Physics Department, TUM | Course 0000003207 in SS 2017

General Data

Course Type	practical training
Semester Weekly Hours	6 SWS
Organisational Unit	Informatics 4 - Chair of Software & Systems Engineering (Prof. Pretschner)
Lecturers	Responsible/Coordination: Alexander Pretschner
Dates

Assignment to Modules

IN2106: Master-Praktikum / Advanced Practical Course
This module is included in the following catalogs:
- Further Modules from Other Disciplines

Further Information

Courses are together with exams the building blocks for modules. Please keep in mind that information on the contents, learning outcomes and, especially examination conditions are given on the module level only – see section "Assignment to Modules" above.

additional remarks	Software systems are subject to Man-At-The-End attacks. MATE attackers have control over the system on which the software is running, and thus they can manipulate both the software itself and its runtime environment for their own benefits. Attackers motive includes but not limited to: illegal usage of a software by bypassing license checks, accessing proprietary data, cheating in games or extracting confidential information (e.g. encryption keys) in an application. In this lab course, students will learn about different protection measures, their cons and pros and finally implement a selected set of techniques. Module 0: Introduction and Motivation Software protection scenarios  Attack tree Man-at-the-End vs. network attacker Overview of the attacks Disassembly , decompilation , debuggers, symbolic / concolic execution  Introspection, state inspection, layered and remote protection. Module 1: Protection Process & LLVM Check() and Response() paradigm  Overview of protection process & code transformation  Post-compile, pre-compile, compile-time, load time and runtime transformations Granularity of protection: function, basic block, instruction, slice, control flow LLVM compiler infrastructure & passes Module 2: Introspection self-checksumming Self-checking and self-checksumming Network of checkers and cyclic checks Stealth analysis Attacks: memory split and taint analysis Module 3: Introspection self-encrypting Key derivation and Block-chain Whitebox cryptography Process level virtualisation Stealth analysis  Attacks: memory dump and key extraction Module 4: State inspection Trace authentication  Environmental states  Oblivious hashing  Stealth analysis  Attacks: time-of-check vs. time-of-use Module 5: Intel SGX Running software on untrusted commodity Runtime integrity  Trusted and untrusted program domains Enclaves Local attestation Remote attestation Limitations
Links	E-Learning course (e. g. Moodle) TUMonline entry

additional remarks

Software systems are subject to Man-At-The-End attacks. MATE attackers have control over the system on which the software is running, and thus they can manipulate both the software itself and its runtime environment for their own benefits. Attackers motive includes but not limited to: illegal usage of a software by bypassing license checks, accessing proprietary data, cheating in games or extracting confidential information (e.g. encryption keys) in an application. In this lab course, students will learn about different protection measures, their cons and pros and finally implement a selected set of techniques. Module 0: Introduction and Motivation Software protection scenarios  Attack tree Man-at-the-End vs. network attacker Overview of the attacks Disassembly , decompilation , debuggers, symbolic / concolic execution  Introspection, state inspection, layered and remote protection. Module 1: Protection Process & LLVM Check() and Response() paradigm  Overview of protection process & code transformation  Post-compile, pre-compile, compile-time, load time and runtime transformations Granularity of protection: function, basic block, instruction, slice, control flow LLVM compiler infrastructure & passes Module 2: Introspection self-checksumming Self-checking and self-checksumming Network of checkers and cyclic checks Stealth analysis Attacks: memory split and taint analysis Module 3: Introspection self-encrypting Key derivation and Block-chain Whitebox cryptography Process level virtualisation Stealth analysis  Attacks: memory dump and key extraction Module 4: State inspection Trace authentication  Environmental states  Oblivious hashing  Stealth analysis  Attacks: time-of-check vs. time-of-use Module 5: Intel SGX Running software on untrusted commodity Runtime integrity  Trusted and untrusted program domains Enclaves Local attestation Remote attestation Limitations

Links

E-Learning course (e. g. Moodle)
TUMonline entry

This website is no longer updated.

Mater Praktikum - Software Integrity Protection (IN2106, IN4213)

Course 0000003207 in SS 2017

General Data

Assignment to Modules

Further Information