Sandmark--A Tool for Software Protection Research

T he current widespread interest in protecting software from piracy, tampering, and reverse engineering has been brought to bear for several reasons. First, revenue derived from proprietary software sales is vital to many software vendors' survival. Second, more vendors distribute software in forms that attackers can easily manipulate, such as Java bytecode or Mi-crosoft's intermediate language. (In fact, these distribution formats are essentially identical to source code.) Finally, some new types of software, such as digital rights management (DRM) systems, contain secrets that must be protected from attack. For example, users who can extract the cryptographic key stored in a DRM media player will be able to enjoy any media without having to pay for it. Sandmark is a research tool we are developing to study the effectiveness of software-based methods for protecting software from piracy, tampering, and reverse engineering. Our ultimate goal with Sandmark is to implement and evaluate all known software-based methods of software protection. Sandmark currently contains several code obfuscation and software watermarking algorithms. 1–8 Sandmark's infrastructure makes it easy to add and combine algorithms, evaluate their performance and effectiveness, and launch automatic and manual attacks against watermarking and obfuscation algorithms. It is our hope that the tool will prove useful to software protection researchers in fairly evaluating their algorithms, to potential software protection users who wish to evaluate different protection mechanisms, and to software developers who wish to protect their software from piracy, reverse engineering, or tampering by using software protection algorithms. Sandmark provides protection against malicious host attacks , which attackers launch to extract or destroy part of a program. These attacks typically target proprietary algorithms, cryptographic keys, and program registration checks. The watermarking and obfusca-tion algorithms that Sandmark provides can deter these types of attack. Users can use obfuscation to make it difficult for an attacker to locate sensitive information and can use watermarking to mark sensitive information so that it can be traced to the person who distributed it illegally. Previous articles have discussed algorithms for code obfuscation, software watermarking, and tamper-proofing in more detail. An understanding of these algorithms will aid in the understanding of why Sandmark was developed. 1–4,7 In this article, we describe Sandmark's capabilities and overall design and how researchers can use it to test and evaluate these algorithms. There have been a variety of techniques proposed for software protection both in hardware and software. The hardware-based approaches range …