in ARTSensors10.3390/s1911262519:11(2625)Online publication date: 10-Jun-2019
https://doi.org/10.3390/s19112625
Yang XZhang LMa CLiu ZPeng P(2019)Android Control Flow Obfuscation Based on Dynamic Entry Points Modification2019 22nd International Conference on Control Systems and Computer Science (CSCS)10.1109/CSCS.2019.00054(296-303)Online publication date: May-2019
https://doi.org/10.1109/CSCS.2019.00054
Zhang HZheng KWang XLuo SWu B(2019)Efficient Strategy Selection for Moving Target Defense Under Multiple AttacksIEEE Access10.1109/ACCESS.2019.29183197(65982-65995)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2918319
Zheng JNamin A(2019)A Survey on the Moving Target Defense Strategies: An Architectural PerspectiveJournal of Computer Science and Technology10.1007/s11390-019-1906-z34:1(207-233)Online publication date: 18-Jan-2019
https://doi.org/10.1007/s11390-019-1906-z
Ceccato MTonella PBasile CFalcarin PTorchiano MCoppens BDe Sutter B(2019)Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challengeEmpirical Software Engineering10.1007/s10664-018-9625-624:1(240-286)Online publication date: 1-Feb-2019
https://dl.acm.org/doi/10.1007/s10664-018-9625-6
Yoo JYi J(2018)Code-Based Authentication Scheme for Lightweight Integrity Checking of Smart VehiclesIEEE Access10.1109/ACCESS.2018.28666266(46731-46741)Online publication date: 2018
https://doi.org/10.1109/ACCESS.2018.2866626
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents