Towards a Theory of White-Box Security

IRIS

Program hardening for secure execution in remote untrusted environment is an important yet elusive goal of security, with numerous attempts and efforts of the research community to produce secure solutions. Obfuscation is the prevailing practical technique employed to tackle this issue. Unfortunately, no provably secure obfuscation techniques currently exist. Moreover, Barak et. al., showed that not all programs can be obfuscated. Theoretical research exhibits provably secure albeit inefficient constructions, e.g. using tools from encrypted domain. We present a rigorous approach to software execution in remote environment based on a new white box primitive, the White Box Remote Program Execution (WBRPE), whose security specifications include confidentiality and integrity of both the local and the remote hosts. WBRPE can be used for many applications, e.g. grid computing, digital rights management, mobile agents. We then present a construction of a specific program such that if there ex...

Towards a Theory of White-Box Security

A. Herzberg;H. Shulman;A. Saxena;Crispo, Bruno

2009-01-01

Abstract

Program hardening for secure execution in remote untrusted environment is an important yet elusive goal of security, with numerous attempts and efforts of the research community to produce secure solutions. Obfuscation is the prevailing practical technique employed to tackle this issue. Unfortunately, no provably secure obfuscation techniques currently exist. Moreover, Barak et. al., showed that not all programs can be obfuscated. Theoretical research exhibits provably secure albeit inefficient constructions, e.g. using tools from encrypted domain. We present a rigorous approach to software execution in remote environment based on a new white box primitive, the White Box Remote Program Execution (WBRPE), whose security specifications include confidentiality and integrity of both the local and the remote hosts. WBRPE can be used for many applications, e.g. grid computing, digital rights management, mobile agents. We then present a construction of a specific program such that if there ex...

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
				2009
			
	Titolo del volume (Proceedings title)
	
				24th IFIP TC 11 International Information Security Conference
			
	Autore/i del libro (Book author/s)
	
				Dimitris Gritzalis, Javier Lopez
			
	Luogo di edizione (Place of publication)
	
				Berlin, New York, Heidelberg
			
	Casa editrice (Publisher)
	
				Springer
			
	ISBN
	
				9783642012433
			
	Codice Scopus (Scopus Identifier)
	
				2-s2.0-84885053942
			
	Codice WOS (WOS identifier)
	
				WOS:000267158300030
			
	Tutti gli autori
	
						A., Herzberg; H., Shulman; A., Saxena; Crispo, Bruno
					
	Appare nelle tipologie:
	
				04.1 Saggio in atti di convegno (Paper in Proceedings)

File in questo prodotto:

Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/85396

Citazioni

ND

8

4

ND

social impact