Remote trust with aspect-oriented programming

Question

1. What contributions have the authors mentioned in the paper "Remote trust with aspect-oriented programming" ?

2. What is the way to prevent an automated replacement attack?

3. What is the purpose of the tag generator?

4. What is the way to prevent cracks from being distributed?

Accepted Answer

To address this research problem, the authors propose a novel approach based on the client-side generation of an execution signature, which is remotely checked by the server, wherein signature generation is locked to the entrusted software by means of code integrity checking.. Their approach exploits the features of dynamic aspect-oriented programming ( AOP ) to extend the power of code integrity checkers in several ways.. This paper both presents their approach and describes a prototype implementation for a messaging application.

Accepted Answer

the only possibility to thwart an automated replacement attack is combining different protection techniques (e.g. obfuscation) and reducing the TTG time validity.

Accepted Answer

The Tag Generator crosscut intercepts network transmissions to the chat server in order to obliviously insert authentication tags in the data sent out by the client application.

Accepted Answer

Another way to inhibit cracks diffusion is pursued by means of techniques like Software aging [14] aiming at frequently distributing new updates of a program: this also allows dynamic renewal of software protection techniques embedded in the application.

Accepted Answer

The dynamic aspect is composed by a tag generator crosscut, and two checkers crosscuts, i.e. the sandbox checker and the bytecode checker.

Accepted Answer

To show the applicability of their approach, the authors developed a prototype implementation of TrustedFlow relying on dynamic AOP that was deployed in a Javabased messaging service (i.e., a client/server chat system)Aspect-Oriented Programming [11] is a new programming paradigm easing the modularization of crosscutting concerns in object-oriented software development.

Accepted Answer

The proposed solution extends state-of-the-art integritychecking techniques by providing automated and periodic replacement of checking code during run-time.

Accepted Answer

during the initialization phase, the newly deployed aspect verifies the checksum of older aspect bytecode, before withdrawing it.

Accepted Answer

As a major contribution, their approach provides remote verification of tags in order to verifying that the check has been duly preformed.

Accepted Answer

With the term “un-trusted machine” the authors mean a networked computing base (e.g., networked computers and mobile devices) in which a possibly malicious user has complete (conceivably physical) access to system resources (e.g., memory and disks) and tools (e.g., debuggers) in order to reverse-engineer the application code.

Accepted Answer

Security has always been a primary concern for industry, and recently the interest for client-side software protection has grown.

Accepted Answer

As far as the application code remains genuine, the module will produce valid tags, which are used as continuous evidence to the remote server that the client code is authentic.

Accepted Answer

For increased robustness, the algorithm used to generate the tags should not require a strong synchronization between TTC and TTG.

Accepted Answer

A checker that is both mobile and obfuscated gives an additional degree of freedom to customize the security level: the stronger obfuscation, the lower the update rate can be, and vice versa.

Remote trust with aspect-oriented programming

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What contributions have the authors mentioned in the paper "Remote trust with aspect-oriented programming" ?

2. What is the way to prevent an automated replacement attack?

3. What is the purpose of the tag generator?

4. What is the way to prevent cracks from being distributed?

5. What is the dynamic aspect of the tag generator?

6. What is the way to show the applicability of the approach?

7. What is the proposed solution for thwarting an automated replacement attack?

8. What is the purpose of the aspect?

9. What is the main contribution of the approach?

10. What is the definition of an untrusted machine?

11. What is the main concern for industry?

12. How can a client application be trusted?

13. What is the main reason why the TTG is not required to generate the tags?

14. What is the difference between a mobile and obfuscated checker?

Figures

Citations

Exploiting code mobility for dynamic binary obfuscation

Software Protection with Code Mobility

CodeBender: Remote Software Protection Using Orthogonal Replacement

Hardware-assisted code obfuscation for FPGA soft microprocessors

Secure module and information processing apparatus

References

Aspect-oriented programming

On the (Im)possibility of Obfuscating Programs

Design and implementation of a TCG-based integrity measurement architecture

On the (im)possibility of obfuscating programs

The Block Cipher Rijndael

Related Papers (5)

Application-Oriented Trust in Distributed Computing

Software Based Remote Attestation for OS Kernel and User Applications

Software Tampering Detection using AOP and mobile code

A Taxonomy of Obfuscating Transformations

StaticTrust: A Practical Framework for Trusted Networked Devices