In a typical client-server scenario, a server provides valuable services to client applications that run remotely on untrusted client computers. Typical examples are video on demand, online games, voice-over-IP communications, and many others. However, client-side users often hold administrative privileges on their machines and could tamper with the client application to fulfill the service in violation of the service usage conditions or service agreements. Guaranteeing client-code security is one of the most difficult security problem to address. It's an instance of the malicious host problem, where an adversary in control of the client's host environment tries to tamper with the client code. The authors present CodeBender, a tool that implements a novel client replacement strategy to counter the malicious host problem. The client code has limited validity and, when it expires, the server provides a new client that replaces the former one. The reverse-engineering efforts of adversaries are deterred by the complexity of analyzing frequently changing, always different (orthogonal) program code.

Codebender: Remote software protection using orthogonal replacement

Ceccato, Mariano;Tonella, Paolo
2011-01-01

Abstract

In a typical client-server scenario, a server provides valuable services to client applications that run remotely on untrusted client computers. Typical examples are video on demand, online games, voice-over-IP communications, and many others. However, client-side users often hold administrative privileges on their machines and could tamper with the client application to fulfill the service in violation of the service usage conditions or service agreements. Guaranteeing client-code security is one of the most difficult security problem to address. It's an instance of the malicious host problem, where an adversary in control of the client's host environment tries to tamper with the client code. The authors present CodeBender, a tool that implements a novel client replacement strategy to counter the malicious host problem. The client code has limited validity and, when it expires, the server provides a new client that replaces the former one. The reverse-engineering efforts of adversaries are deterred by the complexity of analyzing frequently changing, always different (orthogonal) program code.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11582/25369
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
social impact