TY - GEN
T1 - Indirect data representation via offset vectoring
T2 - 16th International Joint Conference on e-Business and Telecommunications, ICETE 2019
AU - Sonnleitner, Erik
AU - Kurz, Marc
AU - Palmanshofer, Alexander
N1 - Publisher Copyright:
Copyright © 2019 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved
PY - 2019
Y1 - 2019
N2 - A common problem in software development is how to handle sensitive information required for appropriate process execution, especially when requesting user input like passwords or -phrases for proper encryption is not applicable due to I/O, UI or UX limitations. This often leads to such information being either stored directly in the source code of the application, or as plaintext in a separate file. We therefore propose an experimental scheme for dynamically recovering arbitrary chunks of information based on the integrity of the text-segment of a running process, without the information being easily extractible from either an on-disk binary, memory dump or the memory map of a running process. Implementing an algorithm we call offset vectoring, this method can help dealing with sensitive information and enhancing the resistance against attacks which aim at extracting such data as well as attempts towards modifying an application, e.g. for the purposes of cracking software.
AB - A common problem in software development is how to handle sensitive information required for appropriate process execution, especially when requesting user input like passwords or -phrases for proper encryption is not applicable due to I/O, UI or UX limitations. This often leads to such information being either stored directly in the source code of the application, or as plaintext in a separate file. We therefore propose an experimental scheme for dynamically recovering arbitrary chunks of information based on the integrity of the text-segment of a running process, without the information being easily extractible from either an on-disk binary, memory dump or the memory map of a running process. Implementing an algorithm we call offset vectoring, this method can help dealing with sensitive information and enhancing the resistance against attacks which aim at extracting such data as well as attempts towards modifying an application, e.g. for the purposes of cracking software.
KW - Code Security
KW - Credential Storage
KW - Information Hiding
KW - Steganography
UR - http://www.scopus.com/inward/record.url?scp=85073061789&partnerID=8YFLogxK
U2 - 10.5220/0007786703330340
DO - 10.5220/0007786703330340
M3 - Conference contribution
T3 - ICETE 2019 - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications
SP - 333
EP - 340
BT - SECRYPT
A2 - Obaidat, Mohammad S.
A2 - Obaidat, Mohammad S.
A2 - Samarati, Pierangela
PB - SciTePress
Y2 - 26 July 2019 through 28 July 2019
ER -