Preventing reverse engineering of native and managed programs
Published inJyväskylä studies in computing
One of the important aspects of protecting software from attack, theft of algorithms, or illegal software use is eliminating the possibility of performing reverse engineering. One common method used to deal with these issues is code obfuscation. However, it is proven to be ineffective. Code encryption is a much more effective means of defying reverse engineering, but it requires managing a cryptographic key available to none but the permissible users. The thesis presents a system for managing cryptographic keys in a protected environment and supporting execution of encrypted code. The system has strong security guarantees. In particular, the cryptographic keys are never stored on the target machine, but rather delivered to it from a remote server, upon a successful veriﬁcation of its authenticity. The keys and the decrypted instructions are protected by a thin hy- pervisor at all times. The system allows the encryption and execution of both native and Java code. During native code execution, the decrypted instructions are inaccessible to a potentially malicious code. This is achieved by either preventing execution of any other code or by protecting the memory region containing the decrypted instructions during their execution. Java programs, unlike native programs, are not executed directly by the processor, but are interpreted (and sometimes compiled) by the Java Virtual Machine (JVM). Therefore, the JVM will require the cryptographic key to decrypt the encrypted portions of Java code, and there is no feasible way of securing the key inside the JVM. The thesis proposes to implement a Java bytecode interpreter inside the secure environment, governed by a thin hypervisor. This interpreter will run in parallel to the standard JVM, both cooperating to execute encrypted Java programs. ...
PublisherUniversity of Jyväskylä
- Article I: Kiperberg, M.; Resh, A.; Zaidenberg, N.J. Remote Attestation of Software and Execution-Environment in Modern Machines. The 2nd IEEE International Conference on Cyber Security and Cloud Computing, 2015. DOI: 10.1109/CSCloud.2015.52
- Article II: Zaidenberg, N.J.; Neittaanmäki, P.; Kiperberg, M.; Resh, A.. Trusted Computing and DRM. Cyber Security: Analytics, Technology and Automation, vol. 78, pp. 205-212, 2015. DOI: 10.1007/978-3-319-18302-2_13
- Article III: Kiperberg, M.; Zaidenberg, N.J. Efficient Remote Authentication. The Journal of Information Warfare , vol.12, no.3, 2013.
- Article IV: Averbuch, A.; Kiperberg, M.; Zaidenberg, N.J. Truly-Protect: An Efficient VM-Based Software Protection. Systems Journal, IEEE , vol.7, no.3, pp. 455- 466, 2013. DOI: 10.1109/JSYST.2013.2260617
- Article V: Averbuch, A.; Kiperberg, M.; Zaidenberg, N.J. An efficient VM-based software protection. Network and System Security (NSS), 2011 5th International Conference, pp. 121-128, 2011. DOI: 10.1109/ICNSS.2011.6059968
- Article VI: Kiperberg, M.; Resh, A.; Algawi, A.; Zaidenberg, N.J. System for Executing Encrypted Java Programs. IEEE Transactions on Dependable and Secure Computing, Submitted.
- Article VII: Kiperberg, M.; Leon, R.; Resh, A.; Zaidenberg, N.J. System for Executing Encrypted Native Programs. IEEE Symposium on Security and Privacy, Submitted.
MetadataShow full item record
- Väitöskirjat 
Showing items with similar title or keywords.
Resh, Amit (University of Jyväskylä, 2016)The business world is exhibiting a growing dependency on computer systems, their operations and the databases they contain. Unfortunately, it also suffers from an ever growing recurrence of malicious software attacks. ...
Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ...
Kiperberg, Michael; Leon, Roee; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer (SCITEPRESS Science And Technology Publications, 2019)Reliable memory acquisition is essential to forensic analysis of a cyber-crime. Various methods of memory acquisition have been proposed, ranging from tools based on a dedicated hardware to software only solutions. Recently, ...
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious ...
Leon, Roee S.; Kiperberg, Michael; Zabag, Anat Anatey Leon; Zaidenberg, Nezer Jacob (Springer, 2021)Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis ...