(Translated by https://www.hiragana.jp/)
Anti-tamper software: Difference between revisions - Wikipedia Jump to content

Anti-tamper software: Difference between revisions

Add links
From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Last edit messed messed up formatting
No edit summary
Line 5: Line 5:
Tampering can be malicious, to gain control over some aspect of the software with an unauthorized modification that alters the [[computer program]] code and behaviour. Examples include installing [[rootkits]] and [[backdoor (computing)|backdoor]]s, disabling security monitoring, subverting authentication, [[malicious code]] injection for the purposes of data theft or to achieve higher user privileges, altering control flow and communication, license code bypassing for the purpose of [[software piracy]], code interference to extract data or algorithms<ref>{{Cite book | last1 = Cappaert | first1 = J. | last2 = Preneel | first2 = B. | doi = 10.1145/1866870.1866877 | chapter = A general model for hiding control flow | title = Proceedings of the tenth annual ACM workshop on Digital rights management - DRM '10 | pages = 35 | year = 2010 | isbn = 9781450300919 | url = http://www.cosic.esat.kuleuven.be/publications/article-1484.pdf}}</ref> and counterfeiting. Software applications are vulnerable to the effects of tampering and code changes throughout their lifecycle from development and deployment to operation and maintenance.
Tampering can be malicious, to gain control over some aspect of the software with an unauthorized modification that alters the [[computer program]] code and behaviour. Examples include installing [[rootkits]] and [[backdoor (computing)|backdoor]]s, disabling security monitoring, subverting authentication, [[malicious code]] injection for the purposes of data theft or to achieve higher user privileges, altering control flow and communication, license code bypassing for the purpose of [[software piracy]], code interference to extract data or algorithms<ref>{{Cite book | last1 = Cappaert | first1 = J. | last2 = Preneel | first2 = B. | doi = 10.1145/1866870.1866877 | chapter = A general model for hiding control flow | title = Proceedings of the tenth annual ACM workshop on Digital rights management - DRM '10 | pages = 35 | year = 2010 | isbn = 9781450300919 | url = http://www.cosic.esat.kuleuven.be/publications/article-1484.pdf}}</ref> and counterfeiting. Software applications are vulnerable to the effects of tampering and code changes throughout their lifecycle from development and deployment to operation and maintenance.


Anti-tamper protection can be applied as either internally or externally to the application being protected. External anti-tampering is normally accomplished by monitoring the software to detect tampering. This type of defense is commonly expressed as [[malware scanner]]s and [[anti-virus software|anti-virus applications]]. Internal anti-tampering is used to turn an application into its own security system and is generally done with specific code within the software that will detect tampering as it happens. This type of tamper proofing defense may take the form of runtime integrity checks such as [[cyclic redundancy checksum]]s,<ref>{{cite web|url=http://www.gamasutra.com/view/feature/3030/keeping_the_pirates_at_bay.php |title=Keeping the Pirates at Bay |publisher=Gamasutra |access-date=2013-12-24}}</ref> [[anti-debugging]] measures, encryption or [[obfuscation (software)|obfuscation]].<ref>{{cite techreport |first=David |last=Chaboya |title=State of the Practice of Software Anti-Tamper |institution=Anti-Tamper and Software Protection Initiative Technology Office, [[Air Force Research Laboratory]] |date=20 June 2007 |format=PDF |url=http://www.ieee-stc.org/proceedings/2007/pdfs/DC1701.pdf |archive-url=https://web.archive.org/web/20131227221238/http://www.ieee-stc.org/proceedings/2007/pdfs/DC1701.pdf |archive-date=27 December 2013 |url-status=dead |access-date=24 December 2013 }}</ref> Execution inside a [[virtual machine]] has become a common anti-tamper method used in recent years for commercial software; it is used for example in StarForce and [[SecuROM]].<ref>{{Cite journal | last1 = Guillot | first1 = Y. | last2 = Gazet | first2 = A. | doi = 10.1007/s11416-009-0118-4 | title = Semi-automatic binary protection tampering | journal = Journal in Computer Virology | volume = 5 | issue = 2 | pages = 119-149| year = 2009 | url = http://metasm.cr0.org/docs/sstic08-metasm-jcv.pdf}}</ref> Some anti-tamper software uses [[white-box cryptography]], so cryptographic keys are not revealed even when cryptographic computations are being observed in complete detail in a debugger.<ref> {{Cite book | last1 = Oorschot | first1 = P. C. | chapter = Revisiting Software Protection | doi = 10.1007/10958513_1 | title = Information Security | series = Lecture Notes in Computer Science | volume = 2851 | pages = 1–13 | year = 2003 | isbn = 978-3-540-20176-2 | url = http://people.scs.carleton.ca/~paulv/papers/isc5.pdf}}</ref> A more recent research trend is tamper-tolerant software, which aims to correct the effects of tampering and allow the program to continue as if unmodified.<ref name="tt"/> A simple (and easily defeated) scheme of this kind was used in the [[Diablo II]] video game, which stored its critical player data in two copies at different memory locations and if one was modified externally, the game used the lower value.<ref name="Davis2008">{{cite book| last = Davis| first = Steven B.| title = Protecting Games| url = https://books.google.com/books?id=-bALAAAAQBAJ&pg=PA135| year = 2008| publisher = Cengage Learning| isbn = 1-58450-687-3| page = 135 }}</ref>
Anti-tamper protection can be applied as either internally or externally to the application being protected. External anti-tampering is normally accomplished by monitoring the software to detect tampering. This type of defense is commonly expressed as [[malware scanner]]s and [[anti-virus software|anti-virus applications]]. Internal anti-tampering is used to turn an application into its own security system and is generally done with specific code within the software that will detect tampering as it happens. This type of tamper proofing defense may take the form of runtime integrity checks such as [[cyclic redundancy checksum]]s,<ref>{{cite web|url=http://www.gamasutra.com/view/feature/3030/keeping_the_pirates_at_bay.php |title=Keeping the Pirates at Bay |publisher=Gamasutra |access-date=2013-12-24}}</ref> [[anti-debugging]] measures, encryption or [[obfuscation (software)|obfuscation]].<ref>{{cite techreport |first=David |last=Chaboya |title=State of the Practice of Software Anti-Tamper |institution=Anti-Tamper and Software Protection Initiative Technology Office, [[Air Force Research Laboratory]] |date=20 June 2007 |format=PDF |url=http://www.ieee-stc.org/proceedings/2007/pdfs/DC1701.pdf |archive-url=https://web.archive.org/web/20131227221238/http://www.ieee-stc.org/proceedings/2007/pdfs/DC1701.pdf |archive-date=27 December 2013 |url-status=dead |access-date=24 December 2013 }}</ref> Execution inside a [[virtual machine]] has become a common anti-tamper method used in recent years for commercial software; it is used for example in [[StarForce]] and [[SecuROM]].<ref>{{Cite journal | last1 = Guillot | first1 = Y. | last2 = Gazet | first2 = A. | doi = 10.1007/s11416-009-0118-4 | title = Semi-automatic binary protection tampering | journal = Journal in Computer Virology | volume = 5 | issue = 2 | pages = 119-149| year = 2009 | url = http://metasm.cr0.org/docs/sstic08-metasm-jcv.pdf}}</ref> Some anti-tamper software uses [[white-box cryptography]], so cryptographic keys are not revealed even when cryptographic computations are being observed in complete detail in a debugger.<ref> {{Cite book | last1 = Oorschot | first1 = P. C. | chapter = Revisiting Software Protection | doi = 10.1007/10958513_1 | title = Information Security | series = Lecture Notes in Computer Science | volume = 2851 | pages = 1–13 | year = 2003 | isbn = 978-3-540-20176-2 | url = http://people.scs.carleton.ca/~paulv/papers/isc5.pdf}}</ref> A more recent research trend is tamper-tolerant software, which aims to correct the effects of tampering and allow the program to continue as if unmodified.<ref name="tt"/> A simple (and easily defeated) scheme of this kind was used in the [[Diablo II]] video game, which stored its critical player data in two copies at different memory locations and if one was modified externally, the game used the lower value.<ref name="Davis2008">{{cite book| last = Davis| first = Steven B.| title = Protecting Games| url = https://books.google.com/books?id=-bALAAAAQBAJ&pg=PA135| year = 2008| publisher = Cengage Learning| isbn = 1-58450-687-3| page = 135 }}</ref>


Anti-tamper software is used in many types of software products including: embedded systems, financial applications, software for mobile devices, network-appliance systems, [[Anti-cheat software|anti-cheating in games]], military,<ref>{{cite web|last=Keller |first=John |url=http://www.militaryaerospace.com/articles/2010/04/anti-tamper-technologies-seek-to-keep-critical-military-systems-data-in-the-right-hands.html |title=Anti-tamper technologies seek to keep critical military systems data in the right hands - Military & Aerospace Electronics |publisher=Militaryaerospace.com |access-date=2013-12-24}}</ref> [[License manager|license management]] software, and [[digital rights management]] (DRM) systems. Some general-purpose packages have been developed which can wrap existing code with minimal programing effort; for example the SecuROM and similar kits used in the gaming industry, though they have the downside that semi-generic attacking tools also exist to counter them.<ref name="Honig2012">{{cite book| last = Honig| first = Andrew| title = Practical Malware Analysis| url = https://books.google.com/books?id=FQC8EPYy834C&pg=PA400| year = 2012| publisher = No Starch Press| isbn = 978-1-59327-430-6| page = 400 }}</ref> Malicious software itself can and has been observed using anti-tampering techniques, for example the [[Mariposa botnet]].<ref>{{Cite book | last1 = Sinha | first1 = P. | last2 = Boukhtouta | first2 = A. | last3 = Belarde | first3 = V. H. | last4 = Debbabi | first4 = M. | chapter = Insights from the analysis of the Mariposa botnet | doi = 10.1109/CRISIS.2010.5764915 | title = 2010 Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS) | pages = 1 | year = 2010 | isbn = 978-1-4244-8641-0 | url = http://www.ncfta.ca/papers/InsightsFromTheAnalysisOfTheMariposaBotnet.pdf | access-date = 2015-09-04 | archive-url = https://web.archive.org/web/20120916070709/http://www.ncfta.ca/papers/InsightsFromTheAnalysisOfTheMariposaBotnet.pdf | archive-date = 2012-09-16 | url-status = dead }}</ref>
Anti-tamper software is used in many types of software products including: embedded systems, financial applications, software for mobile devices, network-appliance systems, [[Anti-cheat software|anti-cheating in games]], military,<ref>{{cite web|last=Keller |first=John |url=http://www.militaryaerospace.com/articles/2010/04/anti-tamper-technologies-seek-to-keep-critical-military-systems-data-in-the-right-hands.html |title=Anti-tamper technologies seek to keep critical military systems data in the right hands - Military & Aerospace Electronics |publisher=Militaryaerospace.com |access-date=2013-12-24}}</ref> [[License manager|license management]] software, and [[digital rights management]] (DRM) systems. Some general-purpose packages have been developed which can wrap existing code with minimal programing effort; for example the SecuROM and similar kits used in the gaming industry, though they have the downside that semi-generic attacking tools also exist to counter them.<ref name="Honig2012">{{cite book| last = Honig| first = Andrew| title = Practical Malware Analysis| url = https://books.google.com/books?id=FQC8EPYy834C&pg=PA400| year = 2012| publisher = No Starch Press| isbn = 978-1-59327-430-6| page = 400 }}</ref> Malicious software itself can and has been observed using anti-tampering techniques, for example the [[Mariposa botnet]].<ref>{{Cite book | last1 = Sinha | first1 = P. | last2 = Boukhtouta | first2 = A. | last3 = Belarde | first3 = V. H. | last4 = Debbabi | first4 = M. | chapter = Insights from the analysis of the Mariposa botnet | doi = 10.1109/CRISIS.2010.5764915 | title = 2010 Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS) | pages = 1 | year = 2010 | isbn = 978-1-4244-8641-0 | url = http://www.ncfta.ca/papers/InsightsFromTheAnalysisOfTheMariposaBotnet.pdf | access-date = 2015-09-04 | archive-url = https://web.archive.org/web/20120916070709/http://www.ncfta.ca/papers/InsightsFromTheAnalysisOfTheMariposaBotnet.pdf | archive-date = 2012-09-16 | url-status = dead }}</ref>

Revision as of 02:50, 1 October 2022

Anti-tamper software is software which makes it harder for an attacker to modify it. The measures involved can be passive such as obfuscation to make reverse engineering difficult or active tamper-detection techniques which aim to make a program malfunction or not operate at all if modified.[1] It is essentially tamper resistance implemented in the software domain. It shares certain aspects but also differs from related technologies like copy protection and trusted hardware, though it is often used in combination with them. Anti-tampering technology typically makes the software somewhat larger and also has a performance impact. There are no provably secure software anti-tampering methods; thus, the field is an arms race between attackers and software anti-tampering technologies.[2]

Tampering can be malicious, to gain control over some aspect of the software with an unauthorized modification that alters the computer program code and behaviour. Examples include installing rootkits and backdoors, disabling security monitoring, subverting authentication, malicious code injection for the purposes of data theft or to achieve higher user privileges, altering control flow and communication, license code bypassing for the purpose of software piracy, code interference to extract data or algorithms[3] and counterfeiting. Software applications are vulnerable to the effects of tampering and code changes throughout their lifecycle from development and deployment to operation and maintenance.

Anti-tamper protection can be applied as either internally or externally to the application being protected. External anti-tampering is normally accomplished by monitoring the software to detect tampering. This type of defense is commonly expressed as malware scanners and anti-virus applications. Internal anti-tampering is used to turn an application into its own security system and is generally done with specific code within the software that will detect tampering as it happens. This type of tamper proofing defense may take the form of runtime integrity checks such as cyclic redundancy checksums,[4] anti-debugging measures, encryption or obfuscation.[5] Execution inside a virtual machine has become a common anti-tamper method used in recent years for commercial software; it is used for example in StarForce and SecuROM.[6] Some anti-tamper software uses white-box cryptography, so cryptographic keys are not revealed even when cryptographic computations are being observed in complete detail in a debugger.[7] A more recent research trend is tamper-tolerant software, which aims to correct the effects of tampering and allow the program to continue as if unmodified.[2] A simple (and easily defeated) scheme of this kind was used in the Diablo II video game, which stored its critical player data in two copies at different memory locations and if one was modified externally, the game used the lower value.[8]

Anti-tamper software is used in many types of software products including: embedded systems, financial applications, software for mobile devices, network-appliance systems, anti-cheating in games, military,[9] license management software, and digital rights management (DRM) systems. Some general-purpose packages have been developed which can wrap existing code with minimal programing effort; for example the SecuROM and similar kits used in the gaming industry, though they have the downside that semi-generic attacking tools also exist to counter them.[10] Malicious software itself can and has been observed using anti-tampering techniques, for example the Mariposa botnet.[11]

See also

References

  1. ^ Arnold, Michael; Schmucker, Martin; Wolthusen, Stephen D. (1 January 2003). Techniques and Applications of Digital Watermarking and Content Protection. Artech House. p. 229. ISBN 978-1-58053-664-6.
  2. ^ a b Jakubowski, M. H.; Saw, C. W. (N.); Venkatesan, R. (2009). "Tamper-Tolerant Software: Modeling and Implementation". Advances in Information and Computer Security (PDF). Lecture Notes in Computer Science. Vol. 5824. pp. 125–139. doi:10.1007/978-3-642-04846-3_9. ISBN 978-3-642-04845-6.
  3. ^ Cappaert, J.; Preneel, B. (2010). "A general model for hiding control flow". Proceedings of the tenth annual ACM workshop on Digital rights management - DRM '10 (PDF). p. 35. doi:10.1145/1866870.1866877. ISBN 9781450300919.
  4. ^ "Keeping the Pirates at Bay". Gamasutra. Retrieved 2013-12-24.
  5. ^ Chaboya, David (20 June 2007). State of the Practice of Software Anti-Tamper (PDF) (Technical report). Anti-Tamper and Software Protection Initiative Technology Office, Air Force Research Laboratory. Archived from the original (PDF) on 27 December 2013. Retrieved 24 December 2013.
  6. ^ Guillot, Y.; Gazet, A. (2009). "Semi-automatic binary protection tampering" (PDF). Journal in Computer Virology. 5 (2): 119–149. doi:10.1007/s11416-009-0118-4.
  7. ^ Oorschot, P. C. (2003). "Revisiting Software Protection". Information Security (PDF). Lecture Notes in Computer Science. Vol. 2851. pp. 1–13. doi:10.1007/10958513_1. ISBN 978-3-540-20176-2.
  8. ^ Davis, Steven B. (2008). Protecting Games. Cengage Learning. p. 135. ISBN 1-58450-687-3.
  9. ^ Keller, John. "Anti-tamper technologies seek to keep critical military systems data in the right hands - Military & Aerospace Electronics". Militaryaerospace.com. Retrieved 2013-12-24.
  10. ^ Honig, Andrew (2012). Practical Malware Analysis. No Starch Press. p. 400. ISBN 978-1-59327-430-6.
  11. ^ Sinha, P.; Boukhtouta, A.; Belarde, V. H.; Debbabi, M. (2010). "Insights from the analysis of the Mariposa botnet". 2010 Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS) (PDF). p. 1. doi:10.1109/CRISIS.2010.5764915. ISBN 978-1-4244-8641-0. Archived from the original (PDF) on 2012-09-16. Retrieved 2015-09-04.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Anti-tamper_software&oldid=1113360695"