Code Self-checking Techniques for Trusted-Flow Implementation

1
Code Self-checking Techniques for Trusted-Flow
Implementation
Luca Tagliaferri luca.tagliaferri_at_polito.it
2
Code checking mechanism

• What
• Verify that the executing program ina Java
  environment is accomplishing (only and all) its
  requested duty.
• How
• Inserting dynamically control code by an
  updatable Agent.
• Monitoring the control flow
• Why
• Unexpected code is prevented to be executed.

3
Control Flow Mechanism

• A tool reads the original code and saves a
  regular expression describing the flow.
• The original program is monitored by a companion
  process called Checker (resident in a trusted
  area).
• The two processes communicate using sockets.

4
Control Flow Checking
Begin
BLOCK1A
R ABCD
COND1
COND2
BLOCK2B
BLOCK3C
BLOCK4D
End
5
(No Transcript)
6
Original Program
Checker

• void main ()
• int p2socket (p)instr1instr2write
  (p,f(A) )
• if (cond1) instr4 instr5 instr6
  write (p,f(B) )
• else while (cond2) instr8
  instr9 write (p,f(C) )
• instr10write (p,f(D) )

Socket
A
A
A
A
A
A
A
A
7
Original Program
Checker

• void main ()
• int p2socket (p)instr1instr2write
  (p,f(A) )
• if (cond1) instr4 instr5 instr6
  write (p,f(B) )
• else while (cond2) instr8
  instr9 write (p,f(C) )
• instr10write (p,f(D) )

S0
S0
A
S1
S1
Socket
B
C
A
S3
S2
C
D
D
S4
8
Original Program
Checker

• void main ()
• int p2socket (p)instr1instr2write
  (p,f(A) )
• if (cond1) instr4 instr5 instr6
  write (p,f(B) )
• else while (cond2) instr8
  instr9 write (p,f(C) )
• instr10write (p,f(D) )

S0
A
S1
Socket
B
C
B
B
B
B
B
B
S3
S2
C
D
D
S4
9
Original Program
Checker

• void main ()
• int p2socket (p)instr1instr2write
  (p,f(A) )
• if (cond1) instr4 instr5 instr6
  write (p,f(B) )
• else while (cond2) instr8
  instr9 write (p,f(C) )
• instr10write (p,f(D) )

S0
S0
A
S1
Socket
B
C
B
S3
S2
C
D
D
S4
10
Original Program
Checker

• void main ()
• int p2socket (p)instr1instr2write
  (p,f(A) )
• if (cond1) instr4 instr5 instr6
  write (p,f(B) )
• else while (cond2) instr8
  instr9 write (p,f(C) )
• instr10write (p,f(D) )

S0
A
S1
S1
Socket
B
C
B
S3
S2
S2
C
D
D
S4
11
Original Program
Checker

• void main ()
• int p2socket (p)instr1instr2write
  (p,f(A) )
• if (cond1) instr4 instr5 instr6
  write (p,f(B) )
• else while (cond2) instr8
  instr9 write (p,f(C) )
• instr10write (p,f(D) )

Socket
D
D
D
D
D
D
D
12
Original Program
Checker

• void main ()
• int p2socket (p)instr1instr2write
  (p,f(A) )
• if (cond1) instr4 instr5 instr6
  write (p,f(B) )
• else while (cond2) instr8
  instr9 write (p,f(C) )
• instr10write (p,f(D) )

S0
A
S1
Socket
B
C
D
S3
S2
S2
C
D
D
S4
S4
OK
13
Detection

• In case an instruction in any block is modified
  the block itself is modified (or even a block is
  avoided)
• The function f(block) returns a different value.
• The checker detects the hacking

14
Modified Original Program
Checker

• void main ()
• int p2socket (p)instr1instr2write
  (p,f(A) )
• if (cond1) instr4 instr5 instr6
  write (p,f(B) )
• else while (cond2) instr8
  instr9 write (p,f(C) )
• instr10write (p,f(D) )

S0
A
S1
Socket
B
C
B
S3
S2
S2
C
D
D
S4
S4
B fails
15
Discussion

• What is f(x) ?
• A block sign function describing the
• flow execution and
• cyphered with a symmetric key
• How can it be hidden ?
• Code obfuscation and appropriate key
• Can it be replaced ?
• Frequent update