Dissimulation: A Defense Against Differential Software Analysis

Period of Performance: 05/16/2003 - 02/28/2004

$100K

Phase 1 SBIR

Recipient Firm

Architecture Technology Corp.
9971 Valley View Road Array
Eden Prairie, MN 55344
Principal Investigator

Abstract

Adding protection to fielded software provides an attacker with a point of leverage: By comparing the original code (or executable) with the updated version, an attacker may be able to locate the "protective" modifications and thereby defeat them-even if those modifications succeed in preventing an attacker from reverse-engineering the code. ATC-NY will design and develop tools, called dissimulators, that defend against such attacks. The goal of dissimulation is to make semantically equivalent executions look superficially different (or different executions look superficially the same). As a result, it becomes difficult for automated tools to detect and distinguish those differences that are meaningful. ATC-NY's Dissimulator Tool Suite (DTS) will limit the usefulness of common algorithms that are likely to be the basis of such differential attacks-for example, algorithms that find the least common subsequence of two sequences. Obstructing these algorithms provides some protection against unanticipated attacks. Even if effective forms of protection are developed, differential attacks can nullify them. A defense against differential attacks provides enabling technology for adding protection to the existing military and commercial software base, or for upgrading protections that have been compromised. ATC-NY's Dissimulator Tool Suite will be useful for a variety of applications and will operate on standard computer systems. DTS will also provide defense against differential attack at a lower cost than techniques (such as recoding) that are currently available. We will also work to minimize performance degradation of the application software