System, method and computer program product for protecting software via continuous anti-tampering and obfuscation transforms

Abstract

Method, system and computer program product for applying existing anti-tampering and obfuscation technique to virtual machine technology and offers several distinct advantages. The anti-tampering and obfuscation transforms can be applied continuously to prevent adversaries from gaining information about the program through emulation or dynamic analysis. In addition, the encryption can be used to prevent hackers from gaining information using static attacks. The use of a virtual machine also allows for low overhead execution of the obfuscated binaries as well as finer adjustment of the amount of overhead that can be tolerated. In addition, more protection can be applied to specific portions of the application that can tolerate slowdown. The incorporation of a virtual machine also makes it easy to extend the technology to integrate new developments and resistance mechanisms, leading to less development time, increased savings, and quicker deployment.

Description

RELATED APPLICATIONS[0001]The present invention claims priority from U.S. Provisional Application Ser. No. 61 / 016,009, filed Dec. 21, 2007, entitled “System and Related Method for Protecting Software Via Continuous Anti-Tampering and Obfuscation Transforms;” of which the disclosure is hereby incorporated by reference herein in its entirety.GOVERNMENT SUPPORT[0002]Work described herein was supported by Federal Grant No. CNS-0716446, awarded by the NSF. The Government has certain rights in the invention.BACKGROUND OF THE INVENTION[0003]Software programmers want the ability to make their computer software protected from undesired change. Such changes can be manual, such as a malicious user bypassing a licensing check in commercial software, or automatic, such as a virus modifying a binary to include a copy of the virus. To verify that it has not been modified, software attempts to monitor its own code, with execution changing when a modification to the code is detected (anti-tampering)...

AI Technical Summary

Benefits of technology

[0012]An aspect of various embodiments of the present invention provides, among other things, a mechanism for protection of software from tampering and reverse engineering. Efficient software dynamic translation is used to continually provide dynamic tamper-resistance and obfuscation. To prevent modifications to the pre-translated software version, encryption is used. Self-checking codes are hidden within the encrypted code, which help protect both the original program code and the software dynamic translator's program code. The dynamic translator caches blocks of code from the original application in a code cache. To protect these cached blocks, the translator dynamically applies anti-tampering and obfuscation techniques. The cache is flushed periodically and randomized anti-tampering and obfuscation techniques are re-applied to protect dynamic information from being leaked by the execution of the program.

Problems solved by technology

Unfortunately, malicious attackers continue to thwart such checks using a variety of information gathered from the dynamic execution of the program.

The issue of protecting software from unauthorized tampering is a critical problem in modern software deployment.

Billions of dollars are lost in revenue each year due to the efforts of malicious hackers and software pirates.

For example, malicious users may modify software to bypass a licensing check in commercial software or alter programs to include a copy of a computer virus.

Anti-tampering methods are also of great importance in the growing area of digital rights management, where tampering results in the loss of significant royalties and license fees.

Code obfuscation involves modifying computer code so that it is more difficult to understand.

This then makes it more difficult for malicious hackers to figure out what parts of a program to modify.

While a powerful tool in the fight to make software more secure, existing obfuscation techniques unfortunately possess several drawbacks.

Much of the work in this area only involves making it more difficult to perform “static analysis” of programs.

Many obfuscation strategies also involve extremely high overhead, which may be unacceptable for many people and prevent adoption of the security measure.

Other obfuscation strategies require the use of special hardware or fail to present complete and implementable solutions.

For example, an opaque predicate may be hard to analyze statically, but several runs of the program in a simulator can determine which branches are highly biased.

Unfortunately, specialized hardware may be expensive and not generally or widely available.

Furthermore, users may reject hardware that is incapable of running a wide variety of programs.

Some previously proposed techniques have extremely high overhead [See 2].

In fact, some previous work provides such an unreasonable execution overhead that an overhead measurement is not even suggested.

Yet other work provides a threat model that does not meet the tamper-resistance needs of modern hardware, or provides only a partial or impractical solution [See 16, 18, 27].

Images