Skip to main content
Springer Nature Link
Log in

Revisiting Software Protection

  • Conference paper
Information Security (ISC 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2851))

Included in the following conference series:

Abstract

We provide a selective survey on software protection, including approaches to software tamper resistance, obfuscation, software diversity, and white-box cryptography. We review the early literature in the area plus recent activities related to trusted platforms, and discuss challenges and future directions.

Version: 15 July 2003.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
€34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 42.79
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 53.49
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

') var buybox = document.querySelector("[data-id=id_"+ timestamp +"]").parentNode var buyingOptions = buybox.querySelectorAll(".buying-option") ;[].slice.call(buyingOptions).forEach(initCollapsibles) var buyboxMaxSingleColumnWidth = 480 function initCollapsibles(subscription, index) { var toggle = subscription.querySelector(".buying-option-price") subscription.classList.remove("expanded") var form = subscription.querySelector(".buying-option-form") var priceInfo = subscription.querySelector(".price-info") var buyingOption = toggle.parentElement if (toggle && form && priceInfo) { toggle.setAttribute("role", "button") toggle.setAttribute("tabindex", "0") toggle.addEventListener("click", function (event) { var expandedBuyingOptions = buybox.querySelectorAll(".buying-option.expanded") var buyboxWidth = buybox.offsetWidth ;[].slice.call(expandedBuyingOptions).forEach(function(option) { if (buyboxWidth buyboxMaxSingleColumnWidth) { toggle.click() } else { if (index === 0) { toggle.click() } else { toggle.setAttribute("aria-expanded", "false") form.hidden = "hidden" priceInfo.hidden = "hidden" } } }) } initialStateOpen() if (window.buyboxInitialised) return window.buyboxInitialised = true initKeyControls() })()

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic Security for Mobile Code. In: Proc. 2001 IEEE Symposium on Security and Privacy, pp. 2–11 (May 2001)

    Google Scholar 

  2. Anderson, R.: Trusted Computing FAQ – TCPA/Palladium/NGSCB/TCG, http://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

  3. Anderson, R.J., Kuhn, M.G.: Low Cost Attacks on Tamper-Resistant Devices. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  4. Arbaugh, W.A., Farber, D.J., Smith, J.M.: A Secure and Reliable Bootstrap Architecture. In: Proc. 1997 IEEE Symp. Security and Privacy, pp. 65–71 (May 1997)

    Google Scholar 

  5. Arbaugh, W.A., Farber, D.J., Keromytis, A.D., Smith, J.M.: Secure and Reliable Bootstrap Architecture, U.S. Patent 6,185,678 (filed October 2 1998; issued February 6 2001)

    Google Scholar 

  6. Aucsmith, D.: Tamper Resistant Software: An Implementation. In: Anderson, R. (ed.) IH 1996. LNCS, vol. 1174, pp. 317–333. Springer, Heidelberg (1997)

    Google Scholar 

  7. Aucsmith, D., Graunke, G.: Tamper Resistant Methods and Apparatus, U.S. Patent 5,892,899 (filed June 13 1996; issued April 6 1999)

    Google Scholar 

  8. Balacheff, B., Chen, L., Pearson, S., Plaquin, D., Proudler, G. (eds.): Trusted Computing Platforms: TCPA Technology in Context. Prentice Hall, Englewood Cliffs (2002)

    Google Scholar 

  9. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997); Revised: Technion - C.S. Dept. - Technical Report CS0910-revised (1997)

    Google Scholar 

  11. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Eliminating Errors in Cryptographic Computations. J. Cryptology 14(2), 101–119 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  12. Chang, H., Atallah, M.: Protecting Software Code by Guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.: Oblivious Hashing: A Stealthy Software Integrity Verification Primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  14. Chess, D.M.: Security Issues in Mobile Code Systems. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 1–14. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  15. Chow, S., Gu, Y., Johnson, H., Zakharov, V.A.: An Approach to the Obfuscation of Control-Flow of Sequential Computer Programs. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 144–155. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  16. Nickerson, J.R., Chow, S.T., Johnson, H.J., Gu, Y.: The Encoder Solution to Implementing Tamper Resistant Software. Presented at the CERT/IEEE Information Survivability Workshop, Vancouver (October 2001)

    Google Scholar 

  17. Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: White-Box Cryptography and an AES Implementation. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 250–270. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  18. Chow, S., Eisen, P., Johnson, H., van Oorschot, P.C.: A White-Box DES Implementation for DRM Applications. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 1–15. Springer, Heidelberg (2003) (to appear)

    Chapter  Google Scholar 

  19. Cohen, F.: Operating System Protection Through Program Evolution. Computers and Security 12(6), 565–584 (1993)

    Article  Google Scholar 

  20. Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations., Technical Report 148, Dept. Computer Science, University of Auckland (July 1997)

    Google Scholar 

  21. Collberg, C., Thomborson, C., Low, D.: Manufacturing Cheap, Resilient, and Stealthy Opaque Constructs. In: Proc. Symp. Principles of Programming Languages (POPL 1998) (January 1998)

    Google Scholar 

  22. Collberg, C., Thomborson, C., Low, D.: Breaking Abstractions and Unstructuring Data Structures. In: IEEE International Conf. Computer Languages (ICCL 1998) (May 1998)

    Google Scholar 

  23. Collberg, C.S., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection. IEEE Trans. Software Engineering 28(6) (June 2002)

    Google Scholar 

  24. Daemen, J., Rijmen, V.: The Design of Rijndael: aes – The Advanced Encryption Standard. Springer, Heidelberg (2001)

    Google Scholar 

  25. ComputerWeekly.com, U.S. Software Security Takes Off, November 8 (2002), http://www.computerweekly.com/Article117316.htm

  26. England, P., DeTreville, J.D., Lampson, B.W.: Digital Rights Management Operating System, U.S. Patent 6,330,670 (filed January 8 1999; issued December 11 2001)

    Google Scholar 

  27. England, P., DeTreville, J.D., Lampson, B.W.: Loading and Identifying a Digital Rights Management Operating System, U.S. Patent 6,327,652 (filed January 8 1999; issued December 4 2001)

    Google Scholar 

  28. Forrest, S., Somayaji, A., Ackley, D.H.: Building Diverse Computer Systems. In: Proc. 6th Workshop on Hot Topics in Operating Systems, pp. 67–72. IEEE Computer Society Press, Los Alamitos (1997)

    Chapter  Google Scholar 

  29. Garey, M.R., Johnson, D.S.: Computers and Intractability - A Guide to the Theory of NP-Completeness. W.H. Freeman and Company, New York (1979)

    MATH  Google Scholar 

  30. Goldreich, O., Ostrovsky, R.: Software Protection and Simulation on Oblivious RAMs. Journal of the ACM 43(3), 431–473 (1996); Based on earlier ideas of Goldreich (STOC 1987) and Ostrovsky (STOC 1990)

    Article  MATH  MathSciNet  Google Scholar 

  31. Gosler, J.: Software Protection: Myth or Reality? In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 140–157. Springer, Heidelberg (1985)

    Google Scholar 

  32. Gutmann, P.: An Open-source Cryptographic Co-processor. In: Proc, USENIX Security Symposium (2000)

    Google Scholar 

  33. Herzberg, A., Pinter, S.S.: Public protection of software. ACM Trans. Computer Systems 5(4), 371–393 (1987); Earlier version in Crypto 1985

    Article  Google Scholar 

  34. Horne, B., Matheson, L., Sheehan, C., Tarjan, R.: Dynamic Self-Checking Techniques for Improved Tamper Resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 141–159. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  35. Jacob, M., Boneh, D., Felton, E.: Attacking an Obfuscated Cipher by Injecting Faults. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 16–31. Springer, Heidelberg (2003) (to appear)

    Chapter  Google Scholar 

  36. Jakobsson, M., Reiter, M.K.: Discouraging Software Piracy Using Software Aging. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 1–12. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  37. Kent, S.: Protecting Externally Supplied Software in Small Computers, Ph.D. thesis, M.I.T. (September 1980)

    Google Scholar 

  38. Kerckhoffs, A.: La Cryptographie Militaire. Journal des Sciences Militaires 9 (February 1883)

    Google Scholar 

  39. Lie, D., Thekkath, C., Mitchell, M., Lincoln, P., Boneh, D., Mitchell, J., Horowitz, M.: Architectural Support for Copy and Tamper Resistant Software. In: Proc. 9th International Conf. Architectural Support for Programming Languages and Operating Systems (November 2000)

    Google Scholar 

  40. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)

    Book  Google Scholar 

  41. Next-Generation Secure Computing Base (formerly Palladium), Microsoft web site, http://www.microsoft.com/resources/ngscb/default.mspx

  42. Next-Generation Secure Computing Base - Technical FAQ, Microsoft web site, http://www.microsoft.com/technet/security/news/NGSCB.asp

  43. Ogiso, T., Sakabe, U., Soshi, M., Miyaji, A.: Software Tamper Resistance Based on the Difficulty of Interprocedural Analysis. In: 3rd Workshop on Information Security Applications (WISA 2002), Korea (August 2002)

    Google Scholar 

  44. Petitcolas, F., Anderson, R.J., Kuhn, M.G.: Information Hiding – A Survey. Proc. of the IEEE (Special Issue on Protection of Multimedia Content) 87(7), 1062–1078 (1999)

    Google Scholar 

  45. Sander, T., Tschudin, C.F.: Towards Mobile Cryptography. In: Proc. 1998 IEEE Symposium on Security and Privacy, pp. 215–224 (1998)

    Google Scholar 

  46. Sander, T., Tschudin, C.F.: Protecting Mobile Agents Against Malicious Hosts. In: Vigna, G. (ed.) Mobile Agents and Security. LNCS, vol. 1419, pp. 44–60. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  47. Schneider, F. (ed.): Trust in Cyberspace, report of the Committee on Information Systems Trustworthiness, Computer Science and Telecommunications Board (U.S.) National Research Council. National Academy Press (1999)

    Google Scholar 

  48. Trusted Computing Group, http://www.trustedcomputinggroup.org/home

  49. van Someren, N., Shamir, A.: Playing Hide and Seek with Keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 118–124. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  50. Wang, J.: Average-Case Computational Complexity Theory. In: Hemaspaandra, L., Selman, A. (eds.) Complexity Theory Retrospective II, pp. 295–328. Springer, Heidelberg (1997)

    Google Scholar 

  51. Wang, C., Hill, J., Knight, J., Davidson, J.: Software Tamper Resistance: Obstructing Static Analysis of Programs., Dept. of Computer Science, Univ. of Virginia, Tech. Report CS-2000-12, Updated in [52] (May 2000)

    Google Scholar 

  52. Wang, C.: A Security Architecture for Survivability Mechanisms, Ph.D. thesis, University of Virginia (October 2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Digital Security Group, School of Computer Science, Carleton University, Canada

    Paul C. van Oorschot

Authors
  1. Paul C. van Oorschot
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Institute, Queensland University of Technology, GPO Box 2434, Qld 4001, Brisbane, Australia

    Colin Boyd

  2. Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, BS34 8QZ, Bristol, UK

    Wenbo Mao

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

van Oorschot, P.C. (2003). Revisiting Software Protection. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_1

Download citation

  • DOI: https://doi.org/10.1007/10958513_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20176-2

  • Online ISBN: 978-3-540-39981-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics