Evaluating Defensive Countermeasures for Software-Based Hardware Abstraction.

Protecting software from illegal reverse engineering and malicious hackers is often remedied through either legal or technical means. In the technical domain, software obfuscation provides less than perfect protection against such attacks since there is no perfect obfuscator for all classes of programs. However, semantic preserving transformations can attempt to make the cost of attacks prohibitive in either time or resources. Software-based hardware abstraction (SBHA) is a novel approach that transforms traditional software code segments into a digital logic form and thus virtualizes code into a hardware abstraction. SBHA can be used to protect embedded secrets in programs that are used to guard intellectual property (IP). Secrets such as passwords, PINs, and activation codes authorize legitimate end-users to install or activate software for use and are validated typically through point functions that check for the single unique input that is expected. In this study we extend initial analysis of SBHA against state-of-the-art dynamic symbolic execution (DSE) attacks in recovering embedded program secrets and consider the limits of an attacker that recovers the logic circuit netlist from an SBHA-protected program. We pose four approaches for hardened SBHA configurations and evaluate their effectiveness using typical analysis tools that cover synthesis, binary decision diagram recovery, and symbolic analysis. We show that such attacks can be mitigated by these countermeasures outright and discuss the trade-off in size and overhead relative to the relatively low-cost of SBHA point-functions stand alone. We conclude that for single use operations such as point function checks, the overhead is large but the execution runtime delta is negligible.