State-of-the-art software protection and anti-tamper systems move critical software and data out-of-band to the adversary, by using a hypervisor or on secure hardware. Unfortunately, the systems running this software are built using untrusted commercial-off-the-shelf (COTS) parts. Supply chain threats to critical components, such as hardware or firmware Trojans, have invalidated the assumption that we can move our critical software and data completely out-of-band to the adversary, since the hardware components on which the software ultimately executes is untrusted. As a result, one must re-think the fundamental approach to building software protection and anti-tamper systems. Siege Technologies proposes a methodology and system to address these concerns on a COTS system, or a system composed of COTS parts. Our solution is specifically designed to augment existing software protection mechanisms, shielding them from attack by malicious hardware alterations. The research and systems design conducted in Phase I will shed new light on the problem space and establish new protection capabilities that guard against this threat and enable the system to run protected code in the presence of potentially compromised hardware.
Keywords: Software Protection, Hardware Trojan, Firmware Torjan, Malicious Hardware, Hardware Supply Chain