In the Tigress project we are studying diversity-based defenses
against Remote Man-At-The-End (R-MATE) attacks. These
attacks occur in distributed systems where untrusted
clients are in frequent communication with trusted servers
over a network, and malicious users can get an advantage by
compromising an untrusted device.
Currently, the Tigress backend (the diversifying C virtualizer/obfuscator)
is available for download here.
R-MATE vulnerabilities occur in a variety of settings, including
- The Advanced Metering Infrastructure} (AMI) for controlling the electrical power grid,
where networked devices (smart meters) are installed at
individual house-holds to allow two-way communication with control
servers of the utility company. In an R-MATE attack against the AMI, a
malicious consumer tampers with the meter to emulate an imminent
blackout, or to trick a control server to send disconnect commands to
- MMOGs (massive multiplayer online games) are susceptible to R-MATE attacks since a
malicious player who tampers with the game client can get an advantage
over other players.
- Wireless sensors are often deployed in unsecured environments (such as theaters
of war) where they are vulnerable to tampering attempts. A compromised
sensor could be coached into supplying the wrong observations
to a base station, causing real-world damage.
- Electronic health records (EHR) are typically protected by encryption
while stored in databases and in transit to doctors' offices, but they are
vulnerable to R-MATE attack if an individual doctor's client machine
In our system, the trusted server overwhelms the untrusted client's
analytical abilities by continuously and automatically generating and
pushing to him diverse client code variants. The diversity
subsystem employs a set of primitive code transformations that provide
an ever-changing attack target for the adversary, making
tampering difficult without this being detected by the server.
Tigress is supported through the following grants:
- September 2011---August 2013, Man-at-the-End Attacks: Defenses and Evaluation,
National Science Foundation Grant CNF-1145913, $269,649,
PI: Christian Collberg, co-PIs: Saumya Debray, Loukas Lazos.
- October 2009---September 2013,
Theoretical and Practical Approaches to Remote White-Box Security,
United States--Israel Binational Science Foundation grant BSF-2008362,
$90,684, PI: Amir Hertzberg (Bar Ilan University, Israel),
co-PIs: Christian Collberg, Shafi Goldwasser (MIT and Weizmann Institute).
Patrick P.F. Chan, Christian Collberg,
A Method to Evaluate CFG Comparison Algorithms
Christian Collberg, Sam Martin, Jonathan Myers, Jasvir Nagra,
Distributed application tamper detection via continuous software updates,
- Sam Martin
- Jonathan Myers
- Jasvir Nagra