Authors:
Erik Sonnleitner
;
Marc Kurz
and
Alexander Palmanshofer
Affiliation:
Department for Mobility & Energy, University of Applied Sciences Upper Austria, Campus Hagenberg and Austria
Keyword(s):
Code Security, Credential Storage, Steganography, Information Hiding.
Related
Ontology
Subjects/Areas/Topics:
Data Engineering
;
Data Management and Quality
;
Digital Rights Management
;
Information and Systems Security
;
Information Assurance
;
Information Hiding
;
Security in Information Systems
;
Security Information Systems Architecture and Design and Security Patterns
;
Software Security
Abstract:
A common problem in software development is how to handle sensitive information required for appropriate process execution, especially when requesting user input like passwords or -phrases for proper encryption is not applicable due to I/O, UI or UX limitations. This often leads to such information being either stored directly in the source code of the application, or as plaintext in a separate file. We therefore propose an experimental scheme for dynamically recovering arbitrary chunks of information based on the integrity of the text-segment of a running process, without the information being easily extractible from either an on-disk binary, memory dump or the memory map of a running process. Implementing an algorithm we call offset vectoring, this method can help dealing with sensitive information and enhancing the resistance against attacks which aim at extracting such data as well as attempts towards modifying an application, e.g. for the purposes of cracking software.