Date: Jan 23, 2014 Source: SBIR Success Stories (
click here to go to the source)
Air Force Requirement:
The Air Force's Anti-Tamper-Software Protection Initiative technology office is charged with preventing piracy, alteration, and reverse engineering of critical national security software and data. Recently, there has been an increase in the use of anti-tamper techniques (e.g., obfuscation) in all types of software. Unfortunately, applying anti-tamper techniques is technically challenging, and when applied to large, sophisticated software, there is a danger of introducing subtle bugs, or not introducing sufficient protection.
In order to build tamper-proofed software, the Air Force needed to be able to assess the effectiveness of the protection strength and ensure that additional vulnerabilities would not be inadvertently introduced during the protection process. However, the very techniques that are designed to deter reverse engineering by adversaries also prevent engineers from validating and monitoring those same applications.
SBIR Technology:
Under this SBIR contract, GrammaTech developed innovative solutions for these challenges by creating a tool suite with the ability to bypass or obscure certain defensive features in order to verify and validate tamper-proofed applications. This solution, known as Grace, is a deobfuscation tool that analyzes machine code to check that the program output from a tamper-proofing tool is indeed protected. Grace automatically and systematically generates a test suite for a program that systematically explores possible program executions, using sophisticated static analysis, dynamic analysis, and program monitors to expose bugs and vulnerabilities. In the process, Grace generates a high coverage test suite for the subject program.
Potential Application:
Grace provides the ability to dynamically monitor execution of arbitrary x86 programs, capture the execution traces, and logically encode the semantics of collected traces. Grace also provides a way to assess the effectiveness of software protection strength and ensure that additional vulnerabilities are not inadvertently introduced during the protection process.
Furthermore, the tool provides an infrastructure for supplying models of library functions and system calls, which allows users to curb the exploration of system code and improve the efficiency of the analysis. This enables engineers to perform verification and validation of protected software with minimal setup or accompanying test artifacts, which directly reduces the verification costs of critical tamper-proofed applications.
Company Impact:
"Our primary motivation for developing Grace was to increase the effectiveness of software testing," said GrammaTech associate vice president of technology, David Cok. "Grace's ability to generate test cases for any binary, not just for protected applications, opens up a very large market in the private sector." GrammaTech expects to release Grace as a stand-alone tool along with other anti-tamper products derived from this research. Additionally, the firm is planning the release of a stand-alone tool for automatic test-case generation. The success of this Air Force SBIR effort led to follow on work on Preventing Exploits Against Software Of Uncertain Provenance (PEASOUP). PEASOUP is a $13.8M joint effort with the University of Virginia, the Georgia Institute of Technology, and Raytheon. It applies Grace and related technologies to the task of assuring that software of unknown or uncertain origin performs no malicious actions.
