Abstract
With the advent of digital technologies, digital content piracy has become a growing concern. Unauthorized music and movie copying are eating a big bite of the profit of the record industry and the movie studios. Software piracy has also cost software industry billions of dollars each year. The success of the content protection technologies in a large part depends on the capability of protecting software code against tampering and reverse-engineering. The problem is difficult because the software runs on a hacker’s machine which has full control over its execution. In this paper, we focus on the detection of software tampering. We shall present a proactive way to detect the on-going tampering process during software executions before the hacking completely succeeds. We thus can prevent the potential damage from occurring. The integrity check failures triggered during software execution are logged in a way that cannot go undetected later. This clearly provides strong tamper evidence to do both pre and post-compromise forensics analysis. In particular, we consider real world scenarios where the software users have a long term business interest with the software distributor, and where a detection of tampering can bar a hacker from further business. We believe the proactive detection of tampering is of great importance and value in this type of scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Digital Transmission Content Protection, Available in http://www.dtcp.com
Content Protection for Recordable Media, Available in http://www.4centity.com/4centity/tech/cprm
Content Scrambling Scheme, http://www.dvdcca.org/css
IBM’s Electronic Media Management System, http://www.ibm.com/software/emms
Fritzinger, S., Mueller, M.: Java Security (1996)
Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.: Efficient software-based fault isolation. In: Proceedings of the ACM SIGCOMM 1996 symposium (1996)
Necula, G.: Proof Carrying Code. In: Proceedings of the Twenty Fourth Annual Symposium on Principles of Programming Languages (1997)
Libes, D.: Obfuscated C and other mysteries. Wiley, Chichester (1993)
Dyer, D.: Java decompliers compared (June 1997), http://www.javaworld.com/javaworld/jw-07-1997/jw-07-decompilers.html
Sriram, K.B.: Hashjava - a java applet obfuscators (July 1997), http://www.sbktech.org/hashjava.html
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, p. 1. Springer, Heidelberg (2001)
Sander, T., Tschudin, C.F.: Protecting mobile agents against malicious hosts. In: Mobile agents and Security, pp. 44–60 (1998)
Vigna, G.: Cryptographic traces for mobile agents. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 137–153. Springer, Heidelberg (1998)
Denning, D.: An intrusion detection model. IEEE Transactions on Sofwtare engineering SE-13(2), 222–232 (1987)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptograghy. CRC Press, Boca Raton (1997)
Bellare, M., Yee, B.: Forward Integrity for secure audit log, technical report, University of California at San Diego (November 1997)
Bellare, M., Miner, S.: Forward-Security in Private-Key Cryptograghy. In: Crypto track, 2003 RSA conference (2003)
Schneier, B., Kelsey, J.: Secure Audit Logs to Support Computer Forensics Usenix Security (1998)
Maniatis, P., Baker, M.: Secure History Preservation Through Timeline Entanglement. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA (August 2002)
Shapiro, W., Vingralek, R.: How to manage persistent state in DRM systems. In: ACM DRM workshop 2001, pp.176–191 (2001)
Horne, B., Matheson, L., Sheehan, C., Tarjan, R.: Dynamic selfchecking techniques for improved tamper resistance. In: ACM DRM workshop 2001, pp.141–159 (2001)
Chang, H., Atallah, M.J.: Protecting software code by guards. In: ACMDRM workshop 2001, pp.160–175 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
**, H., Lotspiech, J. (2003). Proactive Software Tampering Detection. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_27
Download citation
DOI: https://doi.org/10.1007/10958513_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive