SBIR-STTR Award

As the dependence on more complex and powerful software constantly grows, so does the need to protect that software from tampering and reverse engineering. The software security industry is locked in a constant arms race between reverse engineers and security engineers. Therefore, security engineers must meet the challenge of staying one step ahead of the attacker by developing technologies that defeat the efforts of available reverse engineering tools. A recent development in the effort to thwart reverse engineering is the use of virtual machines in software protection mechanisms; this technique has proven to be quite effective in protecting secrets in applications. Attempting to reverse engineer the protected code requires first reverse engineering the virtual machine used. Unfortunately, the use of virtualization incurs a hefty penalty on execution speed, with the performance of the protected application reduced by orders of magnitude. This document proposes a solution to create a virtual machine protection technology that will greatly improve performance of the protection and increase the difficulty of reverse engineering the protection. This will be accomplished through taking advantage of our existing state-of-the-art static and dynamic analysis tools to automatically craft a unique virtual machine architecture for each application protected.

Keywords:
Virtual Machine, Static Analysis, Dynamic Analysis, Reverse Engineering, Instruction Set Architecture

Software continues to grow more complex over time, and our reliance on software continues to grow. As such, security engineers are under more pressure to protect the secrets held in software than ever. A popular technique used by security engineers to protect their applications is to use in-process virtual machines to force the attacker to understand and reverse engineer undocumented instruction sets before attacking the application itself. This has been successful in increasing the skill set, time, and resources necessary to reverse engineer these applications, but this protection incurs a high performance penalty - often orders of magnitude slower performance than the unprotected application. This renders many applications unsuitable to this type of protection. What is needed is a software protection framework that provides all the advantages of in-process virtual machines while still operating efficiently. This document proposes continued development of the proof-of-concept software protection framework presented in Phase I that has shown that software protected with our novel virtual machine technologies can operate at 10 percent of the efficiency of the original application while still providing significant protection. The document describes the effort required to build a robust and extendable framework based on this research.

Keywords:
Software Protection, Virtual Machine, Predictive Performance, Dynamic Analysis