F-LaaS: A control-flow-attack immune license-as-a-service model

Sandeep Kumar, Diksha Moolchandani, Takatsugu Ono, Smruti R. Sarangi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We use license servers to verify users' credentials and to restrict access to proprietary software. Due to logistical reasons, it is often economical to use third-party servers to manage licenses. Sadly, users on client machines can mount sophisticated attacks on the executables and try to circumvent the license check. This can be used to crack the software, and thus it is necessary for software writers to prevent such attacks, which include the use of additional code to check the integrity of the binary and the control flow. In spite of such techniques, modern control flow bending(CFB) techniques that rely on running instrumented binaries on virtual machines can circumvent such checks and change the behavior of branches and jumps at runtime. They are however extremely computationally inefficient. We propose an AI-based technique that is an order of magnitude faster than the state-of-the-art and show its efficacy by breaking three widely used license managers, and five popularly used software. Finally, we propose a new license management service, F-LaaS, which hides key functions in the binary. These functions are downloaded at runtime upon the successful verification of the license. We show that the mean performance overhead of F-LaaS is negligible: 0.26%.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE International Conference on Services Computing, SCC 2019 - Part of the 2019 IEEE World Congress on Services
EditorsElisa Bertino, Carl K. Chang, Peter Chen, Ernesto Damiani, Ernesto Damiani, Michael Goul, Katsunori Oyama
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages80-89
Number of pages10
ISBN (Electronic)9781728127200
DOIs
Publication statusPublished - Jul 2019
Event2019 IEEE International Conference on Services Computing, SCC 2019 - Milan, Italy
Duration: Jul 8 2019Jul 13 2019

Publication series

NameProceedings - 2019 IEEE International Conference on Services Computing, SCC 2019 - Part of the 2019 IEEE World Congress on Services

Conference

Conference2019 IEEE International Conference on Services Computing, SCC 2019
CountryItaly
CityMilan
Period7/8/197/13/19

All Science Journal Classification (ASJC) codes

  • Strategy and Management
  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems and Management

Fingerprint Dive into the research topics of 'F-LaaS: A control-flow-attack immune license-as-a-service model'. Together they form a unique fingerprint.

  • Cite this

    Kumar, S., Moolchandani, D., Ono, T., & Sarangi, S. R. (2019). F-LaaS: A control-flow-attack immune license-as-a-service model. In E. Bertino, C. K. Chang, P. Chen, E. Damiani, E. Damiani, M. Goul, & K. Oyama (Eds.), Proceedings - 2019 IEEE International Conference on Services Computing, SCC 2019 - Part of the 2019 IEEE World Congress on Services (pp. 80-89). [8814192] (Proceedings - 2019 IEEE International Conference on Services Computing, SCC 2019 - Part of the 2019 IEEE World Congress on Services). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SCC.2019.00025