A generic attack on checksumming-based software tamper resistance

Author

Wurster, Glenn ; Van Oorschot, P.C. ; Somayaji, Anil

Author_Institution

Sch. of Comput. Sci., Carleton Univ., Ottawa, Ont., Canada

fYear

2005

fDate

8-11 May 2005

Firstpage

127

Lastpage

138

Abstract

Self-checking software tamper resistance mechanisms employing checksums, including advanced systems as recently proposed by Chang and Atallah (2002) and Horne et al. (2002) have been promoted as an alternative to other software integrity verification techniques. Appealing aspects include the promise of being able to verify the integrity of software independent of the external support environment, as well as the ability to automatically integrate checksumming code during program compilation or linking. In this paper we show that the rich functionality of many modern processors, including UltraSparc and x86-compatible processors, facilitates automated attacks which defeat such checksumming by self-checking programs.

Keywords

data integrity; program compilers; program verification; security of data; UltraSparc; automated attacks; checksumming-based software tamper resistance; checksums; generic attack; linking; program compilation; self-checking tamper resistance mechanisms; software integrity verification techniques; x86-compatible processors; Application software; Computer science; Computer security; Content management; Hardware; Internet; Joining processes; Operating systems; Protection; Software libraries;

fLanguage

English

Publisher

ieee

Conference_Titel

Security and Privacy, 2005 IEEE Symposium on

ISSN

1081-6011

Print_ISBN

0-7695-2339-0

Type

conf

DOI

10.1109/SP.2005.2

Filename

1425063