How to Hide Secrets from Operating System: Architecture Level Support for Dynamic Address Trace Obfuscation Page: 3
The following text was automatically extracted from the image on this page using optical character recognition software:
PROPOSED RESPONSIBILITY ASSIGNMENT FOR THE VM BLACK-BOX
The VM blackbox contains the private part of a public/private
key pair. This pair can be renewed at bootup time or even
periodically. Note that the public key is not really used by any
other system component to send secure messages to the VM
blackbox. VM blackbox uses it to encrypt any state before
storing it in memory, and to decrypt any state loaded from
We can assume that there is sufficient space within the VM
blackbox to cache the VM-attributes of a small working set
of process descriptors. Any spills into memory are stored in
B. Process Scheduling
The process scheduling is performed by the OS in the
existing systems, and we have left it that way in DRMAr.
All the existing priority levels can be maintained. The only
malicious action that can be taken by the OS through schedul-
ing would be process starvation. However, in the digital rights
management context, process starvation does not benefit the
adversary at all. It does not appear to aid the information leak
for reverse engineering of the process.
C. Dynamic Linking
Dynamic linking or shared objects in Linux allows for the
executable code to be linked to a program on a demand driven
basis. A procedure (or a collection of procedures) is linked
only if it is called. The executable (in ELF, executable and
linking format) passes control to an interpreter, the dynamic
linker, which itself is a shared library in Linux. The executable
contains a procedure linkage table (PLT) and a global offset
table (GOT). PLT keeps information about the relative loca-
tions of the procedures, whereas GOT tracks data locations.
When invoked, the dynamic linker, garners information from
the linked object's .dynsym (dynamic symbol table), .dynstr
(dynamic string name table), and .hash ((a hash table to allow
linker to quickly access symbols) sections. Another section,
.dynamic, contains information about other files the linker
needs. The dynamic linker is traditionally an OS component,
Gnu ld.so in Linux. The main (well-known) threats in dynamic
linking from a hostile dynamic linker are symbol or object
hijacking. The auxiliary vector can be tampered with a wrong
It is not apparent that any of these weaknesses provide
an advantage to the adversary in a DRM environment. The
dynamically linked objects are typically public libraries (and
do not contain any intellectual property to be protected). They
publish plenty of information about their symbols and depen-
dencies in ELF to leak significant information on program
structure. We have assumed that information leak from the
linking object (and not necessarily from the linked object) is
to be contained. In such a scenario, all the dynamic linking
control can be left with the OS. The virtual to physical
address mapping still resides with the VM blackbox preventing
information leak from dynamic address sequences. One could
even argue that the linked object dynamic address sequence
revelation is not much of a threat in this model. However,
just to be consistent, we will still leave the virtual to physical
address mapping with the VM blackbox.
If we needed to protect the information about which shared
Traditional OS VM Blackbox DRMAr OS
task task task
process initialization partial process initialization partial process initialization
(initial physical (initial physical page
page assignment) assignment)
(process virtual page
dispersion function selection)
process scheduling process scheduling
dynamic linking partial dynamic linking partial dynamic linking
(load time relocation) (load time relocation)
virtual address virtual address
(page table (page table
(page fault (page fault
(page replacement) (page replacement)
(page block substitution
Here’s what’s next.
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
Gomathisankaran, Mahadevan & Tyagi, Akhilesh. How to Hide Secrets from Operating System: Architecture Level Support for Dynamic Address Trace Obfuscation, report, 2004; (digital.library.unt.edu/ark:/67531/metadc94282/m1/3/: accessed November 17, 2018), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT College of Engineering.