Digital Security Seminar, Carleton University

New Techniques for Software Protection

Jasvir Nagra, Clark Thomborson (U. of Auckland)

ABSTRACT

We describe two new techniques for protecting software against unauthorised use and modification. Our first technique will prevent some, but not all, attacks; we note that it is infeasible, in any realistic model, to prevent all possible attacks. Hence most security designs also employ detective techniques, such as the one described in the second part of our talk.

Our preventative technique is a novel form of software obfuscation, for programs expressed in a low-level language such as Java bytecode or x86 machine code. We employ a finite state machine (FSM) in the interpreter, defining a context-dependent semantics for each instruction in an obfuscated program. This dynamic mapping of semantics onto opcodes will frustrate any non-cryptographic static analysis. Traditional cryptographic analyses will be frustrated by the dynamically-defined execution order of the code. This research is joint with Drs Akito Monden and Antoine Monsifrot.

Our detective technique is a novel form of software watermarking, where we implant the watermark using threads and thread contention in Java. We describe a technique for embedding and recognizing the watermark. We argue that an attacker will have great difficulty in removing our thread-based watermark, because it is resilient to the semantic-preserving transformations that would destroy watermarks embedded by other methods. This research will be a centrepiece of Jasvir Nagra's PhD thesis, which is now in preparation.

BIOGRAPHY

Jasvir Nagra is a PhD student at the University of Auckland, in New Zealand. He earned his BSc with honors in Computer Science in 1999 also from the University of Auckland. His current research interests are in steganography and watermarking particularly focusing on developing novel software watermarking and obfuscation algorithms.

Clark Thomborson has been a professor of computer science at the University of Auckland since 1996, when he emigrated to New Zealand. He received the PhD degree in computer science in 1980 from Carnegie Mellon University, under his birth name Clark Thompson. He has held academic positions at the U of Minnesota-Duluth, UC Berkeley and MIT; he has also worked for brief periods as a software/hardware systems developer in the private sector. His research interests are currently focussed on software security, however he has published articles on a wide range of topics including computer systems performance analysis, VLSI algorithms, and data compression.