10:30-10:55: Glenn Wurster (Carleton U)

Software Tamper Resistance: Defeating Self-Checksumming (abstract)

Self-hashing has been proposed as a technique for verifying software
integrity.  Appealing aspects of this approach to software tamper
resistance include the promise of being able to verify the integrity
of software independent of the external support environment, as well
as the ability to integrate code protection mechanisms
automatically. In my talk I will discuss an automated, generic attack
which defeats such self-hashing.  The attack has implications for
digital rights management, as well as other areas where software
tamper resistance is employed.  The attack uses the rich functionality
of most modern general-purpose processors (including UltraSparc, x86,
PowerPC, AMD64, Alpha, and ARM).  The attack defeats self-hashing on
most modern general-purpose processors.  The generality and efficiency
of our attack suggests that current self-hashing techniques are not
viable strategies for high-security tamper resistance on modern
computer systems.  I will discuss the effects our attack has on
self-hashing software tamper resistance, including what must be done
in order for a defender to successfully guard against our attack.