To ensure the continuity of the company, it must seek export contracts. In the defense field, these contracts are often accompanied by transfers of technology (ToT) to the recipient country. These, are partial and a compromise is needed between the protection of industrial property, the national secret and the client requests. It is in this context, particularly in DCNS, we are looking for new techniques in software protection. Faced with the failure of the various techniques protections (obfuscations and packer), which allow only to slow understanding of the code, a new approach of protection is discussed. The main idea is to filter the memory accesses, that contains the sensitive data. This solution, which is part of a strong industrial environment should impact the minimum system and applications provided by DCNS. We propose an architecture that uses the latest technologies Intel and particularly the hardware virtualization. This technology, allows us to obtain a high level of privilege and to control precisely the applications. Our solution allows to protect executable data of the ELF binary; in the plateforms 32 and 64 bits without modifying the targeted system. We detail the differents steps to protect a process (from its start to its finish) and the different problems encountered and the choices to address it. We also show, through various measures, the effectiveness of our architecture and its low impact on the guest system. In our implementation, only executable data are protected, we propose food for thoughts to fully protect binary memory. And the evolutions, to integrate our solution in a trusted architecture to ameliorate its robustness Our solution forbids, by construction, all the reads and writes of the sensitive data and is compatible with all Linux distributions without modifications.
Authors
- Bibliographic Reference
- Eddy Deligne. Hyperviseur de protection d'exécutables - Etude, développement et discussion. Cryptographie et sécurité [cs.CR]. Ecole Polytechnique X, 2014. Français. ⟨NNT : ⟩. ⟨pastel-00976713⟩
- HAL Collection
- ['PASTEL - ParisTech', 'ParisTech']
- HAL Identifier
- 976713
- Institution
- Ecole Supérieure d'Informatique Electronique Automatique [Paris]
- Laboratory
- Cryptologie et Virologie Opérationnelles
- Published in
- France
Table of Contents
- Submitted on 10 Apr 2014 1
- Eddy Deligne. Hyperviseur de protection dexécutables - Etude développement et discussion. Cryp- tographie et sécurité cs.CR. Ecole Polytechnique X 2014. Français. NNT . pastel-00976713 1
- . . 2
- Propriété DCNS 2013 tous droits réservés INFORMATIONS CONFIDENTIELLES 2
- É P 2
- N aribffé par la bibliothèqffe 2
- D de lÉcole Polytenique Sécurité Informatique de Cryptologie et Virologie Opérationnelles EDX 447 2
- Titre 2
- Directeffr de thèse Responsable scientiqffe entreprise 2
- Filiol Éric Hebrard Patri 2