Code Self-checking Techniques Code Self-checking Techniques for Trusted-Flow Implementationfor Trusted-Flow Implementation Code Self-checking Techniques Code Self-checking Techniques

for Trusted-Flow Implementationfor Trusted-Flow Implementation

Luca TagliaferriLuca Tagliaferri

luca.tagliaferri@polito.itluca.tagliaferri@polito.it

28 / 06 / 2004Luca Tagliaferri

Code checking mechanism

• WhatWhat::– Verify that the executing program ina Java Verify that the executing program ina Java

environment is accomplishing (only and all) environment is accomplishing (only and all) its requested duty.its requested duty.

• HowHow::– Inserting dynamically control code by an Inserting dynamically control code by an

updatable Agent.updatable Agent.– Monitoring the control flowMonitoring the control flow

• WhyWhy::– Unexpected code is prevented to be Unexpected code is prevented to be

executed.executed.

28 / 06 / 2004Luca Tagliaferri

Control Flow Mechanism

• A tool reads the original code and saves a A tool reads the original code and saves a regular expression describing the flow.regular expression describing the flow.

• The original program is monitored by a The original program is monitored by a companion process called companion process called Checker Checker (resident in (resident in a trusted area).a trusted area).

• The two processes communicate using The two processes communicate using sockets.sockets.

28 / 06 / 2004Luca Tagliaferri

Control Flow Checking

R = AB|[C]*]DCOND1

COND2BLOCK2

B

BLOCK3

C

Begin

End

BLOCK4

D

BLOCK1

A

28 / 06 / 2004Luca Tagliaferri

void main ()void main (){{

instr1;instr1;instr2;instr2;

if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; } else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9;

}}}}instr10;instr10;

}}

Original Program

S1

S2 S3

S4

S0

A

B C

CD D

Socket

Checker

Agent

int p[2];int p[2];socket (p);socket (p);

write (p,f(A) );write (p,f(A) );

write (p,f(B) );write (p,f(B) );

write (p,f(C) );write (p,f(C) );

write (p,f(D) );write (p,f(D) );

28 / 06 / 2004Luca Tagliaferri

S1

S2 S3

S4

S0

A

B C

CD D

void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}

Socket

Original Program Checker

AAAAAAAA

28 / 06 / 2004Luca Tagliaferri

S1

S2 S3

S4

S0

A

B C

CD D

void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}

Socket

Original Program Checker

A

S0

S1

28 / 06 / 2004Luca Tagliaferri

S1

S2 S3

S4

S0

A

B C

CD D

void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}

Socket

Original Program Checker

BBBBBB

28 / 06 / 2004Luca Tagliaferri

S2 S3

S4

S0

A

B C

CD D

void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}

Socket

Original Program Checker

B

S0

S1

28 / 06 / 2004Luca Tagliaferri

S1

S2 S3

S4

S0

A

B C

CD D

void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}

Socket

Original Program Checker

B

S1

S2

28 / 06 / 2004Luca Tagliaferri

S1

S2 S3

S4

S0

A

B C

CD D

void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}

Socket

Original Program Checker

DDDDDDD

28 / 06 / 2004Luca Tagliaferri

S1

S2 S3

S4

S0

A

B C

CD D

void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5; instr5; instr6; instr6; write (p,f(B) );write (p,f(B) );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}

Socket

Original Program Checker

DS2

S4

OK

28 / 06 / 2004Luca Tagliaferri

Detection

• In case an instruction in any block is modified In case an instruction in any block is modified the block itself is modified (or even a block is the block itself is modified (or even a block is avoided)avoided)

• The function f(The function f(blockblock) returns a different value.) returns a different value.• The checker detects the hackingThe checker detects the hacking

28 / 06 / 2004Luca Tagliaferri

S1

S2 S3

S4

S0

A

B C

CD D

void main ()void main (){{int p[2];int p[2];socketsocket (p);(p);instr1;instr1;instr2;instr2;write (p,f(A) );write (p,f(A) );if (cond1) {if (cond1) { instr4; instr4; instr5’instr5’;; instr6; instr6; write (p,write (p,f(B’)f(B’) ); );} else {} else { while (cond2) { while (cond2) { instr8; instr8; instr9; instr9; write (p,f(C) );write (p,f(C) ); }}}}instr10;instr10;write (p,f(D) );write (p,f(D) );}}

Socket

Modified Original Program Checker

B’S2

S4

B fails

28 / 06 / 2004Luca Tagliaferri

Discussion

• What is f(x) ?What is f(x) ?

A block sign function describing the A block sign function describing the

flow execution and flow execution and

cyphered with a symmetric key cyphered with a symmetric key • How can it be hidden ?How can it be hidden ?

Code obfuscation and appropriate keyCode obfuscation and appropriate key• Can it be replaced ?Can it be replaced ?

Frequent updateFrequent update