IEEE Transactions on Professional Communication Feb 2005

Hardware-Assisted Circumvention of Self-Hashing Software Tamper Resistance

P.C. van Oorschot ; A. Somayaji ; G. Wurster

Abstract

Self-hashing has been proposed as a technique for verifying software integrity. Appealing aspects of this approach to software tamper resistance include the promise of being able to verify the integrity of software independent of the external support environment, as well as the ability to integrate code protection mechanisms automatically. In this paper, we show that the rich functionality of most modern general-purpose processors (including UltraSparc, x86, PowerPC, AMD64, Alpha, and ARM) facilitate an automated, generic attack which defeats such self-hashing. We present a general description of the attack strategy and multiple attack implementations that exploit different processor features. Each of these implementations is generic in that it can defeat self-hashing employed by any user-space program on a single platform. Together, these implementations defeat self-hashing on most modern general-purpose processors. The generality and efficiency of our attack suggests that self-hashing is not a viable strategy for high-security tamper resistance on modern computer systems.

Journal
IEEE Transactions on Professional Communication
Published
2005-02-01
DOI
10.1109/tdsc.2005.24
CompPile
Open Access
Closed
Topics
digital rhetoric
Export
BibTeX RIS

Citation Context

Cited by in this index (0)

No articles in this index cite this work.

References (43)

  1. (2005)
    Internet Explorer 6: Digital Certificates
  2. 10.1145/191177.191183
  3. 10.1007/3-540-61996-8_49
  4. 10.1007/3-540-47870-1_10
  5. 10.1007/3-540-47870-1_9
Show all 43 →
  1. 10.1109/SP.2005.2
  2. 10.1007/3-540-68671-1_4
  3. 10.1109/TSE.2002.1027797
  4. 10.1007/10958513_1
  5. 10.1007/10958513_27
  6. Wurster (2005)
    A Generic Attack on Hashing-Based Software Tamper Resistance
  7. (2004)
    UltraSPARC III Cu User’s Manual
  8. (2004)
    The Linux Kernel Archives
  9. (2001)
    Programming Environments Manual: For 32-Bit Implementations of the PowerPC Architecture
  10. (2003)
    AMD64 Architecture Programmer’s Manual. vol. 2, System Programming
  11. (2003)
    IA-32 Intel Architecture Software Developer’s Manual
  12. (2005)
    ARM Documentation—ARM Processor Cores
  13. (2003)
    IA-32 Intel Architecture Software Developer’s Manual, vol. 3: System Programming Guide, c…
  14. (2005)
    Homepage of PaX
  15. (1998)
    Alpha Architecture Handbook
  16. Linn
    Enhancing Software Tamper-Resistance Via Stealthy Address Computations
  17. 10.1007/3-540-68671-1_6
  18. 10.1007/3-540-36415-3_26
  19. Gosler
    Software Protection: Myth or Reality?
  20. Kennell
    Establishing the Genuinity of Remote Computer Systems
  21. Loscocco
    The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Envir…
  22. Peinado (2005)
    NGSCB: A Trusted Open System
  23. 10.1145/782814.782838
  24. 10.1016/S1389-1286(98)00019-X
  25. (2004)
    Trusted Computing Group
  26. 10.21236/ADA419599
  27. 10.1145/643477.643479
  28. Shankar
    Side Effects Are Not Sufficient to Authenticate Software
  29. Kennell (2004)
    An Analysis of Proposed Attacks against Genuinity Tests
  30. 10.1145/1030083.1030103
  31. 10.1109/SECPRI.2004.1301329
  32. 10.1145/1030083.1030125
  33. (2001)
    Trusted Platfrom Module (TPM) Main Specification
  34. Miretskiy
    AVFS: An On-Access Anti-Virus File System
  35. Nick
    Copilot—A Coprocessor-Based Kernel Runtime Integrity Monitor
  36. 10.1007/3-540-44456-4_7
  37. Wang (2000)
    A Security Architecture for Survivability Mechanisms
  38. (2001)
    MIPS32 Architecture for Programming
CrossRef global citation count: 44 View in citation network → Build reading path →

Related Articles

  1. Computers and Composition Jun 2026
    “Article laundry” or “tutor in pocket?”: Multilingual writers’ generative AI-assisted writing in professional settings
    Qianqian Zhang-Wu
    writing pedagogy teacher development professional writing qualitative research digital rhetoric artificial intelligence multilingual writers
  2. Computers and Composition Jun 2026
    Evaluating students’ Coded animated stories as multimodal narrative composition in the middle school English curriculum
    Len Unsworth
    first-year composition teacher development digital rhetoric multimodality
  3. Computers and Composition Jun 2026
    Historicizing critical discourse about emergent tools and technologies across 40 years of Computers and Composition
    Meghan Velez; Kara Taczak; Matthew D. Bryan
    discourse analysis digital rhetoric
  4. Computers and Composition Jun 2026
    Legacies, commitments, and new challenges: The Sweetland Digital Rhetoric Collaborative interviews three generations of Computers and Composition editors
    Ali Alalem; Alyse Campbell; Thais Rodrigues Cons; Funmilola Fadairo; Nicole Koyuki Golden
    rhetorical criticism collaborative writing digital rhetoric
  5. Computers and Composition Jun 2026
    A quantitative, computational investigation of Computers and Composition: Using topic modeling over time to reveal patterns in textual data
    Stuart Deets
    digital rhetoric