TY - JOUR
T1 - Hypervisor-based protection of code
AU - Kiperberg, Michael
AU - Leon, Roee
AU - Resh, Amit
AU - Algawi, Asaf
AU - Zaidenberg, Nezer J.
N1 - Publisher Copyright:
© 2005-2012 IEEE.
PY - 2019/8
Y1 - 2019/8
N2 - The code of a compiled program is susceptible to reverse-engineering attacks on the algorithms and the business logic that are contained within the code. The main existing countermeasure to reverse-engineering is obfuscation. Generally, obfuscation methods suffer from two main deficiencies: 1) the obfuscated code is less efficient than the original and 2) with sufficient effort, the original code may be reconstructed. We propose a method that is based on cryptography and virtualization. The most valuable functions are encrypted and remain inaccessible even during their execution, thus preventing their reconstruction. A specially crafted hypervisor is responsible for decryption, execution, and protection of the encrypted functions. We claim that the system can provide protection even if the attacker: 1) has access to the operating system kernel and 2) can intercept communication over the system bus. The evaluation of the system's efficiency suggests that it can compete with and outperform obfuscation-based methods.
AB - The code of a compiled program is susceptible to reverse-engineering attacks on the algorithms and the business logic that are contained within the code. The main existing countermeasure to reverse-engineering is obfuscation. Generally, obfuscation methods suffer from two main deficiencies: 1) the obfuscated code is less efficient than the original and 2) with sufficient effort, the original code may be reconstructed. We propose a method that is based on cryptography and virtualization. The most valuable functions are encrypted and remain inaccessible even during their execution, thus preventing their reconstruction. A specially crafted hypervisor is responsible for decryption, execution, and protection of the encrypted functions. We claim that the system can provide protection even if the attacker: 1) has access to the operating system kernel and 2) can intercept communication over the system bus. The evaluation of the system's efficiency suggests that it can compete with and outperform obfuscation-based methods.
KW - Security
KW - code protection
KW - cryptography
KW - trusted platform module
KW - virtual machine monitors
UR - http://www.scopus.com/inward/record.url?scp=85065968248&partnerID=8YFLogxK
U2 - 10.1109/TIFS.2019.2894577
DO - 10.1109/TIFS.2019.2894577
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85065968248
SN - 1556-6013
VL - 14
SP - 2203
EP - 2216
JO - IEEE Transactions on Information Forensics and Security
JF - IEEE Transactions on Information Forensics and Security
IS - 8
M1 - 8624561
ER -