Automatically protecting software against "diff" attacks

Award Information
Agency:
Department of Defense
Branch
Office of the Secretary of Defense
Amount:
$0.00
Award Year:
2004
Program:
SBIR
Phase:
Phase I
Contract:
FA8650-04-C-8001
Award Id:
71881
Agency Tracking Number:
O2-0243
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
3000 Kent Avenue, Suite D2-100 Purdue Technology C, West Lafayette, IN, 47906
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
149171303
Principal Investigator:
JohnRice
Scientist
(765) 775-1004
jrice@arxan.com
Business Contact:
EricDavis
VP, Services
(765) 775-1004
edavis@arxan.com
Research Institute:
n/a
Abstract
Given two closely related pieces of software X and Y, where Y differs from X through a number of small but important (from a security point of view) modifications that were done to Y, the "diff" attack consists of comparing X and Y so as to pinpoint the fragments of code in which they differ. The differences between X and Y could include, among other things, the fact that Y contains credentials-checking mechanisms that were lacking in X, such as password protection, biometrically-based access controls, challenge-response protocol with a remote server, etc. Pinpointing those differences makes it easier for an attacker to defeat the security-related features of Y that the attacker dislikes (not only credentials-checking, but also integrity-checking and other kinds of policy-enforcement that the attacker wishes to circumvent). Re-writing Y from scratch (rather than modifying X) as a means of increasing the apparent differences between X and Y, especially if done using a different programming language, can be an effective way of thwarting this attack, but it is obviously uneconomical. It is therefore important to develop automated tools that process Y so that even the most sophisticated comparisons between X and Y reveal a large "diff set" between them, i.e., X and Y appear to be largely different even though in functionality they are essentially the same. The development of such automated tools and techniques was the main thrust of the Phase I proposal. In Phase II the team will design and develop a suite of software applications and tools, as a platform enabling resistance to "diff" attacks. This suite will include: ¿ An advanced version of the transformation engine developed in Phase I of the project. ¿ A GUI-based "score" application recommender system to assist users in building better protections. ¿ Differential analysis attack tools to evaluate the stealthiness and resilience of the transformations. ¿ A smart patch management system resistant to diff attacks. ¿ Watermarking/Fingerprinting techniques to help trace software applications.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government