Preventing reverse engineering of native and managed programs
One of the important aspects of protecting software from attack, theft of algorithms, or illegal software use is eliminating the possibility of performing reverse
engineering. One common method used to deal with these issues is code obfuscation. However, it is proven to be ineffective. Code encryption is a much more
effective means of defying reverse engineering, but it requires managing a cryptographic key available to none but the permissible users. The thesis presents a
system for managing cryptographic keys in a protected environment and supporting execution of encrypted code. The system has strong security guarantees.
In particular, the cryptographic keys are never stored on the target machine, but
rather delivered to it from a remote server, upon a successful verification of its
authenticity. The keys and the decrypted instructions are protected by a thin hy-
pervisor at all times. The system allows the encryption and execution of both
native and Java code.
During native code execution, the decrypted instructions are inaccessible
to a potentially malicious code. This is achieved by either preventing execution
of any other code or by protecting the memory region containing the decrypted
instructions during their execution.
Java programs, unlike native programs, are not executed directly by the processor, but are interpreted (and sometimes compiled) by the Java Virtual Machine
(JVM). Therefore, the JVM will require the cryptographic key to decrypt the encrypted portions of Java code, and there is no feasible way of securing the key
inside the JVM. The thesis proposes to implement a Java bytecode interpreter inside the secure environment, governed by a thin hypervisor. This interpreter will
run in parallel to the standard JVM, both cooperating to execute encrypted Java
programs.
...
Publisher
University of JyväskyläISBN
978-951-39-6437-5ISSN Search the Publication Forum
1456-5390Contains publications
- Article I: Kiperberg, M.; Resh, A.; Zaidenberg, N.J. Remote Attestation of Software and Execution-Environment in Modern Machines. The 2nd IEEE International Conference on Cyber Security and Cloud Computing, 2015. DOI: 10.1109/CSCloud.2015.52
- Article II: Zaidenberg, N.J.; Neittaanmäki, P.; Kiperberg, M.; Resh, A.. Trusted Computing and DRM. Cyber Security: Analytics, Technology and Automation, vol. 78, pp. 205-212, 2015. DOI: 10.1007/978-3-319-18302-2_13
- Article III: Kiperberg, M.; Zaidenberg, N.J. Efficient Remote Authentication. The Journal of Information Warfare , vol.12, no.3, 2013.
- Article IV: Averbuch, A.; Kiperberg, M.; Zaidenberg, N.J. Truly-Protect: An Efficient VM-Based Software Protection. Systems Journal, IEEE , vol.7, no.3, pp. 455- 466, 2013. DOI: 10.1109/JSYST.2013.2260617
- Article V: Averbuch, A.; Kiperberg, M.; Zaidenberg, N.J. An efficient VM-based software protection. Network and System Security (NSS), 2011 5th International Conference, pp. 121-128, 2011. DOI: 10.1109/ICNSS.2011.6059968
- Article VI: Kiperberg, M.; Resh, A.; Algawi, A.; Zaidenberg, N.J. System for Executing Encrypted Java Programs. IEEE Transactions on Dependable and Secure Computing, Submitted.
- Article VII: Kiperberg, M.; Leon, R.; Resh, A.; Zaidenberg, N.J. System for Executing Encrypted Native Programs. IEEE Symposium on Security and Privacy, Submitted.
Keywords
Metadata
Show full item recordCollections
- Väitöskirjat [3524]
License
Related items
Showing items with similar title or keywords.
-
Hypervisor-Based White Listing of Executables
Leon, Roee S; Kiperberg, Michael; Zabag, Anat Anatey Leon; Resh, Amit; Algawi, Asaf; Zaidenberg, Nezer J. (IEEE Computer Society Press, 2019)We describe an efficient system for ensuring code integrity of an operating system (OS), both its own code and application code. The proposed system can protect from an attacker who has full control over the OS kernel. An ... -
Enforcing trust for execution-protection in modern environments
Resh, Amit (University of Jyväskylä, 2016)The business world is exhibiting a growing dependency on computer systems, their operations and the databases they contain. Unfortunately, it also suffers from an ever growing recurrence of malicious software attacks. ... -
HyperIO : A Hypervisor-Based Framework for Secure IO
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2023)Malware often attempts to steal input and output through human interface devices to obtain confidential information. We propose to use a thin hypervisor, called “HyperIO”, to realize a secure path between input and output ... -
H-KPP : Hypervisor-Assisted Kernel Patch Protection
Kiperberg, Michael; Zaidenberg, Nezer Jacob (MDPI AG, 2022)We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious ... -
Hypervisor-assisted dynamic malware analysis
Leon, Roee S.; Kiperberg, Michael; Zabag, Anat Anatey Leon; Zaidenberg, Nezer Jacob (Springer, 2021)Malware analysis is a task of utmost importance in cyber-security. Two approaches exist for malware analysis: static and dynamic. Modern malware uses an abundance of techniques to evade both dynamic and static analysis ...