The University of Arizona
banner image

Identifying and Understanding Self-Checksumming Defenses in Software

Jing Qiu1,2   Babak Yadegari1   Brian Johannesmeyer1   Saumya Debray1   Xiaohong Su2
1: Department of Computer Science
University of Arizona
Tucson, AZ 85721, U.S.A.
  2: School of Computer Science and Technology
Harbin Institute of Technology
Harbin, China
 

Abstract
Software self-checksumming is widely used as an anti-tampering mechanism for protecting intellectual property and deterring piracy. This makes it important to understand the strengths and weaknesses of various approaches to self-checksumming. This paper describes a dynamic information-flow-based attack that aims to identify and understand self-checksumming behavior in software. Our approach is applicable to a wide class of self-chesumming defenses and the information obtained can be used to determine how the checksumming defenses may be bypassed. Experiments using a prototype implementation of our ideas indicate that our approach can successfully identify self-checksumming behavior in (our implementations of) proposals from the research literature.