TY - GEN
T1 - Practical Integrity Protection with Oblivious Hashing
AU - Ahmadvand, Mohsen
AU - Hayrapetyan, Anahit
AU - Banescu, Sebastian
AU - Pretschner, Alexander
N1 - Publisher Copyright:
© 2018 ACM.
PY - 2018/1/22
Y1 - 2018/1/22
N2 - Oblivious hashing (OH) is an integrity protection technique that checks the (side) effects resulting from the executed code, in contrast to checking the code itself as done by self-checking (SC). SC introduces atypical behavior in the program logic, like reading the code section loaded in memory. Since such atypical behavior can be detected by attackers, OH is more appealing to be employed in practice than SC. However, OH is incapable of protecting a presumable majority of program instructions, those that depend on nondeterministic (input) data or branches, which have to be manually identified and subsequently skipped. In this paper, we extend OH into a practical protection scheme by proposing i) a technique for automatic segregation of deterministic instructions, and ii) a novel extension, Short Range Oblivious Hashing (SROH), for OH to cover control-flow instructions dependent on nondeterministic data. Our SROH technique increases the range of instructions that OH can protect to nondeterministic branches. Moreover, we intertwine OH with SC to cover (nondeterministic) data dependent instructions and enhance the resilience against tampering attacks. We evaluate the performance overhead as well as the security of our scheme using the MiBench dataset and 3 open source games. Our experiments show that the proposed technique yields a 20-fold increase in the median number of protected instructions and, on non-CPU-intensive programs, imposes an overhead of 52%.
AB - Oblivious hashing (OH) is an integrity protection technique that checks the (side) effects resulting from the executed code, in contrast to checking the code itself as done by self-checking (SC). SC introduces atypical behavior in the program logic, like reading the code section loaded in memory. Since such atypical behavior can be detected by attackers, OH is more appealing to be employed in practice than SC. However, OH is incapable of protecting a presumable majority of program instructions, those that depend on nondeterministic (input) data or branches, which have to be manually identified and subsequently skipped. In this paper, we extend OH into a practical protection scheme by proposing i) a technique for automatic segregation of deterministic instructions, and ii) a novel extension, Short Range Oblivious Hashing (SROH), for OH to cover control-flow instructions dependent on nondeterministic data. Our SROH technique increases the range of instructions that OH can protect to nondeterministic branches. Moreover, we intertwine OH with SC to cover (nondeterministic) data dependent instructions and enhance the resilience against tampering attacks. We evaluate the performance overhead as well as the security of our scheme using the MiBench dataset and 3 open source games. Our experiments show that the proposed technique yields a 20-fold increase in the median number of protected instructions and, on non-CPU-intensive programs, imposes an overhead of 52%.
KW - Man-At-The-End
KW - Oblivious hashing
KW - Self-checking
KW - Software protection
KW - Tamper detection
UR - http://www.scopus.com/inward/record.url?scp=85133820416&partnerID=8YFLogxK
U2 - 10.1145/3274694.3274732
DO - 10.1145/3274694.3274732
M3 - Conference contribution
AN - SCOPUS:85133820416
T3 - ACM International Conference Proceeding Series
SP - 40
EP - 52
BT - Proceedings of the 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems, AISTECS 2018
PB - Association for Computing Machinery
T2 - 34th Annual Computer Security Applications Conference, ACSAC 2018
Y2 - 3 December 2018 through 7 December 2018
ER -