Preventing Reverse Engineering with a Random Obfuscating Compiler (ROC)

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: F33615-03-M-1506
Agency Tracking Number: O031-0016
Amount: $99,919.00
Phase: Phase I
Program: SBIR
Awards Year: 2003
Solicitation Year: N/A
Solicitation Topic Code: N/A
Solicitation Number: N/A
Small Business Information
127 Washington St., Belmont, MA, 02478
DUNS: 825247062
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 Fred Hewitt Smith
 Director of Research
 (617) 489-7304
Business Contact
 Cynthia Smith
Title: President
Phone: (617) 489-7304
Research Institution
We propose to build a Random Obfuscating Compiler (ROC), a tool and a process for systematic research and testing of strategies for protecting software from reverse engineering using differential analysis. The US is at war. Our enemies will strive toreverse engineer valuable legacy software ,in order to eliminate US strategic technological advantages, and sabotage critical system performance. We think the ROC is feasible now. Our investigators, Fred Smith, PI, and Benjamin Smith are experienceddevelopers who have already produced somewhat similar software. They have been developing cyber security technologies which are crucial to countering reverse engineering for the past six years. Fred Smith has expertise in assembler, which is required tomanipulate compiled executables and provides unique strategies for defeating differential analysis. The ROC will obfuscate executables and libraries given only the information in the binaries themselves. This technique can be inexpensively and rapidlyapplied to a large body of legacy software. The ROC will test strategies for detecting debuggers, disassemblers, falsified operating environments, protecting files and memory and obfuscating executables. ROC test results, a UML documented design, and aPhase I prototype will provide a basis for Phase II research on an integrated secure software processing system. The anticipated benefits for DoD are:¿ Test results comparing efficacy of various reverse engineering strategies¿ Testing of strategies for countering differential analysis of software applicaionts;¿ At least one method of rapidly and inexpensively protecting legacy software from reverse engineering by obfuscating executables¿ Development of techniques to detect hostile reverse engineering applications such as debuggers and disassemblers¿ A method for automatically obfuscating executables, libraries, and other binaries¿ Development of techniques to detect hostile reverse engineering applications such as debuggers and disassemblers¿ Multiple, overlapping layers of security for critical software applications¿ Defense against reverse engineering techniques that we think are presently only theoretical but are feasible¿ Defeat side channel attacks¿ Methods of authenticating network nodes used for HPC computing¿ Capacity to prevent reverse engineering of an obfuscated executable¿ Development of random confusion technologyPotential commercial applications include:¿ Army, Navy, and Air Force, all of which are developing new combat information systems which require protection from reverse engineering¿ NASA¿ A ROC for securities firms and banks which have an obligation to protect client information from disclosure and lots of legacy software they would like to protect without rewriting¿ A ROC for software companies to use against industrial espionage

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government