0000003207 17S 6SWS PR Mater Praktikum - Software Integrity Protection (IN2106, IN4213)   Hilfe Logo

LV - Detailansicht

Wichtigste Meldungen anzeigenMeldungsfenster schließen
Allgemeine Angaben
Mater Praktikum - Software Integrity Protection (IN2106, IN4213) 
practical training
Summer semester 2017
Informatics 4 - Chair of Software & Systems Engineering (Prof. Pretschner)
(Contact information)
Allocations: 1 
Angaben zur Abhaltung
Software systems are subject to Man-At-The-End attacks. MATE attackers have control over the system on which the software is running, and thus they can manipulate both the software itself and its runtime environment for their own benefits. Attackers motive includes but not limited to: illegal usage of a software by bypassing license checks, accessing proprietary data, cheating in games or extracting confidential information (e.g. encryption keys) in an application. In this lab course, students will learn about different protection measures, their cons and pros and finally implement a selected set of techniques.

Module 0: Introduction and Motivation
Software protection scenarios

Attack tree
Man-at-the-End vs. network attacker
Overview of the attacks
, decompilation
, debuggers, symbolic / concolic execution

Introspection, state inspection, layered and remote protection.

Module 1: Protection Process & LLVM
Check() and Response() paradigm

Overview of protection process & code transformation

Post-compile, pre-compile, compile-time, load time and runtime transformations Granularity of protection: function, basic block, instruction, slice, control flow
LLVM compiler infrastructure & passes

Module 2: Introspection self-checksumming
Self-checking and self-checksumming
Network of checkers and cyclic checks
Stealth analysis
Attacks: memory split and taint analysis

Module 3: Introspection self-encrypting
Key derivation and Block-chain
Whitebox cryptography
Process level virtualisation
Stealth analysis

Attacks: memory dump and key extraction

Module 4: State inspection
Trace authentication

Environmental states

Oblivious hashing

Stealth analysis

Attacks: time-of-check vs. time-of-use

Module 5: Intel SGX
Running software on untrusted commodity
Runtime integrity

Trusted and untrusted program domains
Local attestation
Remote attestation
Good understanding of security concepts,

Good C/C++ and python programming skills,
Comfortable with command line and basic knowledge of Linux operating system,
Basic understanding of algorithms and data structures,
Any previous knowledge in program analysis is a plus.
This lab aims at raising the bar against MATE attackers by making their attacks more expensive and labor intensive. In this lab course, students will first learn about the state of the art in software-based and hardware-aided tamper-proofing fields. Later on, the participating students in groups of two will apply the acquired knowledge in practice (hands on) by implementing a selected set of the software-based measures. Moreover, students will employ Intel SGX (hardware-assisted integrity protection) mechanism to protect a provided program. This lab ends with a thorough evaluation of the performance and security of the implemented protection schemes.

Phase1: ”Introspection: Self-Checksumming”
The goal of this phase is to detect and prevent tampering attacks on program’s static properties. Groups of two students will be asked to implement a self-checksumming program in C/C++ and python. Afterwards, they will employ their tool to protect a set of programs, which will be provided by the course instructor. All the steps taken, including the algorithm and necessary configurations, will be documented by each group. At the end of this phase, each group will submit their protector’s implementation, protected programs and documentation.
Phase2: ”Introspection: Self-Encryption”
In this phase we will protect the program’s static and the same time attempt to conceal its functionality to the max. Groups will implement a self-encrypting program and employ it on the provided programs. All the source codes along with the documentation will be submitted by each group.
Phase3: ”State Inspection: Oblivious Hashing”
Detecting and preventing tampering attacks on program dynamics are the objectives of this phase. Each group of the students will implement a runtime trace verification program (oblivious hashing) in C/C++ and/or python. They will again use their tool to protect the set of provided programs. Each group will submit their tool, protected programs and corresponding documentations at the end of the phase.
Phase4: ”Hardware-aided Integrity Protection: Intel SGX”
The objective of this phase is to protect applications using tamper resistant hardware. We will use Intel SGX for this purpose and grant shell access to a machine (with SGX hardware) for all students. Each group will receive a program for which they need to identify assets and sensitive code regions (targets for tampering). Once the sensitive regions are identified, they refactor and make all the necessary modification to leverage hardware aided tamper protection.
Phase5: ”Evaluation”
In this phase every group will carry out a thorough evaluation of their implemented protection measures. Each group will measure and report the protection time and runtime overhead of their protectors and SGX protected program. Further, security guarantees and limitations of the implemented schemes in a security analysis will be identified. The outcome of the performance and security analyses will be documented and delivered by each group at the end of this phase.
Für die Anmeldung zur Teilnahme müssen Sie sich in TUMonline als Studierende*r identifizieren.
Online information
e-learning course (moodle)
Preliminary Meeting: 30.01.2017, 10:00h, Alonzo Church (01.09.014)