Identifying and Understanding Self-Checksumming Defenses in Software
1: |
Department of Computer Science University of Arizona Tucson, AZ 85721, U.S.A. |
2: |
School of Computer Science and Technology Harbin Institute of Technology Harbin, China |
Software self-checksumming is widely used as an anti-tampering mechanism for protecting intellectual property and deterring piracy. This makes it important to understand the strengths and weaknesses of various approaches to self-checksumming. This paper describes a dynamic information-flow-based attack that aims to identify and understand self-checksumming behavior in software. Our approach is applicable to a wide class of self-chesumming defenses and the information obtained can be used to determine how the checksumming defenses may be bypassed. Experiments using a prototype implementation of our ideas indicate that our approach can successfully identify self-checksumming behavior in (our implementations of) proposals from the research literature.