The Community for Technology Leaders
RSS Icon
Issue No.02 - March/April (2011 vol.8)
pp: 194-206
Dennis Heimbigner , University of Colorado, Boulder
An important and recurring security scenario involves the need to carry out trusted computations in the context of untrusted environments. It is shown how a tamper-resistant interpreter for a programming language—currently Lisp 1.5—combined with the use of a secure coprocessor can address this problem. This solution executes the interpreter on the secure coprocessor while the code and data of the program reside in the larger memory of an associated untrusted host. This allows the coprocessor to utilize the host's memory without fear of tampering even by a hostile host. This approach has several advantages including ease of use, and the ability to provide tamper-resistance for any program that can be constructed using the language. The language approach enabled the development of two novel mechanisms for implementing tamper resistance. These mechanisms provide alternatives to pure Merkle hash trees. Simulated relative performance of the various mechanisms is provided and shows the relative merits of each mechanism.
Interpreters, memory management, garbage collection, infrastructure protection.
Dennis Heimbigner, "A Tamper-Resistant Programming Language System", IEEE Transactions on Dependable and Secure Computing, vol.8, no. 2, pp. 194-206, March/April 2011, doi:10.1109/TDSC.2010.51
[1] N.M. Amato and M.C. Loui, "Checking Linked Data Structures," Proc. 24th Ann. Int'l Symp. Fault-Tolerant Computing (FTCS), 1994.
[2] AMD Corp., "AMD Platform for Trustworthy Computing," Proc. Windows Hardware Eng. Conf. (WinHec), com/winhecpapers03.mspx , May 2003.
[3] B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. Vadhan, and K. Yang, "On the (Im)possibility of Obfuscating Programs," Proc. 21st Ann. Int'l Cryptology Conf. Advances in Cryptology (CRYPTO '01), Aug. 2001.
[4] M. Bishop, Computer Security: Art and Science. Addison-Wesley, 2002.
[5] M. Blum, W. Evans, P. Gemmell, S. Kannan, and M. Noar, "Checking the Correctness of Memories," Algorithmica, vol. 12, nos. 2/3, pp. 225-244, 1994.
[6] D. Chan, Trusted Computing Platform Main Specification Version 1.1b, tcg_, Feb. 2002.
[7] C. Collberg and C. Thomborson, "Watermarking, Tamper-Proofing, and Obfuscation—Tools for Software Protection," IEEE Trans. Software Eng., vol. 28, no. 8, pp. 735-746, educollberg02watermarking.html , Aug. 2002.
[8] C. Collberg, C. Thomborson, and D. Low, "Breaking Abstractions and Unstructuring Data Structures," Int'l Conf. Computer Languages, pp. 28-38, html , 1998.
[9] C. Collberg, C. Thomborson, and D. Low, "A Taxonomy of Obfuscating Transformations," Technical Report 148, Dept. of Computer Science, Univ. of Auckland, July 1997.
[10] P. Denning, "The Working Set Model for Program Behavior," Comm. ACM, vol. 11, no. 5, pp. 323-333, May 1968.
[11] P. Devanbu and S. Stubblebine, "Stack and Queue Integrity on Hostile Platforms," IEEE Trans. Software Eng., vol. 28, no. 1, pp. 100-108, Jan. 2002.
[12] DOD, "Policy Guidance for Use of Mobile Code Technologies in Department of Defense (DoD) Information Systems," Assistant Secretary of Defense Memorandum, , Nov. 2000.
[13] A.L.M. dos Santos and R. Kemmerer, "Implementing Security Policies Using the Safe Areas of Computation Approach," Proc. 16th Ann. Computer Security Applications Conf., pp. 90-99, Dec, 2000.
[14] A.L.M. dos Santos and R. Kemmerer, "Safe Areas of Computation for Secure Computing with Insecure Applications," Proc. 15th Ann. Computer Security Applications Conf., pp. 35-44, Dec. 1999.
[15] A. Fuggetta, G.P. Picco, and G. Vigna, "Understanding Code Mobility," IEEE Trans. Software Eng., vol. 24, no. 5, pp. 342-361, , May 1998.
[16] S. Funfrocken, "Protecting Mobile Web-Commerce Agents with S," Proc. Third Int'l Symp. Mobile Agents, pp. 90-102, Oct. 1999.
[17] B. Gassend, D. Clarke, M. van Dijk, S. Devadas, and E. Suh, "Caches and Merkle Trees for Efficient Memory Authentication," Proc. Ninth High Performance Computer Architecture Symp. (HPCA '03), Feb. 2003.
[18] D. Heimbigner, "A Tamper-Detecting Implementation of Lisp," Proc. Int'l Conf. Security and Management, http://www.cs. publicationsheimbigner-sam03-published.pdf , June 2003.
[19] IBM Cryptographic Products, IBM PCI Cryptographic Processor General Information Manual, sixth ed., http://www htmllibrary.shtml, May 2002.
[20] M. Kuhn, "The TrustNo 1 Cryptoprocessor Concept," Technical Report CS555, Purdue Univ.,, Apr. 1997.
[21] B.W. Lampson, "A Note on the Confinement Problem," Comm. ACM, vol. 16, no. 10, pp. 613-615, Oct. 1973.
[22] D. Lie, C.A. Thekkath, and M. Horowitz, "Separating Protection and Resource Management in Operating Systems," Stanford Univ. VLSI Research Group report, lie02separating.html .
[23] M. Madou, B. Anckaert, B. De Sutter, and K. De Bosschere, "Hybrid Static-Dynamic Attacks against Software Protection Mechanisms," Proc. Fifth ACM Workshop Digital Rights Management, pp. 75-82, Nov. 2005.
[24] J. McCarthy, P. Abrahams, D. Edwards, T. Hart, and M. Levin, Lisp 1.5 Programmer's Manual, second ed., MIT Press, 1985.
[25] R.C. Merkle, "A Certified Digital Signature," Proc. Advances in Cryptology (Crypto '89), 1989.
[26] NIST Information Technology Laboratory, "Secure Hash Standard (SHS)," Fed. Information Processing Standards Publication, pp. 180-3, June 2007.
[27] C. Queinnec, "Lisp—Almost a Whole Truth," Research Report LIX/RR/89/03, École Polytechnique, pp. 79-106, Dec. 1989.
[28] B. Rosen, "Data Flow Analysis for Procedural Languages," J. ACM, vol. 26, no. 2, pp. 322-344, Apr. 1979.
[29] T. Sander and C.F. Tschudin, "Protecting Mobile Agents against Malicious Hosts," Lecture Notes in Computer Science, Springer, , 1998.
[30] H. Schorr and W. Waite, "An Efficient Machine-Independent Procedure for Garbage Collection in Various List Structures," Comm. ACM, vol. 10, no. 8, pp. 501-506, Aug. 1967.
[31] S. Smith, "Secure Coprocessing Applications and Research Issues," Los Alamos Unclassified Release LAUR -96-2805, Los Alamos Nat'l Laboratory, Aug. 1996.
[32] Sun Micro-Systems, Inc., "Java Card 3.0 Platform Specification," specs.jsp, Mar. 2008.
[33] G. Sussman and H. Abelson, Structure and Interpretation of Computer Programs, second ed., MIT Press, 1996.
[34] TC39 committee, ECMA-262 ed. 3: ECMAScript Language Specification, ECMA Standards Organization, Jan. 2000.
[35] C.A. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz, "Architectural Support for Copy and Tamper Resistant Software," Proc. Ninth Int'l conf. Architectural Support for Programming Languages and Operating Systems (ASPLOS IX), Nov. 2000.
[36] J.D. Tygar and B. Yee, "Strongbox: A System for Self Securing Programs," CMU Computer Science: 25th Anniversary Commemorative, Addison-Wesley, 1991.
[37] G. Vasse, "IBM Extends Enhanced Data Security to Consumer Electronics Products," IBM News Release, , Apr. 2004.
[38] C. Wang, J. Davidson, J. Hill, and J. Knight, "Protection of Software-Based Survivability Mechanisms," Proc. Dependable Systems and Networks (DSN '01), July.
[39] B. Yee and D. Tygar, "Secure Coprocessors in Electronic Commerce Applications," Proc. First USENIX Workshop Electronic Commerce, July 1995.
[40] B.S. Yee, "A Sanctuary for Mobile Agents," Proc. Foundations for Secure Mobile Code Workshop, pp. 21-27, Mar. 1997.
[41] B. Yee, "Using Secure Co-Processors," PhD thesis, Technical Report CMU-CS-94-149, School of Computer Science, Carnegie Mellon Univ., 1994.
[42] X. Zhang, L. van Doorn, T. Jaeger, R. Perez, and R. Sailer, "Secure Coprocessor-Based Intrusion Detection," Proc. ACM SIGOPS European Workshop, pp. 239-242, 2002.
24 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool