A technique for self-certifying tamper resistant software

Abstract

Until recently the use of software tamper resistance was rather limited. However, as the music and movie industries have increased their reliance on content protection systems, the importance placed on and the use of tamper resistance has also increased. Unfortunately, the nature of tamper resistance can make it difficult for developers to determine if a protection mechanism is actually robust and which attacks it can protect against. To address this issue we have designed a tool for self-certifying the strength of a tamper resistance implementation that is based on a hybrid attack-defense graph. This approach to tamper resistance evaluation is advantageous in that it enables certification without leaking confidential implementation details and it assists developers in designing more robust implementations. © 2007 ACM.