Automatically protecting software against "diff" attacks

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$375,000.00
Award Year:
2004
Program:
SBIR
Phase:
Phase II
Contract:
FA8650-04-C-8001
Agency Tracking Number:
O2-0243
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
ARXAN TECHNOLOGIES, INC.
3000 Kent Avenue, Suite D2-100 Purdue Technology C, West Lafayette, IN, 47906
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
N
Duns:
149171303
Principal Investigator:
John Rice
Scientist
(765) 775-1004
jrice@arxan.com
Business Contact:
Eric Davis
VP, Services
(765) 775-1004
edavis@arxan.com
Research Institution:
n/a
Abstract
Given two closely related pieces of software X and Y, where Y differs from X through a number of small but important (from a security point of view) modifications that were done to Y, the "diff" attack consists of comparing X and Y so as to pinpoint the fragments of code in which they differ. The differences between X and Y could include, among other things, the fact that Y contains credentials-checking mechanisms that were lacking in X, such as password protection, biometrically-based access controls, challenge-response protocol with a remote server, etc. Pinpointing those differences makes it easier for an attacker to defeat the security-related features of Y that the attacker dislikes (not only credentials-checking, but also integrity-checking and other kinds of policy-enforcement that the attacker wishes to circumvent). Re-writing Y from scratch (rather than modifying X) as a means of increasing the apparent differences between X and Y, especially if done using a different programming language, can be an effective way of thwarting this attack, but it is obviously uneconomical. It is therefore important to develop automated tools that process Y so that even the most sophisticated comparisons between X and Y reveal a large "diff set" between them, i.e., X and Y appear to be largely different even though in functionality they are essentially the same. The development of such automated tools and techniques was the main thrust of the Phase I proposal. In Phase II the team will design and develop a suite of software applications and tools, as a platform enabling resistance to "diff" attacks. This suite will include: ¿ An advanced version of the transformation engine developed in Phase I of the project. ¿ A GUI-based "score" application recommender system to assist users in building better protections. ¿ Differential analysis attack tools to evaluate the stealthiness and resilience of the transformations. ¿ A smart patch management system resistant to diff attacks. ¿ Watermarking/Fingerprinting techniques to help trace software applications.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government