code self-checking techniques for trusted-flow implementation luca tagliaferri...
TRANSCRIPT
Code Self-checking Techniques Code Self-checking Techniques for Trusted-Flow Implementationfor Trusted-Flow Implementation Code Self-checking Techniques Code Self-checking Techniques
for Trusted-Flow Implementationfor Trusted-Flow Implementation
Luca TagliaferriLuca Tagliaferri
[email protected]@polito.it
28 / 06 / 2004Luca Tagliaferri
Code checking mechanism
• WhatWhat::– Verify that the executing program ina Java Verify that the executing program ina Java
environment is accomplishing (only and all) environment is accomplishing (only and all) its requested duty.its requested duty.
• HowHow::– Inserting dynamically control code by an Inserting dynamically control code by an
updatable Agent.updatable Agent.– Monitoring the control flowMonitoring the control flow
• WhyWhy::– Unexpected code is prevented to be Unexpected code is prevented to be
executed.executed.
28 / 06 / 2004Luca Tagliaferri
Control Flow Mechanism
• A tool reads the original code and saves a A tool reads the original code and saves a regular expression describing the flow.regular expression describing the flow.
• The original program is monitored by a The original program is monitored by a companion process called companion process called Checker Checker (resident in (resident in a trusted area).a trusted area).
• The two processes communicate using The two processes communicate using sockets.sockets.
28 / 06 / 2004Luca Tagliaferri
Control Flow Checking
R = AB|[C]*]DCOND1
COND2BLOCK2
B
BLOCK3
C
Begin
End
BLOCK4
D
BLOCK1
A
28 / 06 / 2004Luca Tagliaferri
void main ()void main (){{
instr1;instr1;instr2;instr2;
if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; } else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9;
}}}}instr10;instr10;
}}
Original Program
S1
S2 S3
S4
S0
A
B C
CD D
Socket
Checker
Agent
int p[2];int p[2];socket (p);socket (p);
write (p,f(A) );write (p,f(A) );
write (p,f(B) );write (p,f(B) );
write (p,f(C) );write (p,f(C) );
write (p,f(D) );write (p,f(D) );
28 / 06 / 2004Luca Tagliaferri
S1
S2 S3
S4
S0
A
B C
CD D
void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}
Socket
Original Program Checker
AAAAAAAA
28 / 06 / 2004Luca Tagliaferri
S1
S2 S3
S4
S0
A
B C
CD D
void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}
Socket
Original Program Checker
A
S0
S1
28 / 06 / 2004Luca Tagliaferri
S1
S2 S3
S4
S0
A
B C
CD D
void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}
Socket
Original Program Checker
BBBBBB
28 / 06 / 2004Luca Tagliaferri
S2 S3
S4
S0
A
B C
CD D
void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}
Socket
Original Program Checker
B
S0
S1
28 / 06 / 2004Luca Tagliaferri
S1
S2 S3
S4
S0
A
B C
CD D
void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}
Socket
Original Program Checker
B
S1
S2
28 / 06 / 2004Luca Tagliaferri
S1
S2 S3
S4
S0
A
B C
CD D
void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}
Socket
Original Program Checker
DDDDDDD
28 / 06 / 2004Luca Tagliaferri
S1
S2 S3
S4
S0
A
B C
CD D
void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}
Socket
Original Program Checker
DS2
S4
OK
28 / 06 / 2004Luca Tagliaferri
Detection
• In case an instruction in any block is modified In case an instruction in any block is modified the block itself is modified (or even a block is the block itself is modified (or even a block is avoided)avoided)
• The function f(The function f(blockblock) returns a different value.) returns a different value.• The checker detects the hackingThe checker detects the hacking
28 / 06 / 2004Luca Tagliaferri
S1
S2 S3
S4
S0
A
B C
CD D
void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5’instr5’;; instr6; instr6; write (p,write (p,f(B’)f(B’) ); );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}
Socket
Modified Original Program Checker
B’S2
S4
B fails
28 / 06 / 2004Luca Tagliaferri
Discussion
• What is f(x) ?What is f(x) ?
A block sign function describing the A block sign function describing the
flow execution and flow execution and
cyphered with a symmetric key cyphered with a symmetric key • How can it be hidden ?How can it be hidden ?
Code obfuscation and appropriate keyCode obfuscation and appropriate key• Can it be replaced ?Can it be replaced ?
Frequent updateFrequent update