In a typical client-server scenario, a server provides valuable services to client applications that run remotely on untrusted client computers. Typical examples are video on demand, online games, voice-over-IP communications, and many others. However, client-side users often hold administrative privileges on their machines and could tamper with the client application to fulfill the service in violation of the service usage conditions or service agreements. Guaranteeing client-code security is one of the most difficult security problem to address. It's an instance of the malicious host problem, where an adversary in control of the client's host environment tries to tamper with the client code. The authors present CodeBender, a tool that implements a novel client replacement strategy to counter the malicious host problem. The client code has limited validity and, when it expires, the server provides a new client that replaces the former one. The reverse-engineering efforts of adversaries are deterred by the complexity of analyzing frequently changing, always different (orthogonal) program code.

CodeBender: Remote Software Protection Using Orthogonal Replacement

Ceccato, Mariano;
2011-01-01

Abstract

In a typical client-server scenario, a server provides valuable services to client applications that run remotely on untrusted client computers. Typical examples are video on demand, online games, voice-over-IP communications, and many others. However, client-side users often hold administrative privileges on their machines and could tamper with the client application to fulfill the service in violation of the service usage conditions or service agreements. Guaranteeing client-code security is one of the most difficult security problem to address. It's an instance of the malicious host problem, where an adversary in control of the client's host environment tries to tamper with the client code. The authors present CodeBender, a tool that implements a novel client replacement strategy to counter the malicious host problem. The client code has limited validity and, when it expires, the server provides a new client that replaces the former one. The reverse-engineering efforts of adversaries are deterred by the complexity of analyzing frequently changing, always different (orthogonal) program code.
2011
Hardware Software Protection, Development Tools, Software Software Engineering, Program Transformation, Security And Protection
File in questo prodotto:
File Dimensione Formato  
is2011.pdf

solo utenti autorizzati

Tipologia: Documento in Post-print
Licenza: Accesso ristretto
Dimensione 1.61 MB
Formato Adobe PDF
1.61 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/1017636
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? 12
social impact