In a typical client-server scenario, a server provides valuable services to client applications that run remotely on untrusted client computers. Typical examples are video on demand, online games, voice-over-IP communications, and many others. However, client-side users often hold administrative privileges on their machines and could tamper with the client application to fulfill the service in violation of the service usage conditions or service agreements. Guaranteeing client-code security is one of the most difficult security problem to address. It’s an instance of the malicious host problem, where an adversary in control of the client's host environment tries to tamper with the client code. The authors present CodeBender, a tool that implements a novel client replacement strategy to counter the malicious host problem. The client code has limited validity and, when it expires, the server provides a new client that replaces the former one. The reverse-engineering efforts of adversaries are deterred by the complexity of analyzing frequently changing, always different (orthogonal) program code.
Link to the paper.