Abstract
We call changeware software that surreptitiously modifies resources of software applications, e.g., configuration files. Changeware is developed by malicious entities which gain profit if their changeware is executed by large numbers of end-users of the targeted software. Browser hijacking mal-ware is one popular example that aims at changing web- browser settings such as the default search engine or the home page. Changeware tends to provoke end-user dissat-isfaction with the target application, e.g. due to repeated failure of persisting the desired configuration. We describe a solution to counter changeware, to be employed by ven- dors of software targeted by changeware. It combines several protection mechanisms: white-box cryptography to hide a cryptographic key, software diversity to counter automated key retrieval attacks, and run-time process memory integrity checking to avoid illegitimate calls of the developed API.
Author supplied keywords
Cite
CITATION STYLE
Banescu, S., Pretschner, A., Battré, D., Cazzulani, S., Shield, R., & Thompson, G. (2015). Software-based protection against changeware. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp. 231–242). Association for Computing Machinery. https://doi.org/10.1145/2699026.2699099
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
