Binding software to specific native hardware in a VM environment: the puf challenge and opportunity.

There are many practical situations in which, by policy, software is supposed to run on a specific hardware instance. This is not only useful to combat piracy, but also in national security situations, such as a battlefield loss of critical technology, where it is paramount that an enemy be unable to rehost the system on a different set of (possibly counterfeit) hardware. To achieve this binding, software vendors use techniques that can easily be foiled through virtualization: Whatever the software expected from the legitimate hardware, can instead be provided by a virtualization layer to fool the software into believing it is running on legitimate hardware. The recently demonstrated feasibility of physically unclonable functions (PUFs) make this attack somewhat harder, in that it is no longer possible to simulate the presence of the hardware in software. If PUF technology is used, carrying out this attack would require modification of the internals of the software to be fooled, a harder task but still possible with moderate effort. We present a way of using PUFs in a manner that makes it significantly harder for the attacker to carry out the attack. We also review the challenges and opportunities for virtualization that PUFs bring.