Anti-tamper software is software which makes it harder for an attacker to modify it. The measures involved can be passive such as

obfuscation Obfuscation is the obscuring of the intended meaning of communication by making the message difficult to understand, usually with confusing and ambiguous language. The obfuscation might be either unintentional or intentional (although intent ...

to make

reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompl ...

difficult or active tamper-detection techniques which aim to make a program malfunction or not operate at all if modified. It is essentially tamper resistance implemented in the software domain. It shares certain aspects but also differs from related technologies like

copy protection Copy protection, also known as content protection, copy prevention and copy restriction, is any measure to enforce copyright by preventing the reproduction of software, films, music, and other media. Copy protection is most commonly found on vid ...

and trusted hardware, though it is often used in combination with them. Anti-tampering technology typically makes the software somewhat larger and also has a performance impact. There are no

provably secure Provable security refers to any type or level of computer security that can be proved. It is used in different ways by different fields. Usually, this refers to mathematical proofs, which are common in cryptography. In such a proof, the capabilit ...

software anti-tampering methods; thus, the field is an

arms race An arms race occurs when two or more groups compete in military superiority. It consists of a competition between two or more State (polity), states to have superior armed forces, concerning production of weapons, the growth of a military, and ...

between attackers and software anti-tampering technologies. Tampering can be malicious, to gain control over some aspect of the software with an unauthorized modification that alters the

computer program A computer program is a sequence or set of instructions in a programming language for a computer to Execution (computing), execute. It is one component of software, which also includes software documentation, documentation and other intangibl ...

code and behaviour. Examples include installing rootkits and backdoors, disabling security monitoring, subverting authentication, malicious code injection for the purposes of data theft or to achieve higher user privileges, altering control flow and communication, license code bypassing for the purpose of

software piracy Online piracy or software piracy is the practice of downloading and distributing copyrighted works digitally without permission, such as music, movies or software. History Nathan Fisk traces the origins of modern online piracy back to similar ...

, code interference to extract data or algorithms and counterfeiting. Software applications are vulnerable to the effects of tampering and code changes throughout their lifecycle from development and deployment to operation and maintenance. Anti-tamper protection can be applied as either internally or externally to the application being protected. External anti-tampering is normally accomplished by monitoring the software to detect tampering. This type of defense is commonly expressed as malware scanners and anti-virus applications. Internal anti-tampering is used to turn an application into its own security system and is generally done with specific code within the software that will detect tampering as it happens. This type of tamper proofing defense may take the form of runtime integrity checks such as cyclic redundancy checksums, anti-debugging measures, encryption or

. Execution inside a

virtual machine In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...

has become a common anti-tamper method used in recent years for commercial software; it is used for example in StarForce and SecuROM. Some anti-tamper software uses white-box cryptography, so cryptographic keys are not revealed even when cryptographic computations are being observed in complete detail in a debugger. A more recent research trend is tamper-tolerant software, which aims to correct the effects of tampering and allow the program to continue as if unmodified. A simple (and easily defeated) scheme of this kind was used in the Diablo II video game, which stored its critical player data in two copies at different memory locations and if one was modified externally, the game used the lower value. Anti-tamper software is used in many types of software products including: embedded systems, financial applications, software for mobile devices, network-appliance systems, anti-cheating in games, military, license management software, and

digital rights management Digital rights management (DRM) is the management of legal access to digital content. Various tools or technological protection measures, such as access control technologies, can restrict the use of proprietary hardware and copyrighted works. DRM ...

(DRM) systems. Some general-purpose packages have been developed which can wrap existing code with minimal programing effort; for example the SecuROM and similar kits used in the gaming industry, though they have the downside that semi-generic attacking tools also exist to counter them. Malicious software itself can and has been observed using anti-tampering techniques, for example the Mariposa botnet.

References

{{reflist Computer security software

See also

References