安全软件许可:模型、构造和证明

2016 IEEE 29th Computer Security Foundations Symposium (CSF) Pub Date : 2016-06-01 DOI:10.1109/CSF.2016.10

S. Costea, B. Warinschi

{"title":"安全软件许可:模型、构造和证明","authors":"S. Costea, B. Warinschi","doi":"10.1109/CSF.2016.10","DOIUrl":null,"url":null,"abstract":"The problem of secure software licensing is to enforce meaningful restrictions on how software is run on machines outside the control of the software author/vendor. The problem has been addressed through a variety of approaches from software obfuscation to hardware-based solutions, but existent solutions offer only heuristic guarantees which are often invalidated by attacks. This paper establishes foundations for secure software licensing in the form of rigorous models. We identify and formalize two key properties. Privacy demands that licensed software does not leak unwanted information, and integrity ensures that the use of licensed software is compliant with a license - the license is a parameter of our models. Our formal definitions and proposed constructions leverage the isolation/attestation capabilities of recently proposed trusted hardware like SGX which proves to be a key enabling technology for provably secure software licensing.","PeriodicalId":6500,"journal":{"name":"2016 IEEE 29th Computer Security Foundations Symposium (CSF)","volume":"40 1","pages":"31-44"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Secure Software Licensing: Models, Constructions, and Proofs\",\"authors\":\"S. Costea, B. Warinschi\",\"doi\":\"10.1109/CSF.2016.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The problem of secure software licensing is to enforce meaningful restrictions on how software is run on machines outside the control of the software author/vendor. The problem has been addressed through a variety of approaches from software obfuscation to hardware-based solutions, but existent solutions offer only heuristic guarantees which are often invalidated by attacks. This paper establishes foundations for secure software licensing in the form of rigorous models. We identify and formalize two key properties. Privacy demands that licensed software does not leak unwanted information, and integrity ensures that the use of licensed software is compliant with a license - the license is a parameter of our models. Our formal definitions and proposed constructions leverage the isolation/attestation capabilities of recently proposed trusted hardware like SGX which proves to be a key enabling technology for provably secure software licensing.\",\"PeriodicalId\":6500,\"journal\":{\"name\":\"2016 IEEE 29th Computer Security Foundations Symposium (CSF)\",\"volume\":\"40 1\",\"pages\":\"31-44\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 29th Computer Security Foundations Symposium (CSF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSF.2016.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 29th Computer Security Foundations Symposium (CSF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSF.2016.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

安全软件许可的问题在于对软件如何在软件作者/供应商控制之外的机器上运行施加有意义的限制。这个问题已经通过从软件混淆到基于硬件的解决方案的各种方法得到解决，但是现有的解决方案只提供启发式保证，而这些保证通常会被攻击所破坏。本文以严谨模型的形式建立了安全软件许可的基础。我们确定并形式化了两个关键属性。隐私要求许可软件不会泄露不想要的信息，完整性确保许可软件的使用符合许可证-许可证是我们模型的一个参数。我们的正式定义和建议的构造利用了最近提出的可信硬件(如SGX)的隔离/认证功能，这被证明是可证明的安全软件许可的关键启用技术。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Secure Software Licensing: Models, Constructions, and Proofs

The problem of secure software licensing is to enforce meaningful restrictions on how software is run on machines outside the control of the software author/vendor. The problem has been addressed through a variety of approaches from software obfuscation to hardware-based solutions, but existent solutions offer only heuristic guarantees which are often invalidated by attacks. This paper establishes foundations for secure software licensing in the form of rigorous models. We identify and formalize two key properties. Privacy demands that licensed software does not leak unwanted information, and integrity ensures that the use of licensed software is compliant with a license - the license is a parameter of our models. Our formal definitions and proposed constructions leverage the isolation/attestation capabilities of recently proposed trusted hardware like SGX which proves to be a key enabling technology for provably secure software licensing.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE 29th Computer Security Foundations Symposium (CSF)

自引率

0.00%

发文量

期刊最新文献

Axioms for Information Leakage Multi-run Side-Channel Analysis Using Symbolic Execution and Max-SMT sElect: A Lightweight Verifiable Remote Voting System Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers On Modular and Fully-Abstract Compilation