TY - GEN
T1 - Software-based protection against changeware
AU - Banescu, Sebastian
AU - Pretschner, Alexander
AU - Battré, Dominic
AU - Cazzulani, Stéfano
AU - Shield, Robert
AU - Thompson, Greg
N1 - Publisher Copyright:
Copyright © 2015 ACM.
PY - 2015/3/2
Y1 - 2015/3/2
N2 - We call changeware software that surreptitiously modifies resources of software applications, e.g., configuration files. Changeware is developed by malicious entities which gain profit if their changeware is executed by large numbers of end-users of the targeted software. Browser hijacking mal-ware is one popular example that aims at changing web- browser settings such as the default search engine or the home page. Changeware tends to provoke end-user dissat-isfaction with the target application, e.g. due to repeated failure of persisting the desired configuration. We describe a solution to counter changeware, to be employed by ven- dors of software targeted by changeware. It combines several protection mechanisms: white-box cryptography to hide a cryptographic key, software diversity to counter automated key retrieval attacks, and run-time process memory integrity checking to avoid illegitimate calls of the developed API.
AB - We call changeware software that surreptitiously modifies resources of software applications, e.g., configuration files. Changeware is developed by malicious entities which gain profit if their changeware is executed by large numbers of end-users of the targeted software. Browser hijacking mal-ware is one popular example that aims at changing web- browser settings such as the default search engine or the home page. Changeware tends to provoke end-user dissat-isfaction with the target application, e.g. due to repeated failure of persisting the desired configuration. We describe a solution to counter changeware, to be employed by ven- dors of software targeted by changeware. It combines several protection mechanisms: white-box cryptography to hide a cryptographic key, software diversity to counter automated key retrieval attacks, and run-time process memory integrity checking to avoid illegitimate calls of the developed API.
KW - Integrity protection
KW - Malware defense
KW - Obfuscation
KW - Software diversity
KW - Software protection
KW - White-box cryptography
UR - http://www.scopus.com/inward/record.url?scp=84928151577&partnerID=8YFLogxK
U2 - 10.1145/2699026.2699099
DO - 10.1145/2699026.2699099
M3 - Conference contribution
AN - SCOPUS:84928151577
T3 - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
SP - 231
EP - 242
BT - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PB - Association for Computing Machinery
T2 - 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
Y2 - 2 March 2015 through 4 March 2015
ER -