| Allgemeine Angaben |
|
| Mater Praktikum - Software Integrity Protection (IN2106, IN4213) | | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Allocations: 1 | |
| eLearning[Provide new moodle course in current semester] |
|
|
| |
| Angaben zur Abhaltung |
|
Software systems are subject to Man-At-The-End attacks. MATE attackers have control over the system on which the software is running, and thus they can manipulate both the software itself and its runtime environment for their own benefits. Attackers motive includes but not limited to: illegal usage of a software by bypassing license checks, accessing proprietary data, cheating in games or extracting confidential information (e.g. encryption keys) in an application. In this lab course, students will learn about different protection measures, their cons and pros and finally implement a selected set of techniques.
Module 0: Introduction and Motivation
Software protection scenarios
Attack tree
Man-at-the-End vs. network attacker
Overview of the attacks
Disassembly
, decompilation
, debuggers, symbolic / concolic execution
Introspection, state inspection, layered and remote protection.
Module 1: Protection Process & LLVM
Check() and Response() paradigm
Overview of protection process & code transformation
Post-compile, pre-compile, compile-time, load time and runtime transformations Granularity of protection: function, basic block, instruction, slice, control flow
LLVM compiler infrastructure & passes
Module 2: Introspection self-checksumming
Self-checking and self-checksumming
Network of checkers and cyclic checks
Stealth analysis
Attacks: memory split and taint analysis
Module 3: Introspection self-encrypting
Key derivation and Block-chain
Whitebox cryptography
Process level virtualisation
Stealth analysis
Attacks: memory dump and key extraction
Module 4: State inspection
Trace authentication
Environmental states
Oblivious hashing
Stealth analysis
Attacks: time-of-check vs. time-of-use
Module 5: Intel SGX
Running software on untrusted commodity
Runtime integrity
Trusted and untrusted program domains
Enclaves
Local attestation
Remote attestation
Limitations |
|
|
Good understanding of security concepts,
Good C/C++ and python programming skills,
Comfortable with command line and basic knowledge of Linux operating system,
Basic understanding of algorithms and data structures,
Any previous knowledge in program analysis is a plus. |
|
|
This lab aims at raising the bar against MATE attackers by making their attacks more expensive and labor intensive. In this lab course, students will first learn about the state of the art in software-based and hardware-aided tamper-proofing fields. Later on, the participating students in groups of two will apply the acquired knowledge in practice (hands on) by implementing a selected set of the software-based measures. Moreover, students will employ Intel SGX (hardware-assisted integrity protection) mechanism to protect a provided program. This lab ends with a thorough evaluation of the performance and security of the implemented protection schemes.
Phase1: ”Introspection: Self-Checksumming”
The goal of this phase is to detect and prevent tampering attacks on program’s static properties. Groups of two students will be asked to implement a self-checksumming program in C/C++ and python. Afterwards, they will employ their tool to protect a set of programs, which will be provided by the course instructor. All the steps taken, including the algorithm and necessary configurations, will be documented by each group. At the end of this phase, each group will submit their protector’s implementation, protected programs and documentation.
Phase2: ”Introspection: Self-Encryption”
In this phase we will protect the program’s static and the same time attempt to conceal its functionality to the max. Groups will implement a self-encrypting program and employ it on the provided programs. All the source codes along with the documentation will be submitted by each group.
Phase3: ”State Inspection: Oblivious Hashing”
Detecting and preventing tampering attacks on program dynamics are the objectives of this phase. Each group of the students will implement a runtime trace verification program (oblivious hashing) in C/C++ and/or python. They will again use their tool to protect the set of provided programs. Each group will submit their tool, protected programs and corresponding documentations at the end of the phase.
Phase4: ”Hardware-aided Integrity Protection: Intel SGX”
The objective of this phase is to protect applications using tamper resistant hardware. We will use Intel SGX for this purpose and grant shell access to a machine (with SGX hardware) for all students. Each group will receive a program for which they need to identify assets and sensitive code regions (targets for tampering). Once the sensitive regions are identified, they refactor and make all the necessary modification to leverage hardware aided tamper protection.
Phase5: ”Evaluation”
In this phase every group will carry out a thorough evaluation of their implemented protection measures. Each group will measure and report the protection time and runtime overhead of their protectors and SGX protected program. Further, security guarantees and limitations of the implemented schemes in a security analysis will be identified. The outcome of the performance and security analyses will be documented and delivered by each group at the end of this phase. |
|
|
|
|
|
|
|
|
| Für die Anmeldung zur Teilnahme müssen Sie sich in TUMonline als Studierende*r identifizieren. |
|
| |
| Zusatzinformationen |
|
|
|
|
|
| Preliminary Meeting: 30.01.2017, 10:00h, Alonzo Church (01.09.014) |
|
