0000001099 16W 6SWS PR Praktikum - Secure Coding (IN2106, IN4202)   Hilfe Logo

LV - Detailansicht

Wichtigste Meldungen anzeigenMeldungsfenster schließen
Allgemeine Angaben
Praktikum - Secure Coding (IN2106, IN4202) 
Wintersemester 2016/17
Informatik 4 - Lehrstuhl für Software & Systems Engineering (Prof. Pretschner)
Zuordnungen: 1 
Angaben zur Abhaltung
The goal of this lab is to teach students how to protect software applications against so called Man-At-The-End (MATE) attackers. MATE attackers control the system on which the application is running and their goals include but are not limited to: reverse engineering a proprietary algorithm, bypassing license checks or extracting secret keys. MATE attackers have capabilities that exceed those of remote attackers, e.g. MATE attackers can perform step-by-step debugging of the application and modify its code and/or memory values during execution. They can do this without needing to exploit any vulnerability of the target application. This lab will focus on applications written in C, because MATE attacks are often performed at binary level. To defend against MATE attackers we will first present tools and techniques used in reverse engineering and then present tools and techniques for software protection. We will cover an array of techniques employed in state-of-the-art software protection such as: obfuscation, tamper-proofing, watermarking, anti-disassembly, anti-decompiling, anti-debugging, etc. This lab will be accompanied by a hands-on project that will be divided into 5 phases (each phase will be graded):

Phase 1 “Application Protection”: Groups of 2 students will be asked to protect software apps using either existing tools and/or (possibly) self-developed tools/scripts. All groups will be given a set of assets that they must protect against MATE attackers. The protection tools and techniques employed by each group will be documented.

Phase 2 “Reverse Engineering”: Each group of students will exchange their apps and documentation from Phase 1 with another group. Each group will have a set of reverse engineering tasks to perform on the apps which they received using at least one tool specified by the instructors and any other tools they choose or develop. All tasks must be documented (using screenshots or screen-cast) such that they can be reproduced by any other group in Phase 3.

Phase 3 “Verifying Findings”: Each group of students will get the apps of another group form Phase 1 and the reverse engineering documentation from Phase 2 corresponding to the apps. Each group will verify the reverse-engineering findings of another team from Phase 2 by reproducing the tasks according to the documentation. All tasks must be reproduced and recorded as a screen-cast. Incorrect, missing or incompletely documented tasks from Phase 2 will be documented and corrected if possible.

Phase 4 “Application Hardening”: Each group will have to apply additional protection mechanisms to their own apps such that as many attacks as possible from Phases 2 and 3 are mitigated. Each team will have to document which protection techniques were added, why they were employed and which attacks they should defend against.

Phase 5 “Verifying Hardening”: Finally, each group of students will receive the hardened apps and documentation (from Phase 4) of another group and the documentation corresponding to the apps from Phases 2, 3 and 4. Each group will verify which protections added in Phase 4 defend against which attacks from Phases 2 and 3. Results must be recorded as screen-casts for each reverse-engineering task.

Misc: All participants of this lecture must fill-in a disclaimer and hand it to the instructors in original hard-copy form, before the end of the first lab session.
C programming knowledge
The goal of this lab is to teach students how to protect software applications against so called Man-At-The-End (MATE) attackers via sw protection.
Modules taught will include
Module 1: Introduction and Motivation
• Software protection scenarios
• Software protection tools
• Overview of obfuscation
• Overview of tamper-proofing

Module 2: Attacker Model
• Attack targets
• Cracking with GDB
• Overview of attack techniques

Module 3: Program Analysis
• Control-flow analysis
• Disassembly
• Decompilation
• Debugging
• Symbolic / Concolic Execution
• How to deal with self-modifying code

Module 4: Code Obfuscation
• Static obfucation transformations
• Obfuscation used by computer viruses / malware
• Code diversity
• Dynamic obfuscation

Module 5: Tamper-proofing
• Environment checking
• Introspection
• Self-checksumming code
• Oblivious-hashing
• Response mechanisms
• Temporal code diversity
Für die Anmeldung zur Teilnahme müssen Sie sich in TUMonline als Studierende/r identifizieren.
Anmerkung: Recommended: Assembly language, knowledge of using: Linux, Docker and screen-casting software
There is no single literature source for the topics treated in the lecture. However the following is a list of recommended further reading:

• Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection, Jasvir Nagra, Christian Collberg, Pearson Education, Jul 24, 2009
• The Ida Pro Book: The Unofficial Guide to the World's Most Popular Disassembler, Chris Eagle No Starch Press, Incorporated, 2011
• Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and
Online Unterlagen
E-Learning Kurs (Moodle)
Pre-course meeting: Tuesday, 28.06.2016 at 13:00, room: 00.11.038 J. v. Neumann