|
 ABSTRACT
Advances in reverse engineering and program analyses have made software extremely vulnerable to malicious host attacks. These attacks typically take the form of intellectual property violations, against which the software needs to be protected. The intellectual property that needs to be protected can take on different forms. The software might, e.g., consist itself of proprietary algorithms and datastructures or it could provide controlled access to copyrighted material. Therefore, in recent years, a number of techniques have been explored to protect software. Many of these techniques provide a reasonable level of security against static-only attacks. Many of them however fail to address the problem of dynamic or hybrid static-dynamic attacks. While this type of attack is already commonly used by black-hats, this is one of the first scientific papers to discuss the potential of these attacks through which an attacker can analyze, control and modify a program extensively. The concepts are illustrated through a case study of a recently proposed algorithm for software watermarking [6].
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Atari Games Corp. vs. Nintendo of America Inc., U.S. Court of Appeals, Federal Circuit, September 10,1992.
|
| |
2
|
|
| |
3
|
Yuqun Chen , Ramarathnam Venkatesan , Matthew Cary , Ruoming Pang , Saurabh Sinha , Mariusz H. Jakubowski, Oblivious Hashing: A Stealthy Software Integrity Verification Primitive, Revised Papers from the 5th International Workshop on Information Hiding, p.400-414, October 07-09, 2002
|
| |
4
|
|
| |
5
|
F. Cohen. Operating system evolution through program evolution, 1992.
|
 |
6
|
C. Collberg , E. Carter , S. Debray , A. Huntwork , J. Kececioglu , C. Linn , M. Stepp, Dynamic path-based software watermarking, Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation, June 09-11, 2004, Washington DC, USA
|
| |
7
|
C. Collberg, A. Huntwork, E. Carter, and G. Townsend. Graph theoretic software watermarks: Implementation, analysis, and attacks. In Proceedings of the 6th Workshop on Information Hiding, pages 192--207, 2004.
|
| |
8
|
|
| |
9
|
|
| |
10
|
Christian Collberg , Clark Thomborson , Douglas Low, Manufacturing cheap, resilient, and stealthy opaque constructs, Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.184-196, January 19-21, 1998, San Diego, California, United States
[doi> 10.1145/268946.268962]
|
| |
11
|
S. Cornett. Code coverage analysis, 2004. http://www.bullseye.com/coverage.html.
|
| |
12
|
C. Corporation. SoftICE. http://www.compuware.com/.
|
| |
13
|
Datarescue. IDAPro. http://www.datarescue.com/.
|
| |
14
|
|
| |
15
|
M. Ernst. Static and dynamic analysis: synergy and duality. In ICSE Workshop on Dynamic Analysis, pages 24--27, 2003.
|
| |
16
|
|
| |
17
|
R. Horspool and N. Marovac. An approach to the problem of detranslation of computer programs. The Computer Journal, 23(3):223--229, 1980.
|
| |
18
|
International Planning and Research Corporation. First Annual BSAand IDCGlobal Software Piracy Study, 2004.
|
| |
19
|
C. Kruegel, W. Robertson, F. Valeur, and G. Vigna. Static disassembly of obfuscated binaries. In Proceedings of the 13the USENIX Security Symposium, pages 255--270, 2004.
|
| |
20
|
|
| |
21
|
|
| |
22
|
M. Madou, B. Anckaert, P. Moseley, S. Debray, B. De Sutter, and K. De Bosschere. Software protection through dynamic code mutation. In Proceedings of the 6th International Workshop on Information Security Applications, pages 371--385, 2005.
|
| |
23
|
J. Maebe, M. Ronsse, and K. De Bosschere. DIOTA: Dynamic instrumentation, optimization and transformation of applications. In Proceedings of the 4th Workshop on Binary Translation, 2002.
|
| |
24
|
|
| |
25
|
G. Myles and C. Collberg. Software watermarking via opaque predicates: Implementation, analysis, and attacks. In Proceedings of the 7th International Conference on Electronic Commerce Research, 2004.
|
| |
26
|
|
| |
27
|
T. Sahoo and C. Collberg. Software watermarking in the frequency domain: Implementation, analysis, and attacks. Technical Report TR04-07, Dept. of Computer Science, Univ. of Arizona, 2004.
|
| |
28
|
B. Schwarz, G. Andrews, M. Legendre, and S. Debray. PLTO: A link-time optimizer for the intel ia-32 architecture. In Proceedings of the 3rd Workshop on Binary Rewriting, 2001.
|
| |
29
|
|
| |
30
|
|
| |
31
|
|
| |
32
|
P. van Oorschot. Revisiting software protection. In Proceedings of the 6th International Information Security Conference, pages 1--13, 2003.
|
| |
33
|
|
| |
34
|
|
| |
35
|
|
| |
36
|
|
| |
37
|
C. Xiao. Delayed secure data retrieval, May 2003. International Business Machines Corporation, US Patent 6571337.
|
CITED BY 3
|
|
|
|
|
|
|
|
Bertrand Anckaert , Matias Madou , Bjorn De Sutter , Bruno De Bus , Koen De Bosschere , Bart Preneel, Program obfuscation: a quantitative approach, Proceedings of the 2007 ACM workshop on Quality of protection, October 29-29, 2007, Alexandria, Virginia, USA
|
REVIEW
"George R. Mayforth : Reviewer"
Computer software represents intellectual property in a pure form. The fact that it resides in an environment that facilitates investigation and copying makes it highly vulnerable to theft or exploitation. Even software that includes protection me
more...
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.2