Visible to the public CT-ISG: Robust and Efficient Tamper-Resistant SoftwareConflict Detection Enabled

Project Details

Performance Period

Sep 01, 2007 - Aug 31, 2011


University of Virginia, Main Campus

Award Number

Increasingly, society relies on software systems to provide vital services. Consequently, it is critically important that this software be protected from unauthorized modification. For example, a malicious user may modify or tamper with a binary to circumvent protection or license mechanisms or introduce vulnerabilities that can be later exploited. Previous software-based anti-tamper and obfuscation research has attempted to provide solutions, but has failed to provide adequate protection under a realistic threat model, has failed to provide practical solutions, or has failed to provide protection against attacks in which an adversary uses sophisticated static and dynamic analyses.

This project seeks to address the shortcomings of current software-based technology for tamper-resistance and obfuscation. The approach taken is to meld innovative, ultra-efficient software dynamic translation technology with theoretically sound encryption technology and dynamic versions of static anti-tampering and obfuscation techniques.

The fundamental contributions expected from this project include: efficient methods for dynamically generating and inserting opaque predicates into running code, new dynamic techniques for program obfuscation, a new approach to self-checksumming that is stronger than previously proposed techniques, and new metrics for evaluating and measuring the strength of tamper-resistance techniques.

The consequences of this research also include several societal impacts. Malicious adversaries continue to find security flaws in and marshal attacks against critical software infrastructures. This research pursues a complementary, secondary defense by making it harder for malicious entities to analyze software to locate vulnerabilities and then use this information to develop attacks. The applicability of the results is expected to be very broad since the results can be used to make a wide variety of software (both user software as well as server software) tamper-resistant.