1 / 10

A proposed Trusted-Flow system architecture with aspect-oriented implementation

A proposed Trusted-Flow system architecture with aspect-oriented implementation. Paolo Falcarin , Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico di Torino). Trento, June, 28 th 2004. Tamper resistance approaches. Integrity-checking Static self-checking

glain
Download Presentation

A proposed Trusted-Flow system architecture with aspect-oriented implementation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A proposed Trusted-Flow system architecture with aspect-oriented implementation Paolo Falcarin, Mario Baldi Riccardo Scandariato, Maurizio Morisio (Politecnico di Torino) Trento, June, 28th 2004

  2. Tamper resistance approaches • Integrity-checking • Static self-checking • Dynamic self-checking [Horne01, Chen02] • Making Reverse-Engineering complex • Customization [Aucsmith96] • Obfuscation [Collberg02] • Anti-debugging • Code identification • Watermarking [Barak01, Collberg99] • Code signature Trento, IP-Flow meeting, June 28th, 2004

  3. Our approach • Self-checking relies on code checkers • whose position is hidden in the application • whose behavior is obfuscated • Our solution extends the power of code checkers in two ways • remote verificationthat self-checking has been performed • continuous replacement of self-checking code Trento, IP-Flow meeting, June 28th, 2004

  4. A First Prototype at Turin Polytechnic TFC Code checker TFG TFG is periodically updated Entrusted software Trento, IP-Flow meeting, June 28th, 2004

  5. Aspect-Oriented Programming • Aspect is “extra-code” that modularizes the implementation of a crosscutting concern • An Aspect encapsulates pointcuts and advices • A Pointcut defines at which points (Join Points) in the execution of the program, extra code should be inserted • An Advice defines the extra-code that runs when a join-point is matched • The final code is obtained merging base code and aspect code • At compile time with an aspect compiler • At run time with a dynamic AOP platform Trento, IP-Flow meeting, June 28th, 2004

  6. Why AOP ? • Software-tampering detection is a crosscutting concern • Aspect Oriented Programming (AOP) • Modularizes self-checking code in an aspect • Eases the design of different self-checking techniques • Aspect behavior is continuously updated with mobile code • Dynamic self-checking vs. adversary • With analysis tools • Knowledge of our algorithm • Most details of our implementation Trento, IP-Flow meeting, June 28th, 2004

  7. A Proof of Concept: Chat System • Java Chat server/reflector with TFC • TFC generates aspects code • TFC pushes code to oblivious clients • Java Chat client with TFG • AOP to intercept calls to application methods • Mobile Code (aspects) is woven by AOP platform • Aspect contains • Session key • TFG and encryption algorithm • Pointcuts to application code Trento, IP-Flow meeting, June 28th, 2004

  8. Threats & Countermeasures • Discovery • Static inspection to find self-checking code • Mobile code against static inspection • Disablement • Disable checking • Disablement stops tag generation • TFC can block untrusted client • Replacement • Disable checking but sending correct info • Replacement must be applied before TFG expires • Overlapping aspects checking each other Trento, IP-Flow meeting, June 28th, 2004

  9. Future Work • Implementation with JVMTI API in Java 1.5 • Full control on JVM events through agent • Agent in C language using JNI • Can avoid using AOP platforms, but • More complicated implementation • No more help from pointcuts • Need to implement dynamic downloading of code in C • Access to memory info can be used to apply and update signature to bytecode at run time • Ideal solution: new dynamic AOP platforms relying on JVMTI Trento, IP-Flow meeting, June 28th, 2004

  10. Related Work links • [Chen02] Y. Chen, R. Venkatesan, M. Cary, R. Pang, S. Sinha, M. Jakubowski, “Oblivious hashing: Silent Verification of Code Execution”. In Proceedings of 5th international workshop on information hiding (IHW 2002), Noordwijkerhout, The Netherlands, 7–9 October 2002. • [Collberg02] C. Collberg, C. Thomborson and D. Low, “Watermarking, Tamper-Proofing, and Obfuscation-- Tools for Software Protection,” IEEE Transactions on Software Engineering, vol. 28, 2002. • [TCPA] S. Pearson, B. Balacheff, D. Plaquin, and G. Proudler, “Trusted Computing Platforms: TCPA Technology in Context” • [Barak01] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, K. Yang, On the (Im)possibility of Obfuscating Programs - CRYPTO 2001 • [Horne01] B. Horne, L. Matheson, C. Sheehan, and R. E. Tarjan, Dynamic Self-Checking Techniques for Improved Tamper Resistance. On ACM Workshop on Security and Privacy in Digital Rights Management, 2001. • [Aucsmith96] D. Aucsmith. Tamper resistant software: An implementation. In R.J. Anderson, editor, Information Hiding, Lecture Notes in Computer Science 1174. Springer-Verlag, 1996. • [Collberg99] C. Collberg and C. Thomborson. Software watermarking: Models and dynamic embeddings. In Principles of Programming Languages, San Antonio,USA, January 1999. • [PROSE] PROSE homepage. http://prose.ethz.ch/ • [Aspectj] AspectJ homepage. On-line at http://eclipse.org/aspectj/ Trento, IP-Flow meeting, June 28th, 2004

More Related