Covert Loading and Execution of Software Protections to Reduce Adversarial Detection

Period of Performance: 06/20/2008 - 12/20/2008

$100K

Phase 1 SBIR

Recipient Firm

Pikewerks Corp.
105 A Church Street
Madison, AL 35758
Principal Investigator

Abstract

Pikewerks proposes to research and develop methods to securely load and execute sensitive software modules in a covert manner that cannot easily be defeated by even the most dedicated adversaries. The mechanisms developed will enhance software protection systems by making them more robust against reverse-engineering efforts. Software loading approaches can be divided into pre-boot and post-boot mechanisms. Pre-boot approaches typically include BIOS or boot sector modifications. Post-boot approaches typically include the use of documented OS, user, and kernel driver loading mechanisms as well as undocumented methods such as the exploitation of unpublished vulnerabilities. Pikewerks will focus on pre-boot methods of software loading and covert execution. Research will focus on several different methods of covert software execution, and a prototype will be generated that demonstrates the feasibility of covert loading using either the best method or combination of methods discovered during the research.