TSPI: Transparent Software Protection Infrastructure

Period of Performance: 05/16/2003 - 02/28/2004

$100K

Phase 1 SBIR

Recipient Firm

Architecture Technology Corp.
9971 Valley View Road Array
Eden Prairie, MN 55344
Principal Investigator

Abstract

Software theft causes tremendous financial losses to software companies. Theft of trade secrets and critical national security information embedded in software can lead to further financial losses or even jeopardize national security. Various techniques have been developed to protect software after its release. However, hackers can break in and steal software directly from the development site. To protect against such losses, ATC-NY proposes to develop a Transparent Software Protection Infrastructure (TSPI) for protecting software under development. A Protected File System stores the code in encrypted form to protect it from unauthorized access. TSPI enables developers to access the encrypted code using normal development system interfaces, but will prevent developers from making ill-advised shortcuts and mistakes that could inadvertently expose the source code to thieves. A strong emphasis on usability will ensure that developers are not hampered in their work. To minimize unnecessary access to protected code, TSPI will incorporate a fine-grained access control mechanism, reflecting the software development workflow. It will also provide checks on external code being added to the protected environment, as well as the ability to release completed code in a controlled manner. TSPI will sharply reduce the risk that software will be stolen from the development environment. It will encrypt software to ensure that thieves who break into the development system cannot steal it. It will prevent developers from inadvertently exposing the software to potential thieves. By logging developer activities, it will provide strong incentives for developers to follow software protection policies. Our wrapper approach to implementation will enable TSPI to be quickly adapted to multiple development environments. Thus, developers will not have to abandon their current environment in order to gain TSPI's advantages. Further, maintenance is expected to be minimal, since TSPI does not depend on the development system, but on its use of the underlying platform.