You are here

Anti-Exploitation Software Protection Systems


TECHNOLOGY AREAS: Information Systems

OBJECTIVE:  Develop software protection systems that are difficult to exploit once an adversary gains entry.

DESCRIPTION:  State-of-the-art software protection and anti-tamper systems are built based upon three basic tenets: (1) reduce system susceptibilities, (2) move critical information out-of-band to the attacker, and (2) reduce the effectiveness of our adversaries’ capabilities through detection, response and adaptive mechanisms [1].  For the most part, however, computer, sensor, and weapons systems are built using untrusted commercial-off-the-shelf (COTS) parts.  Supply chain threats to critical components, such as hardware or firmware Trojans, have invalidated the assumption that we can move our critical software and data “out-of-band” to the adversary, such as in a hypervisor or on “secure” hardware, since the hardware components on which the software ultimately executes is untrusted [2].  Detection techniques currently being researched to address this class of threat, while important and useful, only reduce the likelihood of exploitation, not eliminate it; and it is only a matter of time before those measures fail.  In short, the concept of keeping an adversary outside of a protected volume, layer, or device has been completely eroded by supply chain threats.  As a result, one must take a long-term strategic view and assume in designing protection systems that an unknown subset of the system on which that software executes (e.g., an integrated circuit, printed circuit board, or subsystem) will eventually be compromised. 

While novel techniques have been proposed for mitigating low-level persistent threats, such as firmware and hardware Trojans in COTS hard disk drives and other peripherals in desktop systems, the typical attack surface of a computer or weapon system is so large that these approaches and concepts, even if successfully applied to these devices, will not scale to protect the entire system.  One must, therefore, re-think the fundamental approach to building software protection and anti-tamper systems.  The goal of this topic is to maintain mission assurance and the protection of the critical intellectual property in the event a subset of the system is exploited (e.g., due to supply chain compromise).

Desired architectural attributes of the protection system include, but are not limited to, dynamic/maneuverable protections that force the adversary to exploit a moving target; systems that distributed/fractionate [3] the critical information being protected and force the adversary to attack multiple nodes simultaneously to avoid attack mitigation; redundant systems that maintain mission assurance even in the presence of a subset of compromised and exploited end-nodes; heterogeneous systems that force the development of multiple attack delivery methods and payloads; metamorphism that changes the perceived operational environment and targeted vulnerabilities, and disruptive techniques that break command and control of malicious agents to prevent exploitation.

PHASE I:  1) Design and architect a software protection system containing one or more of the above-mentioned attributes.  Development of a minimal prototype to demonstrate feasibility would be beneficial, but is not required provided sufficient design documentation is made available. 2) Develop metrics and a strategy for measuring the effectiveness of the proposed approach.  3) Produce a detailed research report outlining the design and architecture of the system, as well as the advantages and disadvantages of the proposed approach.

PHASE II: 1) Based on the results from Phase I, design and implement a fully functioning prototype solution.  2) Provide test and evaluation results that demonstrate the effectiveness of the overall system.  3) Develop a final report completely describing the design and architecture.

PHASE III DUAL-USE APPLICATIONS:  The technology developed under this research topic will maintain mission assurance in the presence of compromised end-nodes and exploited subsystems. DoD applications that will benefit from this technology include a wide range of embedded, sensor, navigation, avionics, and communication systems.   Commercial applications include financial, communication, and SCADA systems.  As a result, this technology is vital for both the DoD and commercial organizations.

US Flag An Official Website of the United States Government