View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Institutional Knowledge at Singapore Management University Singapore Management University Institutional Knowledge at Singapore Management University Research Collection School Of Information Systems School of Information Systems 3-2019 Careful-Packing: A practical and scalable anti-tampering software protection enforced by trusted computing Flavio TOFFALINI Martín OCHOA Jun SUN Singapore Management University, [email protected] Jianying ZHOU Follow this and additional works at: https://ink.library.smu.edu.sg/sis_research Part of the Software Engineering Commons Citation TOFFALINI, Flavio; OCHOA, Martín; SUN, Jun; and ZHOU, Jianying. Careful-Packing: A practical and scalable anti-tampering software protection enforced by trusted computing. (2019). Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY 2019), Dallas, TX, USA, 2019 March 25-27. 231-242. Research Collection School Of Information Systems. Available at: https://ink.library.smu.edu.sg/sis_research/4965 This Conference Proceeding Article is brought to you for free and open access by the School of Information Systems at Institutional Knowledge at Singapore Management University. It has been accepted for inclusion in Research Collection School Of Information Systems by an authorized administrator of Institutional Knowledge at Singapore Management University. For more information, please email [email protected]. Session 6: Hardware Assisted Data Security CODASPY ’19, March 25–27, 2019, Richardson, TX, USA Careful-Packing: A Practical and Scalable Anti-Tampering Software Protection enforced by Trusted Computing Flavio Toffalini Martín Ochoa Singapore University of Technology and Design Cyxtera Technologies ST Electronics-SUTD Cyber Security Laboratory ST Electronics-SUTD Cyber Security Laboratory [email protected] [email protected] Sun Jun Jianying Zhou Singapore University of Technology and Design Singapore University of Technology and Design ST Electronics-SUTD Cyber Security Laboratory [email protected] [email protected] ABSTRACT without paying the license fee [38], a player might cheat in a video- Ensuring the correct behaviour of an application is a critical secu- game [21], or an anti-virus software can be sabotaged [31] by mal- rity issue. One of the most popular ways to modify the intended ware. To achieve these goals, a common strategy is to edit the binary behaviour of a program is to tamper its binary. Several solutions code of such software in order to alter its logic. These threats are have been proposed to solve this problem, including trusted comput- often referred to as Man-At-The-End attackers (MATE) [3]. Both ing and anti-tampering techniques. Both can substantially increase academic researchers and commercial companies have spent an security, and yet both have limitations. In this work, we propose an extensive effort against MATE threats5 [ , 12, 16, 18, 50, 53]. The approach which combines trusted computing technologies and anti- goal of the defending mechanisms is to guarantee that an attack tampering techniques, and that synergistically overcomes some of cannot change the software logic to some extent. It is possible to their inherent limitations. In our approach critical software regions achieve this goal in different ways, e.g., through anti-tampering are protected by leveraging on trusted computing technologies and techniques [36] or through trusted computing technologies [20]. cryptographic packing, without introducing additional software Anti-tampering techniques allow a software to inspect itself layers. To illustrate our approach we implemented a secure monitor and check whether its code has been modified. We refer to those which collects user activities, such as keyboard and mouse events techniques as self-checking, which literally read the binary code of for insider attack detection. We show how our solution provides a the protected software by using special functions called checkers. strong anti-tampering guarantee with a low overhead: around 10 The checkers compute a digital fingerprint of the software byte- lines of code added to the entire application, an average execution code and verify whether that fingerprint matches a pre-computed time overhead of 5.7% and only 300KB of memory allocated for the value [36]. On the other hand, trusted computing technologies pro- trusted module. vide dedicated hardware so that the software can be executed in secure containers which are physically separated from the rest of ACM Reference Format: the system. Those containers are composed of memory regions Flavio Toffalini, Martín Ochoa, Sun Jun, and Jianying Zhou. 2019. Careful- that cannot be directly read/written by other processes (either from Packing: A Practical and Scalable Anti-Tampering Software Protection kernel-space or from user-space). Trusted computing technologies enforced by Trusted Computing. In Ninth ACM Conference on Data and are further reinforced against physical attacks such as flashing Application Security and Privacy (CODASPY ’19), March 25–27, 2019, Richard- BIOS/firmware, page swap, or page cache attacks [13]. son, TX, USA. ACM, New York, NY, USA, 12 pages. https://doi.org/10.1145/ 3292006.3300029 However, both anti-tampering and trusted computing have lim- itations. On the one hand, purely software-based anti-tampering techniques are not completely secure, since the defending mech- 1 INTRODUCTION anisms reside in an untrusted memory region and a determined The widespread of commercial software and of potential security attacker can identify and disarm such defenses. It is possible to threats makes it necessary to develop systematic protection mech- harden anti-tampering techniques by using a combination of addi- anisms. For instance, a customer could attempt to use a program tional approaches [6, 10, 11, 51] that raise the bar for the attackers but that do not fundamentally address the problem [22]. On the other hand, trusted computing technologies, which provide higher Permission to make digital or hard copies of all or part of this work for personal or security guarantees than purely software-based solutions, often classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation have practical limitations, e.g., software within a secure container on the first page. Copyrights for components of this work owned by others than ACM cannot directly interact with the hosting operating system (OS); must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a and the secure container often has size limitations [7]. Previous fee. Request permissions from [email protected]. works studied solutions that move part of the OS functionality CODASPY ’19, March 25–27, 2019, Richardson, TX, USA inside a trusted region [4, 7, 47], but they introduce further com- © 2019 Association for Computing Machinery. ACM ISBN 978-1-4503-6099-9/19/03...$15.00 plexity for employing a secure interaction with the rest of the world https://doi.org/10.1145/3292006.3300029 (e.g., networking, file system). Other authors suggested protecting 231 Session 6: Hardware Assisted Data Security CODASPY ’19, March 25–27, 2019, Richardson, TX, USA only portions of the code [30, 41]. However, these approaches do requires around 300 LoC. Furthermore, the overhead in terms of not address critical limitations such as the interaction with the execution time is negligible, i.e., on average 5:7% w.r.t. the original underlying OS, or the limited amount of memory. Limited memory program. During our experiment, we managed to run and protect makes it unsustainable to deploy all processes in dedicated trusted up to 90 instances at the same time. containers. For instance, machines featured with Intel Software Problem Statement: The research question we are addressing Guard eXtension (SGX) [40] provide only a few hundred megabytes in this work is thus: Is it possible to extend trusted computing that must be shared among all the running trusted containers. If we security guarantees to untrusted memory regions without moving consider processes such as Skype or Firefox, which require around the code entirely within a trusted module? 100MB each, we need multiple trusted containers for each process Contributions: In summary, the contributions of this paper are: to protect. Therefore, this approach does not scale for multiple (a) We propose a new technique to extend trusted computing parallel processes. The introduction of SGX 2.0 allows modifying over untrusted zones minimizing the amount of code to store the size of a single trusted container but it does not modify the within a trusted module. (b) We propose a technique to mitigate de- maximum memory available for trusted containers. nial-of-service problems in trusted computing technologies. (c) We Our proposal overcomes the limitations of both pure anti-tampering propose an algorithm for achieving a secure installation and boot and trusted computing by combining both approaches. We extend phase. hardware security features of trusted computing over untrusted memory regions by using a minimal (possibly fixed) amount of Organization. We provide background on SGX and software code. To achieve this, we harden anti-tampering functionality (e.g., protection