Cloud-based Dynamic Executable Verification (2020)

By Rafie Shamsaasef, Aaron Anderson & Sasha Medvinsky, CommScope

Modern software applications are composed of several inner connected modules enabling various features. Today’s complex business and market-driven environment constantly pushes the edge to deliver software application faster than ever. Developers are battling with delivery deadlines that are not driven by the complexity of software offerings rather by the go-to-market motivations. As a result, insecure code has become a leading security risk and, increasingly, the leading business risk as well. It’s irresponsible at every level to ignore this risk while doubling-down on anti-virus solutions and firewalls — neither of which protects applications.

It is important to have holistic view to software protection that provide check points and resolutions throughout the development cycle. It is also equally critical to empower the developers with technologies and methods to be able to automatically identify and detect certain types of attacks. There are commercial software security tools that transform cryptographic credentials so that they cannot be easily extracted.

Other tools can make software reverse engineering very hard by sensing a debugger and transforming the binary code logic such that it looks unintelligible even with a debugger attached.

Dynamic Executable Verification (DEV) as described in this paper, provides low-impact dynamic integrity protection to applications that is compatible with standard code signing and verification methods. Further we discuss a system architecture where components of the Dynamic Executable Verification are placed into a secure cloud-based service which can only be configured by an authorized security administrator. To set the context, we discuss secure boot, tampering attacks and methods to perform static and dynamic analyses. Then we dive into details of DEV techniques that aim to ensure that software cannot be tampered with either statically or dynamically, without detection. The cloud aspect of the DEV makes it even easier for developers as the burden of configuring security tools is moved into a cloud service and the risk of releasing an application with lower than intended security is reduced. We will then present a couple of application use cases before concluding the paper.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Dynamically Addressing the Gap of Software Application Protection without Hardware Security
By Rafie Shamsaasef & Aaron Anderson, CommScope
Bitcode Obfuscation - Protecting Software Without Source Code Access
By Rafie Shamsaasef, Lex Aaron Anderson; CommScope
Accelerating Advanced Advertising: Supporting EBIF With Cloud-Based Solutions
By Jeremy Edmonds, ActiveVideo Networks
A Flexible and Scalable Architecture for Over-the-Air Credentials Provisioning
By Alexander Medvinsky, Dr. Tat Chan, Dr. Xin Qiu & Jason Pasion, CommScope
Cloud-Based DVR and Multiscreen Support Strategies – Optimizing Storage and Transcoding
By Ludovic Milin, Carol Ansley, ARRIS
Designing a Cloud-Based DOCSIS Time Protocol Calibration Database
By Roy Sun, Rahil Gandotra, Ph.D. & Mark Poletti, CableLabs, Inc.; Jennifer Andreoli-Fang, Ph.D., Amazon Web Services (AWS); Elias Chavarria Reyes, Ph.D., Hitron Technologies, Inc.; John Chapman, Cisco Systems, Inc.
HTML5 Framework and Gateway Caching Scheme for Cloud Based UIs
By Mike McMahon, Charter Communications
The Operational Impacts of Supporting a Disaggregated, Distributed, Cloud-based Network Architecture
By Aliraza Bhimani, Comcast Cable; Idris Jafarov, DriveNets
2019 Virtualized CPE Services Have Finally Arrived Via Service Delivery Platforms
By Ian Wheelock & Charles Cheevers, CommScope
Verification of Electrical Grounds/Bonds Using Computer Vision
By Shawn Kercher & Jacob Hallberg, Comcast Innovation Labs
More Results >>