With more applications being deployed on embedded platforms, software protection becomes increasingly important. This problem is crucial on embedded systems like financial transaction terminals, pay-TV access-control decoders, where adversaries may easily gain full physical accesses to the systems and critical algorithms must be protected from being cracked. However, as this paper points out that protecting software with either encryption or obfuscation cannot completely preclude the control flow information from being leaked. Encryption has been widely studied and employed as a traditional approach for software protection, however, the control flow information is not 100% hidden with solely encrypting the code. On the other hand, pure software-based obfuscation has been proved inefficient to protect software due to its lack of theoretical foundation and considerable performance overhead introduced by complicated transformations. Moreover, even though obfuscation can prevent static reverse engineering, attacker can still successfully bypass the obfuscation by monitoring the dynamic program execution.To address all of these shortcomings, this paper presents a hardware assisted obfuscation technique that is capable of obfuscating the control flow information dynamically. Dynamic obfuscation changes memory access sequence on-the-fly and conceals recurrent instruction access sequences from being identified. Our scheme makes it provably difficult for the attacker to extract any useful information. Our results show that a high-level security protection is possible with only minor performance penalty. Finally, we show that our scheme can be implemented on embedded systems with very little hardware overhead.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	International Planning and Research Corporation, "Eighth Annual BSA Global Software Piracy Study," http://global.bsa.org/globalstudy/2003_GSPS.pdf.
	2	C. Collberg, C. Thomborson, and D. Low. A taxonomy of obfuscating transformations. Technical Report 148, University of Auckland, 1997.
	3	Chenxi Wang , John Knight, A security architecture for survivability mechanisms, 2001
	4	Boaz Barak , Oded Goldreich , Russell Impagliazzo , Steven Rudich , Amit Sahai , Salil P. Vadhan , Ke Yang, On the (Im)possibility of Obfuscating Programs, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.1-18, August 19-23, 2001
	5	"DS5002FP secure microprocessor chip data sheet," Dallas Semiconductor.
	6	Markus, Kuhn, "The TrustNo 1 Cryptoprocessor Concept," CS555 Report, Purdue Univ. 1997.
	7	Robert M. Best. Preventing software piracy with crypto-microprocessors. In Proceedings of IEEE Spring COMPCON 80, page 466, February 1980.
	8	S. Kent, PROTECTING EXTERNALLY SUPPLIED SOFTWARE IN SMALL COMPUTERS, Massachusetts Institute of Technology, Cambridge, MA, 1981
	9	White, Steve R.; Comerford, Liam: ABYSS: A Trusted Architecture for Software Protection," Proc. 1987 IEEE Symposium on Security and Privacy, Apr. 1987.
	10	David Lie Chandramohan Thekkath , Mark Mitchell , Patrick Lincoln , Dan Boneh , John Mitchell , Mark Horowitz, Architectural support for copy and tamper resistant software, Proceedings of the ninth international conference on Architectural support for programming languages and operating systems, p.168-177, November 2000, Cambridge, Massachusetts, United States
	11	Jun Yang , Youtao Zhang , Lan Gao, Fast Secure Processor for Inhibiting Software Piracy and Tampering, Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture, p.351, December 03-05, 2003
	12	G. Edward Suh , Dwaine Clarke , Blaise Gassend , Marten van Dijk , Srinivas Devadas, Efficient Memory Integrity Verification and Encryption for Secure Processors, Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture, p.339, December 03-05, 2003
	13	Blaise Gassend , G. Edward Suh , Dwaine Clarke , Marten van Dijk , Srinivas Devadas, Caches and Hash Trees for Efficient Memory Integrity Verification, Proceedings of the 9th International Symposium on High-Performance Computer Architecture, p.295, February 08-12, 2003
	14	Markus G. Kuhn, Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP, IEEE Transactions on Computers, v.47 n.10, p.1153-1157, October 1998  [doi>10.1109/12.729797]
	15	X. Zhuang, T. Zhang, S. Pande, H.S. Lee, "HIDE: Hardware-support for Leakage-Immune Dynamic Execution," GIT-CERCS-03-21.
	16	O. Goldreich, Towards a theory of software protection and simulation by oblivious RAMs, Proceedings of the nineteenth annual ACM conference on Theory of computing, p.182-194, January 1987, New York, New York, United States  [doi>10.1145/28395.28416]
	17	Oded Goldreich , Rafail Ostrovsky, Software protection and simulation on oblivious RAMs, Journal of the ACM (JACM), v.43 n.3, p.431-473, May 1996  [doi>10.1145/233551.233553]
	18	Doug Burger and Todd M. Austin. "The SimpleScalar Tool Set Version 2.0," TR. 1342, Univ. of Wisconsin--Madison, May 1997.
	19	M.R.Guthaus, J.S.Ringenberg, D.Ernst, T.M.Austin, T.Mudge, R.B. Brown, "MiBench: A free, commercially representative embedded benchmark suite," IEEE 4th Annual Workshop on Workload Characterization, Austin, TX, December 2001.
	20	Intel Corporation, "Intel Random Number Generator," http://developer.intel.com/design/chipsets/rng/techbrief.pdf, 1999.
	21	Xiaotong Zhuang , Tao Zhang , Santosh Pande, HIDE: an infrastructure for efficiently protecting information leakage on the address bus, Proceedings of the 11th international conference on Architectural support for programming languages and operating systems, October 07-13, 2004, Boston, MA, USA
	22	National institute of standards and technology, "A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptographic Applications," available at http://csrc.nist.gov/rng/SP800-22b.pdf.