Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

Distributed Application Tamper Detection Via Continuous Software Updates

Presentation
View File
pdf
1.9MB
Paper
View File
pdf
329KB

Christian Collberg
University of Arizona
United States

Sam Martin
University of Arizona
United States

Jonathan Myers
University of Arizona
United States

Jasvir Nagra
Google Inc.
United States

Abstract:
We present a new general technique for protecting clients in distributed systems against Remote Man-at-the-end (R-MATE) attacks. Such attacks occur in settings where an adversary has physical access to an untrusted client device and can obtain an advantage from tampering with the hardware itself or the software it contains.

In our system, the trusted server overwhelms the untrusted
client’s analytical abilities by continuously and automatically generating and pushing to him diverse client code variants. The diversity subsystem employs a set of primitive code transformations that provide an ever-changing attack target for the adversary, making tampering difficult without this being detected by the server.

 

Powered by OpenConf®
Copyright ©2002-2012 Zakon Group LLC