Indirect Data Representation Via Offset Vectoring: A Code-integrity-driven In-memory Data Regeneration Scheme

Erik Sonnleitner, Marc Kurz, Alexander Palmanshofer

2019

Abstract

A common problem in software development is how to handle sensitive information required for appropriate process execution, especially when requesting user input like passwords or -phrases for proper encryption is not applicable due to I/O, UI or UX limitations. This often leads to such information being either stored directly in the source code of the application, or as plaintext in a separate file. We therefore propose an experimental scheme for dynamically recovering arbitrary chunks of information based on the integrity of the text-segment of a running process, without the information being easily extractible from either an on-disk binary, memory dump or the memory map of a running process. Implementing an algorithm we call offset vectoring, this method can help dealing with sensitive information and enhancing the resistance against attacks which aim at extracting such data as well as attempts towards modifying an application, e.g. for the purposes of cracking software.

Download


Paper Citation


in Harvard Style

Sonnleitner E., Kurz M. and Palmanshofer A. (2019). Indirect Data Representation Via Offset Vectoring: A Code-integrity-driven In-memory Data Regeneration Scheme.In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT, ISBN 978-989-758-378-0, pages 333-340. DOI: 10.5220/0007786703330340


in Bibtex Style

@conference{secrypt19,
author={Erik Sonnleitner and Marc Kurz and Alexander Palmanshofer},
title={Indirect Data Representation Via Offset Vectoring: A Code-integrity-driven In-memory Data Regeneration Scheme},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,},
year={2019},
pages={333-340},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007786703330340},
isbn={978-989-758-378-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - Volume 2: SECRYPT,
TI - Indirect Data Representation Via Offset Vectoring: A Code-integrity-driven In-memory Data Regeneration Scheme
SN - 978-989-758-378-0
AU - Sonnleitner E.
AU - Kurz M.
AU - Palmanshofer A.
PY - 2019
SP - 333
EP - 340
DO - 10.5220/0007786703330340