Oblivious Hashing: A Stealthy Software Integrity Verification Primitive
We describe a novel software verification primitive called Oblivious Hashing. Unlike previous techniques that mainly verify the static shape of code, this primitive allows implicit computation of a hash value based on the actual execution (i.e., space-time history of computation) of the code. We also discuss its applications in local software tamper resistance and remote code authentication.
KeywordsActual Execution Message Authentication Code Static Shape Syntax Tree Code Segment
Unable to display preview. Download preview PDF.
- D. Aucsmith, □Tamper Resistant Software: An Implementation,□ in Proceedings of the First International Workshop on Information Hiding, May 1996.Google Scholar
- M. Blum and S. Kannan, “Designing Programs That Check Their Work,□ in Proceedings of ACM Symposium on Theory of Computing, pgs 86–97, 1989.Google Scholar
- C. Collberg, C. Thomborson and D. Low, □Breaking Abstractions and Unstructuring Data Structures,□ in Proceedings of IEEE International Conference on Computer Languages, ICCL’98, May 1998.Google Scholar
- C. Collberg, C. Thomborson and D. Low, “Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs”, in Proceedings of Symposium on Principles of Programming Languages, pp. 184–196, 1998.Google Scholar
- C. Collberg and C. Thomborson, □Watermarking, Tamper-Proofing, and Obfuscation-Tools for Software Protection.□Google Scholar
- F. Ergun, S. Kannan, S. R. Kumar, R. Rubinfeld and M. Viswanathan, □Spot-Checkers,□ in Proceedings of ACM Symposium on Theory of Computing, pgs 259–268, 1998.Google Scholar
- G. Hunt and D. Brubacher, □Detours: Binary Interception of Win32 Functions,□ in Proceedings of the 3rd USENIX Windows NT Symposium, pgs 135–143, July 1999.Google Scholar
- R. Venkatesan, V. Vazirani, and S. Sinha, □A Graph Theoretic Approach to Software Watermarking,□ in Proceedings of the Fourth International Workshop on Information Hiding, April 2001.Google Scholar
- C. Wang, J. Hill, J. Knight and J. Davidson, □Software Tamper Resistance: Obstructing Static Analysis of Programs,□ Technical Report CS-2000-12, University of Virginia, December 2000.Google Scholar
- B. Horne, L. Matheson, C. Sheehan and R. Tarjan, □Dynamic Self-Checking Techniques for Improved Tamper Resistance,□ in Proceedings of the Workshop on Security and Privacy in Digital Rights Management, November 2001.Google Scholar
- H. Chang and M. Atallah, □Protecting Software Code by Guards,□ in Proceedings of the Workshop on Security and Privacy in Digital Rights Management, November 2001.Google Scholar
- F. Monrose, P. Wyckoff, and A. Rubin, □Distributed Execution with Remote Audit,□ in Proceedings of the ISOC Network and Distributed System Security (NDSS) Symposium, February 1999.Google Scholar
- B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan and K. Yang, □On the (impossibility) of Obfuscating Programs,□ Advances in Cryptology-CRYPTO’ 01, vol. 2139 of Springer-Verlag Lecture Notes in Computer Science, pp. 1–18, August 19-23, 2001.Google Scholar
- D. Knuth, □The Art of Computer Programming, Volume 2, Seminumerical Algorithms,□ Addison-Wesley Publishing Company, Inc., 1973.Google Scholar
- Menezes, P. van Oorschot and S. Vanstone, □Handbook of Applied Cryptography,□ CRC Press, 1997.Google Scholar
- SoftICE debugger, Compuware Corporation, http://www.compuware.com.