Virtual Machine-based Fingerprinting Schemes

Moritz Contag

9. GI FG SIDAR Gra­du­ier­ten-Work­shop über Re­ak­ti­ve Si­cher­heit (SPRING), 2014


Fingerprinting describes the process of embedding an unique identifier into an object, enabling the fingerprinting party to track the object by extracting the fingerprint mark later. Shipping fingerprinted software offers a wide range of possibilities. A practical example is the tracking of stolen software. However, most proposed fingerprinting schemes lack resilience and the embedded marks are easily distorted or completely removed. For example, the first known scheme embeds fingerprint marks in the order of basic blocks of a function. This approach has been patented by Microsoft in 1994. Unfortunately, said scheme is prone to subsequent application which destroys the embedded mark.

In order to counteract these drawbacks, we suggest to combine known fingerprinting schemes with Virtual Machines (VM for short). In the last few years, these structures gained increasing popularity and are nowadays applied in countless software protection solutions in order to obfuscate the underlying code. Generally speaking, the basic idea is the translation of code in a known architecture to a custom one. This method has been proven to be non-trivial to circumvent in a general manner.

tags: fingerprinting, Virtual Machines