Security

CybersecuritySoftware running on devices ranging from smartcards, over IoT devices, to smartphones, and cloud servers handle and store huge amounts of sensitive and valuable data. They are hence constantly under attack. To meet the security requirements of the data and other software assets, such as integrity and confidentiality, software protection techniques need to be deployed. CSL’s research in this domain focuses on the development of new, stronger protections and on design-time and run-time tools to automate the deployment of protections such that they become cheaper and more reliable. The attack scenarios for which protections are developed include fault injection attacks on smartcards, reverse-engineering and software tampering attacks on mobile applications, exploits of software vulnerabilities, and timing side channel attacks.

 

Software Protection and Computer Security research topics

 

Advanced Obfuscation Techniques

Standard obfuscation techniques suffer from major weaknesses. Many of them are susceptible to relatively simple static attacks because their use is not stealthy and to dynamic attacks because they have no semantic relevance in the programs. Other obfuscation techniques fail to hide critical information such as type hierarchies in object oriented program. 

In our research, we develop more advanced obfuscations to overcome these weaknesses. We develop techniques to remove type information from Java programs by flattening the type hierarchy in those programs, and we develop more advanced control flow transformations based on reuse of existing code fragments, such that when we insert obfuscating control flow transfers, those cannot be detected easily with pattern matching, generic (trace-based) deobfuscation techniques, or abstract interpretation.  

Anti-tampering and anti-debugging software protection

Some software contains assets that come with integrity or confidentiality requirements, such as cryptographic keys, license checks, intellectual property in the form of algorithms, etc. In order to prevent man-at-the-end attackers from reverse engineering code or from tampering with it, a wide range of software protection techniques can be deployed. We perform research into techniques that prevent attackers from attaching debuggers to running software to study its behavior or to intervene in it. We also develop techniques to make sure the code looks and behaves differently every time a program is executed, thus making it harder for attackers to rely on techniques such as pointer chaining that are frequently used in tampering attacks.

Multi-variant Execution Engines and Software Diversity

Multi-variant execution engines (MVEEs) transparently execute multiple diversified versions of an application instead of just one instance. The engines monitor the behavior of the variants and replicate their inputs. Because of the diversification, the variants (which are programmed in unsafe languages such as C or C++) will behave consistent with each other under normal operating conditions, but their behavior will diverge when they are under attack, at which point the engine intervenes to stop the attack. Our research focuses on making MVEEs introduce less overhead, on making them applicable to a wider range of applications (such as the many applications that are not deterministic), and on making them catch more forms of attacks.

We also study diversity as a protection mechanism against reverse-engineering and as a protection against collusion attacks, in which attackers compare two generations of some application to learn which vulnerabilities have been fixed in the later generation, thus enabling them to set op attacks on systems that still run the older generation.

Secure Computer Architectures

Software Protection against Physical Attacks (ongoing)

Even if algorithms are implemented securely in the sense that they implement correct and secure semantics, they can be attacked because they are executed on physical devices in a physical environment. Sensitive data can leak through physical side channels, such as elapsed time, and the integrity of the software can be broken by injecting faults in the processors or memories that store code and data.

We perform research into compiler-based mitigations against such attacks. Using compiler techniques, we transform the software such that it leaks less information, or no information at all, via certain side channels. Furthermore, by introducing redundancy, we ensure that the code is no longer susceptible to the most practical fault injection attacks. Both forms of protections raise the bar significantly for attackers. With our research, we focus on developing automated tool support for proven protections, thus lowering the burden for using these protections.

Software Protection Evaluation

Deploying software protections against man-at-the-end attacks is a complex task, because it is difficult to select the best combinations of protections to deploy on specific use cases. Protections suffer from composability issues, they introduce overheads and impact the software development life cycle in various ways, they need to be combined into layered defenses, software often contains multiple assets with different security requirements, and protection against a wide range of hard to understand attack vectors is necessary.

We perform research into evaluation methodologies for evaluating and modelling the strength of protections as mitigations of attacks on assets. Amongst others, this includes experiments with penetration testers to learn how they conduct attacks, research into software metrics to measure relevant features of unprotected and protected software, and research into the effectiveness of attacker tools.