Software tamper resistance through dynamic monitoringBrian Blietz, B.B. (2004) Software tamper resistance through dynamic monitoring. Masters thesis, Iowa State University. Full text available as:
AbstractThis thesis describes a two instruction-stream (two-process) model for tamper resistance. One process (Monitor process, M-Process) is designed explicitly to monitor the control flow of the main program process (P-Process). The compilation phase compiles the software into two co-processes: P-process and M-process. The monitor process contains the control flow consistency conditions for the P-process. The P-process sends information on its instantiated control flow at a fixed period, that poses acceptable overhead, to the M-process. If there is a violation of the control flow conditions captured within the M-process, the M-process takes an anti-tamper action such as termination of the P-process. By its very design, the monitor process is expected to be compact. Hence, we can afford to protect the M-process with a more expensive technique, a variant of Aucsmith's scheme. This scheme has been implemented with the Gnu C compiler {\it gcc}. There are several other monitoring, obfuscation, and dynamic decryption techniques that are embedded in this system. We quantify the performance overhead of the scheme for a variety of programs. We also propose a two-stream architecture that can make the scheme more robust and efficient.
Archive Staff Only: edit this record |
