research.secure software

Secure Software, Mobile Code Protection, and Software Tamper Resistance

Most instances of software exploitation are really software failure. Even though we cannot eliminate vulnerability from modern information systems, we can reduce exploitable code long term with sound, robust development practices. We argue that many "secure coding" concepts represent commonly taught coding techniques that ensure robustness, rather than ensuring any commonly understood concept of security. Weaving the practice of rigorous coding techniques into curriculum is essential — coding for security is useless apart from fault-tolerant foundations. However, security-specific coding techniques need to be integrated pedagogically alongside robustness so that students can differentiate the two. The amount of rigor a professional development organization puts into its software process is tied to the nature of the computer programs they develop. We consider three notional levels of rigor, which can be logically tied to a likely level of capability and process level maturity (CMM level) possessed by an organization.

Mobile Code protection is an important topic in secure software. One approach to protect distributed systems implemented with mobile code is through program obfuscation. Disguising program intent is a form of information hiding that facilitates tamper resistance. By hiding program intent, we reduce adversaries to non-semantic attacks such as blind disruption or operating system level attacks (e.g. buffer overflows).

We provide a framework for establishing and evaluating program intent protection mechanisms to impede software tampering. Our model reflects more modest goals than the Virtual Black Box model. Rather than considering a comprehensive view of obfuscation, we detail broad classes of threats and we propose mechanisms to counter those threats. We then illustrate our model with a proof of the protection we offer and outline extensions to our results.

Electronic voting applications demand secure software practices. There is widespread agreement that computers are and will continue to be an intimate part of the voting process. SAIT Laboratory believes that voting is a mission critical system and voters deserve to be confident that any software involved in the voting process is secure. Privacy demands and other limitations also demand that the election count must be right the first time. We focus on establishing technology to ensure accuracy on the first count through redundancy, checks and balances, and other scientific process. Our foundational premise is that any electronic voting component must be secure.

Malicious software (malware) is a major and increasing threat to reliable and trustworthy Internet communications. Many malware-based attacks rely on the shrink-wrap factor, i.e. a large number of users that operate identical applications on their personal and business computers. It is not the function, or application semantics that provides the target of opportunity. Rather, with a large installed code base, clever intruders leverage the internal program structure and well-known system architecture to create zombies, change security settings, trigger massive email and network flooding attacks, and generally cause havoc. The shrink-wrap factor is very important to malware attacks, because if everyone wrote their own applications, intruders would not be able to target a specific code structure. Even if many different vendors produced similar (yet distinct) application implementations (e.g. operating system, word processor, spreadsheet, etc.), it would complicate non-semantic attacks by increasing target identification complexity and reducing target suitability populations. We seek automated mechanisms that allow shrink-wrap vendors to package their software products in a way that inherently prevents structure-based malware attacks. The foundation of our technology is that we “Differentiate Executables.”

Researchers

• Mike Burmester
• David Whalley
• Alec Yasinsac
• Gary Tyson
• Breno de Medeiros
• Todd McDonald
• Sarah Diesburg

Publications

• McDonald, Todd and Alec Yasinsac, “Program Intent Protection Using Circuit Encryption.” 8^th International Symposium on System and Information Security. Sao Jose dos Campos, Sao Paulo, Brazil. 8 - 10 November 2006
• Yasinsac, Alec and Todd McDonald. “Security-Aware Coding.” 39^th Annual Hawaii International Conference On System Sciences. Mini-track on Information Security Education and Foundational Research. 4 - 7 January 2006
• Yasinsac, Alec and Todd McDonald, “Of Unicorns and Random Programs.” The Third IASTED International Conference on Communications and Computer Networks (CCN 2005). Marina del Rey, CA, USA. 24 - 26 October 2005
• McDonald, Todd and Alec Yasinsac. “Application Security Models for Mobile Agent Systems.” Proceedings of the 1^st International Workshop on Security and Trust Management. Electronic Notes in Theoretical Computer Science, Volume 157, Issue 3, Pages 1-158 (25 May 2006), ed. S. Mauw, V. Issarny, and C. Cremers. Milan, Italy. 15 September 2005
• McDonald, Todd. “Hybrid Approach for Secure Mobile Agent Computations.” Proceedings of the Secure Mobile Ad-hoc Networks and Sensors Workshop (MADNES’05). LNCS 4074, Springer-Verlag, Berlin Heidelberg, 2006, pp. 38-53. 20 - 22 September 2005
• Thompson, Willard, Alec Yasinsac, and Todd McDonald. “Semantic Encryption Transformation Scheme.” Proceedings of the 2004 International Workshop on Security in Parallel and Distributed Systems, pp. 516-21. San Francisco, CA. 15 - 17 September 2004
• McDonald, Todd, Alec Yasinsac, and Willard Thompson. “Mobile Agent Data Integrity Using Multi-agent Architecture.” Proceedings of the 2004 International Workshop on Security in Parallel and Distributed Systems, pp. 536-42. San Francisco, CA. 15 - 17 September 2004

Last Updated: November 2, 2008 @ 12:01:50PM EST/EDT Designed & Published by FSU C-SAIT. Please view our legal notices and privacy policy.