Protecting software from attack and theft via program analysis

Posted on:2010-10-07

Degree:Ph.D

Type:Dissertation

University:The Pennsylvania State University

Candidate:Wang, Xinran

Full Text:PDF

GTID:1448390002487738

Subject:Computer Science

Abstract/Summary:

Along with the rapid developing software industry and the advent of the Internet, attack and theft are becoming two serious threats to software and software community. Although some attack or theft detection approaches have been proposed, these approaches are limited to meet several highly desired requirements. For example, both attack and theft detection approaches should be resilient to code obfuscation techniques; attack detection approaches should detect new or unknown attacks; software theft detection approaches should be able to detect software component theft.;In this dissertation, several new program analysis techniques, which meet these key requirements, are proposed to detect attack and theft. First, a novel program analysis technique called code abstraction is proposed which is a generic method to separate code from data. Based on this technique, an attack detection system called SigFree is designed and implemented. SigFree is signature free, thus it can block new and unknown attacks. Detection effectiveness and performance are evaluated in experiments and the applicability of SigFree is discussed. Second, a static taint and initialization analyses based approach is presented. Compared with existing static analysis approaches developed for the same purpose, the new approach is the first one that can detect attack code obfuscated by self-modifying and indirect jump, and a more comprehensive static analysis solution in defending against advanced obfuscation including anti-signature, anti-static-analysis and anti-emulation code obfuscation. Finally, a system call dependence graph based software birthmark is proposed to identify software theft. A dynamic analysis tool which generates system call dependence graph at run-time is designed and built. We demonstrate the strength of the birthmarks against various evasion techniques, including those based on different compilers and compiler optimization levels as well as state-of-the-art obfuscation tools. Unlike the existing works that were evaluated through toy software, we evaluate our birthmarks on a set of large software.

Keywords/Search Tags:

Software, Attack, Theft, Program analysis

Related items

1	Research For Measuring Software Similarity Based On Graphs
2	Method For Constructing Vulnerability Attack Database And Identifying Attack Program In Network Traffic
3	A Study Of Anti-cheating Program And Anti-account Theft Mechanism For On-line Game
4	Research On Identity Theft Attack Detection Technology Based On User Behavior
5	Analysis & Attack Of The Popular Network Steganography Software
6	Research On Program Static Analysis
7	Study On Program Diversity For Software Security
8	Research For Virtual Machine Software Protection Method Of Attack
9	The Design And Implementation Of Software Comprehension Aid System Based On Program Slicing
10	Program Analysis Based Bloatware Mitigation and Software Customizatio