Covert Loading and Execution of Software Protections to Reduce Adversarial Detection
Small Business Information
317 N. Aurora Street, Ithaca, NY, 14850
AbstractA number of software defenses exist that frustrate attempts to examine or tamper with a protected application. However, if an attacker arrives before these defenses are initialized, then they can observe the defenses as they are setup, gaining great insight into how the protections can be subverted. There is a sort of “who came first” game played between the protected application and the attacker. Attackers are unlikely to approach the defenses head-on. A key weak point is during installation and deployment of the defenses. This opening must be prevented. During Phase I, GrammaTech investigated techniques that enhance existing defenses by protecting the loading phase of a sensitive application. Our approach is based on leveraging existing technology in new ways. Specifically, we combine two techniques, VM migration and kernel blending. VM migration boots the sensitive application and its defenses in a trusted environment and only then ships them to the hostile platform. Kernel blending eliminates the boundary between the sensitive application and the operating system, preventing many avenues of attack.
* information listed above is at the time of submission.