Sciweavers

SAC
2009
ACM

Remote software protection by orthogonal client replacement

14 years 7 months ago
Remote software protection by orthogonal client replacement
In a typical client-server scenario, a trusted server provides valuable services to a client, which runs remotely on an untrusted platform. Of the many security vulnerabilities that may arise (such as authentication and authorization), guaranteeing the integrity of the client code is one of the most difficult to address. This security vulnerability is an instance of the malicious host problem, where an adversary in control of the client’s host environment tries to tamper with the client code. We propose a novel client replacement strategy to counter the malicious host problem. The client code is periodically replaced by new orthogonal clients, such that their combination with the server is functionally-equivalent to the original client-server application. The reverse engineering efforts of the adversary are deterred by the complexity of analysis of frequently changing, orthogonal program code. We use the underlying concepts of program obfuscation as a basis for formally defining a...
Mariano Ceccato, Paolo Tonella, Mila Dalla Preda,
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where SAC
Authors Mariano Ceccato, Paolo Tonella, Mila Dalla Preda, Anirban Majumdar
Comments (0)