Preventing Reverse Engineering with a Random Obfuscating Compiler (ROC)

Award Information
Department of Defense
Office of the Secretary of Defense
Award Year:
Phase I
Agency Tracking Number:
Solicitation Year:
Solicitation Topic Code:
Solicitation Number:
Small Business Information
127 Washington St., Belmont, MA, 02478
Hubzone Owned:
Minority Owned:
Woman Owned:
Principal Investigator:
Fred Hewitt Smith
Director of Research
(617) 489-7304
Business Contact:
Cynthia Smith
(617) 489-7304
Research Institution:
We propose to build a Random Obfuscating Compiler (ROC), a tool and a process for systematic research and testing of strategies for protecting software from reverse engineering using differential analysis. The US is at war. Our enemies will strive toreverse engineer valuable legacy software ,in order to eliminate US strategic technological advantages, and sabotage critical system performance. We think the ROC is feasible now. Our investigators, Fred Smith, PI, and Benjamin Smith are experienceddevelopers who have already produced somewhat similar software. They have been developing cyber security technologies which are crucial to countering reverse engineering for the past six years. Fred Smith has expertise in assembler, which is required tomanipulate compiled executables and provides unique strategies for defeating differential analysis. The ROC will obfuscate executables and libraries given only the information in the binaries themselves. This technique can be inexpensively and rapidlyapplied to a large body of legacy software. The ROC will test strategies for detecting debuggers, disassemblers, falsified operating environments, protecting files and memory and obfuscating executables. ROC test results, a UML documented design, and aPhase I prototype will provide a basis for Phase II research on an integrated secure software processing system. The anticipated benefits for DoD are:¿ Test results comparing efficacy of various reverse engineering strategies¿ Testing of strategies for countering differential analysis of software applicaionts;¿ At least one method of rapidly and inexpensively protecting legacy software from reverse engineering by obfuscating executables¿ Development of techniques to detect hostile reverse engineering applications such as debuggers and disassemblers¿ A method for automatically obfuscating executables, libraries, and other binaries¿ Development of techniques to detect hostile reverse engineering applications such as debuggers and disassemblers¿ Multiple, overlapping layers of security for critical software applications¿ Defense against reverse engineering techniques that we think are presently only theoretical but are feasible¿ Defeat side channel attacks¿ Methods of authenticating network nodes used for HPC computing¿ Capacity to prevent reverse engineering of an obfuscated executable¿ Development of random confusion technologyPotential commercial applications include:¿ Army, Navy, and Air Force, all of which are developing new combat information systems which require protection from reverse engineering¿ NASA¿ A ROC for securities firms and banks which have an obligation to protect client information from disclosure and lots of legacy software they would like to protect without rewriting¿ A ROC for software companies to use against industrial espionage

* information listed above is at the time of submission.

Agency Micro-sites

SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government