The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2011 vol.28)
pp: 28-34
Mariano Ceccato , Fondazione Bruno Kessler
Paolo Tonella , Fondazione Bruno Kessler
ABSTRACT
In a typical client-server scenario, a server provides valuable services to client applications that run remotely on untrusted client computers. Typical examples are video on demand, online games, voice-over-IP communications, and many others. However, client-side users often hold administrative privileges on their machines and could tamper with the client application to fulfill the service in violation of the service usage conditions or service agreements. Guaranteeing client-code security is one of the most difficult security problem to address. It's an instance of the malicious host problem, where an adversary in control of the client's host environment tries to tamper with the client code. The authors present CodeBender, a tool that implements a novel client replacement strategy to counter the malicious host problem. The client code has limited validity and, when it expires, the server provides a new client that replaces the former one. The reverse-engineering efforts of adversaries are deterred by the complexity of analyzing frequently changing, always different (orthogonal) program code.
INDEX TERMS
hardware/software protection, development tools, software/software engineering, program transformation, security and protection
CITATION
Mariano Ceccato, Paolo Tonella, "CodeBender: Remote Software Protection Using Orthogonal Replacement", IEEE Software, vol.28, no. 2, pp. 28-34, March/April 2011, doi:10.1109/MS.2010.158
REFERENCES
1. M. Ceccato et al., "The Effectiveness of Source Code Obfuscation: An Experimental Assessment," Proc. IEEE 17th Int'l Conf. Program Comprehension (ICPC 09), IEEE CS Press, 2009, pp. 178–187.
2. M. Ceccato et al., "Barrier Slicing for Remote Software Trusting," Proc. 7th IEEE Int'l Working Conf. Source Code Analysis and Manipulation (SCAM 07), IEEE CS Press, 2007, pp. 27–36.
3. T. Kamiya, S. Kusumoto, and K. Inoue, "CCFinder: A Multilinguistic Token-Based Code Clone Detection System for Large Scale Source Code," IEEE Trans. Software Eng., vol. 28, no. 7, 2002, pp. 654–670.
4. M. Ceccato et al., "Remote Software Protection by Orthogonal Client Replacement," Proc. 24th ACM Symp. Applied Computing (SAC 09), ACM Press, 2009, pp. 448–455.
24 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool