the use of software-based integrity checks in software...
TRANSCRIPT
The Use of Software-Based IntegrityChecks in Software Tamper
Resistance TechniquesGinger Myles
IBM Almaden Research Center
[1]
Talk Overview
Integrity check overview
Use of integrity checks in tamper resistance techniques
Attack on integrity checks
[2]
Attack Model
Software executing on a potentially hostile host.
Adversary has full control over the software’s execution.
Adversary can use any program analysis tools to detectand circumvent the checks.
Executable
Benign
The Hackers Toolbox
⇐
⇐⇐⇒
[3]
Software Tamper Resistance
Detect that the program has been altered.
Cause the program to fail when tampering has beendetected.
[4]
Integrity Check Overview
What are they?A mechanism used to identify the integrity of theprogram and/or the environment in which it isexecuting.
Checker
Executable
⇒⇒
[5]
Integrity Check Overview
What are they?Static - integrity is checked only once during start-upDynamic - integrity is checked repeatedly as theprogram executes
Checker
Executable
⇒⇒
[6]
Integrity Check Overview
How are they used?Generally used as part of a larger tamper resistancescheme.
Assertion Check Based (BAD!) Use Based (Better)
ic = performCheck(); ic = performCheck();
if(ic != PREDICTED VALUE) {fail;} decryptSegment(ic, k);
[7]
Integrity Check Overview
Why are they used?Program integrity verification
Prevent license check removalProtect a watermark from damage or removal
Executable
CodeObfuscator
Executable
Watermark
Extractor ⇒?⇒⇓
⇒ ⇒
[8]
Integrity Check Overview
Why are they used?Environmental integrity verification
Detect the use of debuggers or emulators· Protect the keys embedded in DRM systems· Sensitive code that it is only decrypted for
execution
DisabledExecutable
Debugger
ExecutableDRM Protected
Debugger
⇒kk
⇒ ⇒
[9]
Program Integrity Verification
Code ChecksumProbably the oldest methodStraight forward implementationQuite efficient
Execution Executable
ic
ic
[10]
Program Integrity Verification
Code Checksum – The NegativesReading the code segment is generally atypical.
ExecutableExecution
ic
ic
ic
ic
[11]
Program Integrity Verification
Code Checksum – The NegativesHackers pinpoint checks through breakpoints orcode inspection.Only verifies static properties.
May not detect temporary instruction patches orother run-time attacks.
[12]
Program Integrity Verification
Oblivious Hashing [Chen et al., 2002]Dynamic - based on execution trace.Monitor both instructions and memory references.Compute hash value from execution trace.
Trace
SequenceInstruction
Memory
In
I1
I2
.
.
.
M1
Mn
M2
.
.
.
[13]
Program Integrity Verification
Oblivious HashingHashing locations must be extensive and spreadthroughout program.To protect a function all functions on thecalling-hierarchy must be protected.Trace should include memory references made byeach instruction and the instruction itself.
SequenceInstruction
Memory
h1
In
I1 M1
Mn
M2I2
.
.
.
.
.
.
hn
h2
[14]
Environment Integrity Verification
Detection of debuggers and other similar simulationtools
Use a checksum to detect a breakpoint.Measure elapsed time to execute a sequence ofinstructions.Look for tool specific hooks.
[15]
Environment Integrity Verification
The NegativesLevel of checksum granularity will effect success ofdetecting a breakpoint.Detection is tool specific.
[16]
Real Uses of Integrity Checks
Check and Guard System [Chang and Atallah, 2001]Network of guards.Each guard responsible for performing some type ofintegrity check.Protect each other and the program in aninterlocking fashion.Some guards can repair altered code.
C
[17]
Real Uses of Integrity Checks
Check and Guard SystemRepairing guard inserted prior to code.Checksumming guard inserted at a point when codewill be present in program image.Strongly connected guard graph increases theefforts required by the attacker.
C
[18]
Real Uses of Integrity Checks
Testers and Correctors [Horne et al., 2002]Collection of testers which each hash a singlecontiguous section of code.Testers are sprinkled throughout code and triggeredby normal program execution.
ExecutionExecutable
tester
tester
tester
tester
testertester
tester
[19]
Real Uses of Integrity Checks
Testers and Correctors [Horne et al., 2002]Compares hash value with correct value.Incorrect value triggers response mechanism viasimple function call.
[20]
Real Uses of Integrity Checks
Testers and CorrectorsEach hash interval contains a corrector.Corrector set to a value such that the interval hashesto a fixed value.
ExecutableExecution
tester
tester
tester
tester
tester
tester
tester
[21]
Real Uses of Integrity Checks
Branch-Based Tamper Resistance [Myles, Jin, 2005]Based on Branch Function obfuscation [Linn andDebray, 2003]:
Designed to disrupt static disassembly.Exploits assumption that a function call returns tothe instruction immediately following the callinstruction.Execution is rerouted through the branch function.The correct target is identified based on the calllocation.· T [h(ji)] = ti − ji
Return address on the stack is overwritten.
[22]
Real Uses of Integrity Checks
Branch-Based Tamper Resistance
Program Execution
Function
Branch Function
Key Storage
Branch
...
...
...
k0
k1
k2
Key: Link proper program execution and the keyevolution.
[23]
Real Uses of Integrity Checks
Branch-Based Tamper ResistanceIntegrity Check Branch Functions
1. Perform an integrity check of the program orenvironment producing the value vi.
2. Generate the next key using a secure one-wayhash function, the previous key, and the integritycheck value.
ki+1 = SHA1(vi, ki)3. Use ki+1 to identify the instruction where execution
will resume.
[24]
Real Uses of Integrity Checks
Branch-Based Tamper ResistanceIntegrity Check Branch Function Construction
Modified Application
key generation
integrity check
Integrity Check Branch Function
ICBF
Original Application
di+1 = T [h(ki+1)]
retnew = retold +di+1
f1
f2
f3
f1
f2
f3
+ ⇒
(vi, ki, AM)
viki
ki+1ki+1
[25]
Real Uses of Integrity Checks
Branch-Based Tamper ResistanceBranch Instruction Replacement
ICBF_1( )
submov
movaddmovjmp
addpopret
pushmovcmpcall
movaddmovjmp
movsubmov
movpushpushcall
addpopret
ICBF_1
ICBF_1
0
4
3
21
pushmovcmpjge
movpushpushcall
1
2
3
4
0
Modified Application
ICBF_2
ICBF_2
ICBF_1( )
Protected Application
ICBF_2( )
mov
f1
f2
f3
f1
d2 → k2
d1 → k1
⇒ ⇒
f2...
.
.
.
.
.
.
f3...
.
.
.
[26]
Real Uses of Integrity Checks
Branch-Based Tamper ResistanceAble to construct an intertwined network of ICBF’s
C
[27]
Attacks on Integrity Checks
Circumvention of self-hashing has been accomplishedon UltraSparc, x86, PowerPC, AMD64, and ARMarchitectures [van Oorschot et al., 2005].
Implicit assumption that a data read from memoryaddress x is the same as an instruction fetch from x.I(x) 6= D(x) will verify code that is never executedand the executed is never checked.Manipulate virtual to physical address mappingssuch that each virtual address refers to two differentphysical addresses
code references and data referencesDone through segmentation and translationlookaside buffers.
[28]
Wrap-up
We looked at a common type of integrity checkinghow it is used in real tamper resistance techniquesandhow it can be circumvented.
[29]
Wrap-up
Questions I’m considering:Is there hope for strictly software-based techniques?Is there a way we can determine the level ofprotection provided by the different types of integritychecks?
[30]
Wrap-up
Questions I’m considering:Is there hope for strictly software-based techniques?Is there a way we can determine the level ofprotection provided by the different types of integritychecks?
Begin building an incremental strength evaluationscheme for software tamper resistancetechniques.
[30]
Wrap-up
Questions I’m considering:Is there hope for strictly software-based techniques?Is there a way we can determine the level ofprotection provided by the different types of integritychecks?
Begin building an incremental strength evaluationscheme for software tamper resistancetechniques.With the Check and Guard system or theBranch-Based technique strength can becustomized or checks can be replaced oncediscovered they are breakable.
[30]
References
Protecting Software Code by Guards, Chang and Atallah, Proc. of 1stACM Workshop on Security and Privacy in Digital RightsManagement, 2001.
Oblivious Hashing: A Stealthy Software Integrity Verification Primitive,Chen, Venkatesan, Cary, Pang, Sinha, and Jakubowski, Proc. of 5thInternational Workshop on Information Hiding, 2002.
Towards Better Software Tamper Resistance, Jin and Myles, Proc. ofInformation Security: 8th International Conference, 2005.
Self-Validating Branch-Based Software Watermarking, Myles and Jin,Proc. of 7th International Workshop on Information Hiding, 2005.
Hardware-Assisted Circumvention of Self-Hashing Software TamperResistance, van Oorschot, Somayaji, and Wurster, IEEE Transactions onDependeble and Secure Computing, 2005.
[31]