Lecture 12: Software protection techniques. Software piracy protection Protection against reverse engineering of software

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Lecture 12: Software protection techniques. Software piracy protection Protection against reverse engineering of software"

Transcription

1 Lecture topics Software piracy protection Protection against reverse engineering of software Software piracy Report by Business Software Alliance for 2001: Global economic impact of software piracy was $11bln About 40% of commercial software in use is pirated Study included 85 countries Top offenders (percent of pirated software): Vietnam 94% China 92% Indonesia 88% Ukraine 87% Russia 87% Based on tracking 26 popular business applications

2 What can software companies do to prevent software piracy Ultimately, not a whole lot, for mainstream software A determined attacker can deal with (reverse engineer) binary code Bypass protection mechanisms Protection mechanisms that can be used: License keys License files CDs, floppies Special-purpose dongles Code encryption Application server model License keys Typical use: Encrypt a unique string to obtain a key Require a user to enter the key (e.g. during installation) When a key is entered, decrypt and compare to the original string Key minting if the encryption key is stored somewhere in the code Use of digital signatures can help somewhat Reverse engineering --- an attacker finds the code that checks for the key and removes it

3 License files Use similar to license keys, but license files contain more information Usually something specific to the user Can be used for giving temporary licenses The file will store expiration dates Can be used for enabling only certain features in the software The file will identify these features The software may check with the license file every time a particular functionality is requested Digitally signed license files are typical The public key is embedded in software code Changing the system clock to extend temporary licenses Reinstalling the system when the license expires Reverse engineering License servers Used in networking environments to service multiple installations of the software E.g., a floating license may limit the number of concurrent users to 10; when a user starts the software, it obtains a run token from the server; when the user exits the software, the token is returned FlexLM is a popular commercial license server Usability (organization as a whole) Reverse engineering

4 Challenge-based license schemes The software issues challenges to the user The user has to respond correctly E.g. with information available in the documentation Usability Users can share challenge secrets Reverse engineering CDs and floppies Part of code of the system can be placed on a removable disk Can only run if the disk is present Popular for games What about CD-burning? Macrovision SafeDisk: store a key on a CD in a way that a typical CD writer won t duplicate this key Again, reverse engineering

5 Special-purpose dongles A dongle is a hardware device that connects to a computer port and carries some information Can be used to store code or keys used by the software Expensive User-unfriendly Reverse engineering Code encryption Software code is stored on the disk encrypted Decrypted right before the code has to run Encrypted again after the code finishes running Computationally expensive The problem of key distribution and storage At some point, code is in unencrypted form; an attacker can intercept it at this point Possible solutions: Execute-only memory (XOM): contains code that is executed but cannot be viewed Dedicated cryptographic hardware Trusted Computing Platform Alliance The goal is definition of specifications for a hardware-assisted, OS based, trusted subsystem that will become an integral part of personal computing platforms Relies on public key cryptography and infrastructure Secure storage, trusted paths within the system, security co-processor Far from clear that this will succeed

6 Application server model Do not give software code to end users; run this code from a trusted server Performance Scalability Cost Software aging A radical approach Relies on periodic updates of the software Each update is done in a way that makes older versions little usable E.g. using incompatible file formats A software pirate will be forced to provide his/her customers with frequent updates Easier to catch Cryptographic techniques can be used to ensure that older versions cannot use data from newer versions Inconvenience of frequent updates Can be automated to a large degree Sharing of data becomes dependent on everyone having an up-to-date version Is not applicable to all domains May work well with Microsoft Word, but not single-user games

7 So, protecting against piracy is difficult, because of reverse engineering Reverse engineering is the process of understanding the purpose and function of a software program from its code Illegal reverse engineering is harmful Intellectual property theft Illegal alteration of software functionality Theft of security sensitive information embedded in the program code Modern high-level languages make reverse engineering easy Scripting languages often do not have compiled form Java bytecodes are high-level A number of automated reverse engineering tools are widely available For Java: Mocha, Jad, Soot Tamper-proofing Techniques for software tamper-proofing generally check if (a part of) the software has been modified and if yes, don t run it The basic techniques include computing checksums and checking timestamps Problem: reverse-engineering attacks! Guards (Chang and Atallah) Each guard is code that performs a small check A large number of guards is created for a program The guards are inter-related Cover overlapping portions of code Cover other guards If some guards are removed, other guards will likely detect that A tool based on this technique is marketed by Arxan

8 Tamper-proofing (cont.) Checking intermediate program results E.g., it is known that variable j has to be positive at a specific point in the program Insert a check that fails the program if the value of j is negative or zero Related to the technique of assertions in software quality The reason for an unexpected value can be bug, not tampering The program is not able to fail gracefully Performance hit if the number of checks is large Difficult to automate There is no guarantee that, after tampering, the program will always produce an invalid intermediate result Also, tampering may be detected when it s too late Software obfuscation A necessary component of reverse engineering is understanding how the code works By making code difficult to understand, reverse engineering may be made uneconomical Obfuscation techniques obscure program code Program functionality has to remain unchanged Obfuscations should: Make code more difficult to understand by manual inspection Be impossible or hard to reverse using automated tools Be stealthy --- look similar to surrounding code Have low overheads --- not to slow down the program overmuch or take much more memory to run Obfuscations are also important for protecting other software protection mechanisms

9 Existing obfuscation techniques Layout obfuscating transformations Comments are removed Line delimiters are removed Identifiers are scrambled Data obfuscating transformations Splitting and merging variables and arrays Re-ordering elements in arrays Converting static data into functions Control obfuscating transformations Inlining methods Outlining statements Unrolling loops Reordering expressions and statements Inserting irrelevant code All existing techniques are low-level, ignore design issues Idea In object-oriented programming, design is represented largely by decomposition into classes Scramble this decomposition! Design obfuscations --- Sosonkin, Naumovich, Memon Class1 Class2 Class123 Class41 Class3 Class4 Class51 Class5 Class6

10 OO design obfuscations Class coalescing Several classes in the original program are replaced with one class Class splitting A single class in the original program is replaced with a number of new classes Interfacification A number of new light-weight types created to obscure places where a specific class is used Class coalescing Car -int id +int getid() PersonalCar + PersonalCar() +Person getowner() Truck -double capacity + Truck(double capacity) +double getcapacity() Bus -int capacity + Bus(int capacity) +int getcapacity() Truck truck = new Truck(3.5); truck.getcapacity() ObfuscatedCar car = new ObfuscatedCar(3.5, 14); car.getcapacity1() ObfuscatedCar -int id -double capacity1 -int capacity2 + ObfuscatedCar(double cap1, int cap2) +Person getowner() +double getcapacity1() +int getcapacity2()

11 Class splitting Truck -double capacity -int numbercylinders + Truck(double capacity) +double getcapacity() +int getnumbercylinders() +double getmaxweight() Truck truck = new Truck(3.5); truck.getcapacity() C1 -double capacity + C1(double capacity) +double getcapacity() C1 car = new C2(3.5); car.getcapacity1() C2 -int numbercylinders + C2(double capacity) +int getnumbercylinders() +double getmaxweight() Interfacification interface I1 interface I2 interface I3 +double getcapacity() +int getnumbercylinders() +double getmaxweight() Truck -double capacity -int numbercylinders + Truck(double capacity) +double getcapacity() +int getnumbercylinders() +double getmaxweight() Truck -double capacity -int numbercylinders + Truck(double capacity) +double getcapacity() +int getnumbercylinders() +double getmaxweight() Truck truck = new Truck(3.5); truck.getcapacity() I3 car = new Truck(3.5); ((I1)car).getCapacity1()

12 Experimental data: class coalescing Experimental data: class splitting

13 Experimental data: interfacification Software watermarking When everything else fails Watermarking is commonly used for proving authenticity of physical objects Also used in digital media and hardware to prove ownership Can be applied to software code It should be possible to show in the court of law who is the rightful owner of the software Software watermarks should be stealthy, encode enough data, and not increase resource requirements too much Should be resilient to different types of attacks: Removal Distortion Second watermark Fingerprinting is a related mechanism Like watermarking, but different data for different versions of the software

14 Types of software watermarks Static Stored in the program executable, object, or source code Static data watermarks E.g., store a copyright string as a static class field Static code watermarks Use redundancy --- when it s possible to do something in many different ways, do it in one specific way E.g. if two adjacent statements are independent, they can appear in arbitrary order; always put them in lexicographic order Dynamic Stored in the execution state of the program Easter Egg watermarks --- use some very unusual input to produce identification of ownership Data structure watermarks --- embed a message in the dynamic state of the program (e.g. using object references) Execution trace watermarks --- usually embedded as a statistical property E.g. some constraint on the use of registers, when the program executes on some unusual input Watermarking instruction group frequency Static code watermark Applied to assembly and machine code Select some commonly occurring groups of instructions, count the number of their occurrences in the code Add redundant code in such a way that the counts are distributed in a seemingly random but controlled fashion De-compilation is likely to defeat this technique

15 Single procedure watermarking Static code watermark for Java A method in one of the program classes is created for watermarking purposes The method contains standard Java bytecodes Does not do anything useful except encoding the watemark Dynamic data structure watermarking Encode a watermark using object references A number of different possible encodings The watermark is constructed for a special input The watermark is demonstrated using either A debugger A special-purpose tool that can examine the run-time state of the program An important part is identification of the start point in the data structure encoding the watermark Improvement: use existing program data structures and add extra fields to encode watermarks

Code Obfuscation. Mayur Kamat Nishant Kumar

Code Obfuscation. Mayur Kamat Nishant Kumar Code Obfuscation Mayur Kamat Nishant Kumar Agenda Malicious Host Problem Code Obfuscation Watermarking and Tamper Proofing Market solutions Traditional Network Security Problem Hostile Network Malicious

More information

Qiong Liu, Reihaneh Safavi Naini and Nicholas Paul Sheppard Australasian Information Security Workshop 2003. Presented by An In seok. 2010.12.

Qiong Liu, Reihaneh Safavi Naini and Nicholas Paul Sheppard Australasian Information Security Workshop 2003. Presented by An In seok. 2010.12. Digital Rights Management for Content Distribution Qiong Liu, Reihaneh Safavi Naini and Nicholas Paul Sheppard Australasian Information Security Workshop 2003 Presented by An In seok. 2010.12.1 Contents

More information

Software Piracy Overview of Anti-Tampering Technologies. Scott Baeder Sr. Architect Cadence Design Systems baeder@cadence.

Software Piracy Overview of Anti-Tampering Technologies. Scott Baeder Sr. Architect Cadence Design Systems baeder@cadence. Software Piracy Overview of Anti-Tampering Technologies Scott Baeder Sr. Architect Cadence Design Systems baeder@cadence.com 0 Agenda Quick Review of Piracy Binary Hacking Crackers Workflow First Impressions

More information

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES Saiprasad Dhumal * Prof. K.K. Joshi Prof Sowmiya Raksha VJTI, Mumbai. VJTI, Mumbai VJTI, Mumbai. Abstract piracy of digital content is a one of the

More information

International Journal of Advanced Research in Computer Science and Software Engineering

International Journal of Advanced Research in Computer Science and Software Engineering ($Billion Dollars) Volume 3, Issue 5, May 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com

More information

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES

SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES SECURE IMPLEMENTATIONS OF CONTENT PROTECTION (DRM) SCHEMES ON CONSUMER ELECTRONIC DEVICES Contents Introduction... 3 DRM Threat Model... 3 DRM Flow... 4 DRM Assets... 5 Threat Model... 5 Protection of

More information

Software Protection through Code Obfuscation

Software Protection through Code Obfuscation Software Protection through Code Obfuscation Dissertation submitted in partial fulfillment of the requirements for the degree of Master of Technology, Computer Engineering by Aniket Kulkarni Roll No: 121022016

More information

Surreptitious Software

Surreptitious Software Surreptitious Software Obfuscation, Watermarking, and Tamperproofing for Software Protection Christian Collberg Jasvir Nagra rw T Addison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco

More information

Software Reversing Engineering (a.k.a. Reversing) Spiros Mancoridis. What is Reverse Engineering? Software Reverse Engineering: Reversing

Software Reversing Engineering (a.k.a. Reversing) Spiros Mancoridis. What is Reverse Engineering? Software Reverse Engineering: Reversing Software Reversing Engineering (a.k.a. Reversing) Spiros Mancoridis What is Reverse Engineering? Reverse engineering (RE) is the process of etracting the knowledge or design blueprints from anything man

More information

HP ProtectTools Embedded Security Guide

HP ProtectTools Embedded Security Guide HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded

More information

Second year review WP2 overview SW-based Method. Trento - October 17th, 2008

Second year review WP2 overview SW-based Method. Trento - October 17th, 2008 Second year review WP2 overview SW-based Method Trento - October 17th, 2008 1 Goal To investigate software-only methodologies for remote entrusting implementation 2 Tasks D2.3 D2.4 M0 M3 M6 M9 M12 M15

More information

Digital Rights Management

Digital Rights Management 2009 Levente Buttyán - piracy and DRM - basic model and architecture of DRM systems -MS Windows DRM -why DRM is bad? - content fingerprinting and watermarking - software protection techniques Introduction

More information

Introduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code

Introduction. Application Security. Reasons For Reverse Engineering. This lecture. Java Byte Code Introduction Application Security Tom Chothia Computer Security, Lecture 16 Compiled code is really just data which can be edit and inspected. By examining low level code protections can be removed and

More information

SAS Data Set Encryption Options

SAS Data Set Encryption Options Technical Paper SAS Data Set Encryption Options SAS product interaction with encrypted data storage Table of Contents Introduction: What Is Encryption?... 1 Test Configuration... 1 Data... 1 Code... 2

More information

CSE/EE 461 Lecture 23

CSE/EE 461 Lecture 23 CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data

More information

IoT Security Platform

IoT Security Platform IoT Security Platform 2 Introduction Wars begin when the costs of attack are low, the benefits for a victor are high, and there is an inability to enforce law. The same is true in cyberwars. Today there

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

SkyRecon Cryptographic Module (SCM)

SkyRecon Cryptographic Module (SCM) SkyRecon Cryptographic Module (SCM) FIPS 140-2 Documentation: Security Policy Abstract This document specifies the security policy for the SkyRecon Cryptographic Module (SCM) as described in FIPS PUB 140-2.

More information

Software License Management using the Polymorphic Encryption Algorithm White Paper

Software License Management using the Polymorphic Encryption Algorithm White Paper pmc-ciphers.com Software License Management using the Polymorphic Encryption Algorithm White Paper Published: May 2007, first published in January 2003 PMC Software License Management 1 Software License

More information

How Drive Encryption Works

How Drive Encryption Works WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................

More information

A Taxonomy of Methods for Software Piracy Prevention

A Taxonomy of Methods for Software Piracy Prevention A Taxonomy of Methods for Software Piracy Prevention Gareth Cronin Department of Computer Science, University of Auckland, New Zealand gareth@cronin.co.nz Abstract The illegal copying of software - usually

More information

User. Role. Privilege. Environment. Checkpoint. System

User. Role. Privilege. Environment. Checkpoint. System 8. Security Features Motivation Viruses, spam, trojan horses have become increasingly common in PC environment In mobile environment, new kinds of opportunities offered for malicious software Potentially

More information

Hooks could have been left around for the imposter to regain control. A.Arpaci-Dusseau. Remove all files from disk and reinstall all software

Hooks could have been left around for the imposter to regain control. A.Arpaci-Dusseau. Remove all files from disk and reinstall all software UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 A. Arpaci-Dusseau Intro to Operating Systems Spring 2000 Security Solutions and Encryption Questions answered in these notes: How does

More information

FLOATING LICENSE MANAGEMENT

FLOATING LICENSE MANAGEMENT FLOATING LICENSE MANAGEMENT A REVIEW OF FLEXlm PREPARED BY: SALYS SULTAN June 30 th, 2006 Table of Contents ABSTRACT 3 1.0 INTRODUCTION 4 1.1 LICENSING POLICIES 5 NODE-LOCKING USER-BASED LICENSING 5 5

More information

All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect. Steven Arzt. 04.10.2015 Secure Software Engineering Group Steven Arzt 1

All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect. Steven Arzt. 04.10.2015 Secure Software Engineering Group Steven Arzt 1 All Your Code Belongs To Us Dismantling Android Secrets With CodeInspect Steven Arzt 04.10.2015 Secure Software Engineering Group Steven Arzt 1 04.10.2015 Secure Software Engineering Group Steven Arzt

More information

Chapter 3.2 C++, Java, and Scripting Languages. The major programming languages used in game development.

Chapter 3.2 C++, Java, and Scripting Languages. The major programming languages used in game development. Chapter 3.2 C++, Java, and Scripting Languages The major programming languages used in game development. C++ C used to be the most popular language for games Today, C++ is the language of choice for game

More information

The Case For Secure Email

The Case For Secure Email The Case For Secure Email By Erik Kangas, PhD, President, Lux Scientiae, Incorporated http://luxsci.com Contents Section 1: Introduction Section 2: How Email Works Section 3: Security Threats to Your Email

More information

What is Software Watermarking? Software Watermarking Through Register Allocation: Implementation, Analysis, and Attacks

What is Software Watermarking? Software Watermarking Through Register Allocation: Implementation, Analysis, and Attacks hat is Software atermarking? Software atermarking Through Register Allocation: Implementation, Analysis, and Attacks Ginger Myles Christian Collberg {mylesg,collberg}@cs.arizona.edu University of Arizona

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Authentication and Access Control Pavel Laskov Wilhelm Schickard Institute for Computer Science Resource access: a big picture 1. Identification Which object O requests

More information

AuthentiMax Software for GloMax -Multi+

AuthentiMax Software for GloMax -Multi+ TECHNICAL MANUAL AuthentiMax Software for GloMax -Multi+ Instruc ons for use of Product E8946. TM403 Revised 9/13 AuthentiMax Software for GloMax -Multi+ All technical literature is available on the Internet

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)

More information

MovieLabs Specification for Enhanced Content Protection Version 1.0

MovieLabs Specification for Enhanced Content Protection Version 1.0 MovieLabs Specification for Enhanced Content Protection Version 1.0 Introduction Digital content distribution technologies are evolving and advancing at a rapid pace. Content creators are using these technologies

More information

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014

Verfahren zur Absicherung von Apps. Dr. Ullrich Martini IHK, 4-12-2014 Verfahren zur Absicherung von Apps Dr. Ullrich Martini IHK, 4-12-2014 Agenda Introducing G&D Problem Statement Available Security Technologies Smartcard Embedded Secure Element Virtualization Trusted Execution

More information

LASTLINE WHITEPAPER. Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade

LASTLINE WHITEPAPER. Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade LASTLINE WHITEPAPER Why Anti-Virus Solutions Based on Static Signatures Are Easy to Evade Abstract Malicious code is an increasingly important problem that threatens the security of computer systems. The

More information

Secure Data Exchange Solution

Secure Data Exchange Solution Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates

More information

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers

Sandy. The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis. Garage4Hackers Sandy The Malicious Exploit Analysis. http://exploit-analysis.com/ Static Analysis and Dynamic exploit analysis About Me! I work as a Researcher for a Global Threat Research firm.! Spoke at the few security

More information

Digital Rights Management

Digital Rights Management Digital Rights Management Hubris, history, hacks. Yan Shoshitaishvili UCSB Seclab Overview Content Duplication Digital Rights Media - History Media-specific DRM MovieStealer Design Optimizations Countermeasures

More information

White Paper: Whole Disk Encryption

White Paper: Whole Disk Encryption How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................

More information

LICENSE4J FLOATING LICENSE SERVER USER GUIDE

LICENSE4J FLOATING LICENSE SERVER USER GUIDE LICENSE4J FLOATING LICENSE SERVER USER GUIDE VERSION 4.5.5 LICENSE4J www.license4j.com Table of Contents Getting Started... 2 Floating License Usage... 2 Installation... 4 Windows Installation... 4 Linux

More information

Lecture 9 - Message Authentication Codes

Lecture 9 - Message Authentication Codes Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,

More information

mguard Device Manager Release Notes Version 1.6.1

mguard Device Manager Release Notes Version 1.6.1 mguard Device Manager Release Notes Version 1.6.1 Innominate Security Technologies AG Rudower Chaussee 13 12489 Berlin Germany Phone: +49 30 921028 0 Fax: +49 30 921028 020 contact@innominate.com http://www.innominate.com/

More information

Agent Languages. Overview. Requirements. Java. Tcl/Tk. Telescript. Evaluation. Artificial Intelligence Intelligent Agents

Agent Languages. Overview. Requirements. Java. Tcl/Tk. Telescript. Evaluation. Artificial Intelligence Intelligent Agents Agent Languages Requirements Overview Java Tcl/Tk Telescript Evaluation Franz J. Kurfess, Cal Poly SLO 211 Requirements for agent Languages distributed programming large-scale (tens of thousands of computers)

More information

APPLETS AND NETWORK SECURITY: A MANAGEMENT OVERVIEW

APPLETS AND NETWORK SECURITY: A MANAGEMENT OVERVIEW 84-10-25 DATA SECURITY MANAGEMENT APPLETS AND NETWORK SECURITY: A MANAGEMENT OVERVIEW Al Berg INSIDE Applets and the Web, The Security Issue, Java: Secure Applets, Java: Holes and Bugs, Denial-of-Service

More information

Orixcloud Backup Client. Frequently Asked Questions

Orixcloud Backup Client. Frequently Asked Questions Frequently Asked Questions Version 1.2 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by other means. No rights

More information

Executable Integrity Verification

Executable Integrity Verification Executable Integrity Verification Abstract Background Determining if a given executable has been trojaned is a tedious task. It is beyond the capabilities of the average end user and even many network

More information

Outline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References

Outline. 1 Denitions. 2 Principles. 4 Implementation and Evaluation. 5 Debugging. 6 References Outline Computer Science 331 Introduction to Testing of Programs Mike Jacobson Department of Computer Science University of Calgary Lecture #3-4 1 Denitions 2 3 4 Implementation and Evaluation 5 Debugging

More information

TZWorks Windows Event Log Viewer (evtx_view) Users Guide

TZWorks Windows Event Log Viewer (evtx_view) Users Guide TZWorks Windows Event Log Viewer (evtx_view) Users Guide Abstract evtx_view is a standalone, GUI tool used to extract and parse Event Logs and display their internals. The tool allows one to export all

More information

Copy protection through software watermarking and obfuscation

Copy protection through software watermarking and obfuscation Copy protection through software watermarking and obfuscation GERGELY EBERHARDT, ZOLTÁN NAGY SEARCH-LAB Ltd., {gergely.eberhardt, zoltan.nagy}@search-lab.hu ERNÔ JEGES, ZOLTÁN HORNÁK BME, Department of

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

PUF Physical Unclonable Functions

PUF Physical Unclonable Functions Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication

More information

Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture *

Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture * Implementation of an Obfuscation Tool for C/C++ Source Code Protection on the XScale Architecture * Seongje Cho, Hyeyoung Chang, and Yookun Cho 1 Dept. of Computer Science & Engineering, Dankook University,

More information

Efficient database auditing

Efficient database auditing Topicus Fincare Efficient database auditing And entity reversion Dennis Windhouwer Supervised by: Pim van den Broek, Jasper Laagland and Johan te Winkel 9 April 2014 SUMMARY Topicus wants their current

More information

Chapter 13: Program Development and Programming Languages

Chapter 13: Program Development and Programming Languages Understanding Computers Today and Tomorrow 12 th Edition Chapter 13: Program Development and Programming Languages Learning Objectives Understand the differences between structured programming, object-oriented

More information

Running Secure Server Software on Insecure Hardware without a Parachute

Running Secure Server Software on Insecure Hardware without a Parachute Running Secure Server Software on Insecure Hardware without a Parachute SESSION ID: STU-M06B Nicholas Sullivan Systems Engineer CloudFlare @grittygrease What this talk is about! The web is changing consolidation

More information

Java Card. Smartcards. Demos. . p.1/30

Java Card. Smartcards. Demos. . p.1/30 . p.1/30 Java Card Smartcards Java Card Demos Smart Cards. p.2/30 . p.3/30 Smartcards Credit-card size piece of plastic with embedded chip, for storing & processing data Standard applications bank cards

More information

Software Licensing in Virtual Environments. Managing the Terms of Software Use in Virtualized Systems

Software Licensing in Virtual Environments. Managing the Terms of Software Use in Virtualized Systems Software Licensing in Virtual Environments Managing the Terms of Software Use in Virtualized Systems Introduction While virtualization has numerous IT infrastructure benefits, it can be a concern for software

More information

PGP Command Line Version 10.3 Release Notes

PGP Command Line Version 10.3 Release Notes PGP Command Line Version 10.3 Release Notes Page 1 of 6 PGP Command Line Version 10.3 Release Notes Thank you for using this Symantec Corporation product. These Release Notes contain important information

More information

Chapter 14 Analyzing Network Traffic. Ed Crowley

Chapter 14 Analyzing Network Traffic. Ed Crowley Chapter 14 Analyzing Network Traffic Ed Crowley 10 Topics Finding Network Based Evidence Network Analysis Tools Ethereal Reassembling Sessions Using Wireshark Network Monitoring Intro Once full content

More information

An Overview of the Secure Sockets Layer (SSL)

An Overview of the Secure Sockets Layer (SSL) Chapter 9: SSL and Certificate Services Page 1 of 9 Chapter 9: SSL and Certificate Services The most widespread concern with the Internet is not the limited amount of bandwidth or the occasional objectionable

More information

Software Security Techniques [Internal Report, COSIC]

Software Security Techniques [Internal Report, COSIC] Software Security Techniques [Internal Report, COSIC] Version 1.2 Jan Cappaert, Brecht Wyseur, and Bart Preneel KULeuven/ESAT/COSIC {jan.cappaert,brecht.wyseur,bart.preneel}@esat.kuleuven.ac.be October

More information

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications

ABSTRACT' INTRODUCTION' COMMON'SECURITY'MISTAKES'' Reverse Engineering ios Applications Reverse Engineering ios Applications Drew Branch, Independent Security Evaluators, Associate Security Analyst ABSTRACT' Mobile applications are a part of nearly everyone s life, and most use multiple mobile

More information

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

More information

OWASP Mobile Top Ten 2014 Meet the New Addition

OWASP Mobile Top Ten 2014 Meet the New Addition OWASP Mobile Top Ten 2014 Meet the New Addition Agenda OWASP Mobile Top Ten 2014 Lack of Binary Protections added Why is Binary Protection important? What Risks Need to be Mitigated? Where to Go For Further

More information

STEGANOGRAPHY: TEXT FILE HIDING IN IMAGE YAW CHOON KIT CA10022

STEGANOGRAPHY: TEXT FILE HIDING IN IMAGE YAW CHOON KIT CA10022 STEGANOGRAPHY: TEXT FILE HIDING IN IMAGE YAW CHOON KIT CA10022 FACULTY OF COMPUTER SYSTEM AND SOFTWARE ENGINEERING 2012/2013 1 ABSTRACT Steganography is the art or science in hiding. It is origin from

More information

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing

More information

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures Overview One of the most popular applications of InfoCenter Suite is to help FDA regulated companies comply with

More information

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:

More information

Document DRM: Replacing Encryption as the Standard for Document Protection

Document DRM: Replacing Encryption as the Standard for Document Protection Document DRM: Replacing Encryption as the Standard for Document Protection Keywords DRM, Encryption, PGP, IRM, Enterprise Rights Management Summary DRM Is presented as a superior replacement for encryption

More information

vcloud Director User's Guide

vcloud Director User's Guide vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on

More information

Obfuscation: know your enemy

Obfuscation: know your enemy Obfuscation: know your enemy Ninon EYROLLES neyrolles@quarkslab.com Serge GUELTON sguelton@quarkslab.com Prelude Prelude Plan 1 Introduction What is obfuscation? 2 Control flow obfuscation 3 Data flow

More information

RSA Authentication Manager 7.1 Basic Exercises

RSA Authentication Manager 7.1 Basic Exercises RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo

More information

Advanced Authentication

Advanced Authentication White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is

More information

Go to CGTech Help Library. Installing CGTech Products

Go to CGTech Help Library. Installing CGTech Products Go to CGTech Help Library Installing CGTech Products VERICUT Installation Introduction to Installing VERICUT Installing and configuring VERICUT is simple, typically requiring only a few minutes for most

More information

EMC DATA DOMAIN ENCRYPTION A Detailed Review

EMC DATA DOMAIN ENCRYPTION A Detailed Review White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to

More information

Outline. hardware components programming environments. installing Python executing Python code. decimal and binary notations running Sage

Outline. hardware components programming environments. installing Python executing Python code. decimal and binary notations running Sage Outline 1 Computer Architecture hardware components programming environments 2 Getting Started with Python installing Python executing Python code 3 Number Systems decimal and binary notations running

More information

Ciphire Mail. Abstract

Ciphire Mail. Abstract Ciphire Mail Technical Introduction Abstract Ciphire Mail is cryptographic software providing email encryption and digital signatures. The Ciphire Mail client resides on the user's computer between the

More information

Design of Software User Identity Module (SUIM) for Preventing Software Piracy

Design of Software User Identity Module (SUIM) for Preventing Software Piracy , July 2-4, 2014, London, U.K. Design of User Identity Module (SUIM) for Preventing Piracy Adu Michael K, Alese Boniface K, Adetunmbi Adebayo O. Abstract-This invention proposes a design for preventing

More information

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces

Decomposition into Parts. Software Engineering, Lecture 4. Data and Function Cohesion. Allocation of Functions and Data. Component Interfaces Software Engineering, Lecture 4 Decomposition into suitable parts Cross cutting concerns Design patterns I will also give an example scenario that you are supposed to analyse and make synthesis from The

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

Cover sheet. How do you create a backup of the OS systems during operation? SIMATIC PCS 7. FAQ November 2013. Service & Support. Answers for industry.

Cover sheet. How do you create a backup of the OS systems during operation? SIMATIC PCS 7. FAQ November 2013. Service & Support. Answers for industry. Cover sheet How do you create a backup of the OS systems during operation? SIMATIC PCS 7 FAQ November 2013 Service & Support Answers for industry. Question This entry originates from the Service & Support

More information

OWASP Cornucopia. Ecommerce Website Edition. The OWASP Foundation. OWASP London https://www.owasp.org. 3rd June 2013

OWASP Cornucopia. Ecommerce Website Edition. The OWASP Foundation. OWASP London https://www.owasp.org. 3rd June 2013 The OWASP Foundation OWASP London https://www.owasp.org 3rd June 2013 OWASP Cornucopia Ecommerce Website Edition OWASP Cornucopia - Ecommerce Website Edition helps developers identify security requirements

More information

Application Design and Development

Application Design and Development C H A P T E R9 Application Design and Development Practice Exercises 9.1 What is the main reason why servlets give better performance than programs that use the common gateway interface (CGI), even though

More information

Confinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:

Confinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues: Confinement Problem The confinement problem Isolating entities Virtual machines Sandboxes Covert channels Mitigation 1 Example Problem Server balances bank accounts for clients Server security issues:

More information

A FRAMEWORK FOR A MOBILE VIRTUAL TERMINAL

A FRAMEWORK FOR A MOBILE VIRTUAL TERMINAL ANNALS OF THE FACULTY OF ENGINEERING HUNEDOARA 2006, Tome IV, Fascicole 1, (ISSN 1584 2665) FACULTY OF ENGINEERING HUNEDOARA, 5, REVOLUTIEI, 331128, HUNEDOARA A FRAMEWORK FOR A MOBILE VIRTUAL TERMINAL

More information

Introduction to Application Security

Introduction to Application Security Last modification: 03-03-2014 / 01:38 PM GMT+01:00 White Paper Media Protection Multiscreen Introduction to Application Security March 2013 www.irdeto.com 2014 Irdeto, All Rights Reserved. 1 Table of Contents

More information

Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

More information

Enova X-Wall LX Frequently Asked Questions

Enova X-Wall LX Frequently Asked Questions Enova X-Wall LX Frequently Asked Questions Q: What is X-Wall LX? A: X-Wall LX is the third generation of Enova real-time hard drive cryptographic gateway ASIC (Application Specific Integrated Circuit)

More information

Characteristics of Java (Optional) Y. Daniel Liang Supplement for Introduction to Java Programming

Characteristics of Java (Optional) Y. Daniel Liang Supplement for Introduction to Java Programming Characteristics of Java (Optional) Y. Daniel Liang Supplement for Introduction to Java Programming Java has become enormously popular. Java s rapid rise and wide acceptance can be traced to its design

More information

Digital Watermark Mobile Agents *

Digital Watermark Mobile Agents * Digital Watermark Mobile Agents * Jian Zhao and Chenghui Luo Fraunhofer Center for Research in Computer Graphics, Inc. 321 South Main Street Providence, RI 02903 Abstract Digital watermarking has emerged

More information

Brainloop Cloud Security

Brainloop Cloud Security Whitepaper Brainloop Cloud Security Guide to secure collaboration in the cloud www.brainloop.com Sharing information over the internet The internet is the ideal platform for sharing data globally and communicating

More information

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C Cunsheng Ding, HKUST Lecture 06: Public-Key Infrastructure Main Topics of this Lecture 1. Digital certificate 2. Certificate authority (CA) 3. Public key infrastructure (PKI) Page 1 Part I: Digital Certificates

More information

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current

More information

Objectives. Python Programming: An Introduction to Computer Science. Lab 01. What we ll learn in this class

Objectives. Python Programming: An Introduction to Computer Science. Lab 01. What we ll learn in this class Python Programming: An Introduction to Computer Science Chapter 1 Computers and Programs Objectives Introduction to the class Why we program and what that means Introduction to the Python programming language

More information

Pemrograman Dasar. Basic Elements Of Java

Pemrograman Dasar. Basic Elements Of Java Pemrograman Dasar Basic Elements Of Java Compiling and Running a Java Application 2 Portable Java Application 3 Java Platform Platform: hardware or software environment in which a program runs. Oracle

More information

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Information Technology Audit & Forensic Techniques. CMA Amit Kumar Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques

More information

Software Reverse Engineering

Software Reverse Engineering Software Reverse Engineering Jacco Krijnen June 19, 2013 Abstract While reverse engineering probably started with the analysis of hardware, today it plays a significant role in the software world. We discuss

More information

Applications of obfuscation to software and hardware systems

Applications of obfuscation to software and hardware systems Applications of obfuscation to software and hardware systems Victor P. Ivannikov Institute for System Programming Russian Academy of Sciences (ISP RAS) www.ispras.ru Program obfuscation is an efficient

More information

Digital Rights Management. Introduction

Digital Rights Management. Introduction Digital Rights Management 12/1/2010 Digital Rights Management 1 Introduction Digital Rights Management (DRM) is a term used for systems that restrict the use of digital media DRM defends against the illegal

More information