Automatically protecting software against "diff" attacks

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8650-04-C-8001
Agency Tracking Number: O2-0243
Amount: $749,494.00
Phase: Phase II
Program: SBIR
Awards Year: 2004
Solicitation Year: 2003
Solicitation Topic Code: OSD03-001
Solicitation Number: 2003.2
Small Business Information
3000 Kent Avenue, Suite D2-100 Purdue Technology C, West Lafayette, IN, 47906
DUNS: 149171303
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: N
Principal Investigator
 John Rice
 (765) 775-1004
Business Contact
 Eric Davis
Title: VP, Services
Phone: (765) 775-1004
Research Institution
Given two closely related pieces of software X and Y, where Y differs from X through a number of small but important (from a security point of view) modifications that were done to Y, the "diff" attack consists of comparing X and Y so as to pinpoint the fragments of code in which they differ. The differences between X and Y could include, among other things, the fact that Y contains credentials-checking mechanisms that were lacking in X, such as password protection, biometrically-based access controls, challenge-response protocol with a remote server, etc. Pinpointing those differences makes it easier for an attacker to defeat the security-related features of Y that the attacker dislikes (not only credentials-checking, but also integrity-checking and other kinds of policy-enforcement that the attacker wishes to circumvent). Re-writing Y from scratch (rather than modifying X) as a means of increasing the apparent differences between X and Y, especially if done using a different programming language, can be an effective way of thwarting this attack, but it is obviously uneconomical. It is therefore important to develop automated tools that process Y so that even the most sophisticated comparisons between X and Y reveal a large "diff set" between them, i.e., X and Y appear to be largely different even though in functionality they are essentially the same. The development of such automated tools and techniques was the main thrust of the Phase I proposal. In Phase II the team will design and develop a suite of software applications and tools, as a platform enabling resistance to "diff" attacks. This suite will include: · An advanced version of the transformation engine developed in Phase I of the project. · A GUI-based "score" application recommender system to assist users in building better protections. · Differential analysis attack tools to evaluate the stealthiness and resilience of the transformations. · A smart patch management system resistant to diff attacks. · Watermarking/Fingerprinting techniques to help trace software applications.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government