You are here

Deobfuscating tools for the validation and verification of tamper-proofed software

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8650-06-M-8080
Agency Tracking Number: O064-NC5-1010
Amount: $100,000.00
Phase: Phase I
Program: STTR
Solicitation Topic Code: OSD06-NC5
Solicitation Number: N/A
Timeline
Solicitation Year: 2006
Award Year: 2006
Award Start Date (Proposal Award Date): 2006-07-28
Award End Date (Contract End Date): 2007-01-28
Small Business Information
6900 Wisconsin Avenue, Suite 706
Chevy Chase, MD 20815
United States
DUNS: 144818379
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 Greg Hoglund
 CEO
 (408) 529-4370
 derrick@hbgary.com
Business Contact
 Robert Slapnik
Title: Vice President
Phone: (301) 652-8885
Email: bob@hbgary.com
Research Institution
 NAVAL POSTGRADUATE SCHOOL
 Chris Eagle
 
1 University Circle
Monterey, CA 93943
United States

 (831) 656-2378
 Domestic Nonprofit Research Organization
Abstract

Tamper-proofed software and malicious binaries, commonly referred to as “malware”, often share similar technological features. Both good and bad guys wish to hinder static and dynamic reverse engineering of their software programs to thwart adversaries from gaining program understanding and to prevent the observation of code behavior. HBGary proposes the Virtual Machine for Analysis (VMA), a full-virtualization machine environment that completely subverts current and upcoming tamper-proofing technologies. Rather than being designed for “typical” virtual execution of applications and operating systems, VMA will be designed with invasive debugging and data collection capabilities specifically for evaluating tamper-proofed software. This proposal details the use of a high-fidelity, highly-controlled emulation environment to create an undetectable, dynamically reconfigurable VMA. The advantage, is that VMA will perform ‘undetectable’ debugging; that is, the system being debugged cannot detect that it is being debugged. Traditional ‘native’ debuggers have trouble debugging such structures because native debuggers rely upon some of these structures being untampered.

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government