SBIR-STTR Award

Organizations and companies are now recognizing the importance of security in the life cycle of software development and code maintenance. Several recent studies have shown that the risk of not integrating security into the software life cycle can have highly negative impacts. There are some disparate tools and products currently available to monitor and mitigate the risks, but a comprehensive solution is needed for covering the entire pedigree of the software development and release. Avenda Systems proposes a Software Pedigree Analyzer and Reporter (SPAR) solution to monitor, track, analyze and report pertinent data during various phases of software life cycle including code development, product build, release and patch distribution. The solution works with a distributed set of file servers and source code management and version control systems. It supports multiple hardware and software platforms. Avenda Systems will demonstrate the knowledge and foundation to develop a prototype of tools and methods in Phase-I, deliver a complete solution in Phase-II, and a commercially viable product in Phase-III.

Keywords:
CODE PEDIGREE, CODE INTEGRITY, TAMPERPROOFING, SOFTWARE PROTECTION, SOFTWARE SECURITY, SOURCE CODE MANAGEMENT AND VERSIONING, INFORMATION RIGHTS MANAGEMENT, OPERATING SYSTEMS

The DoD and commercial software companies have made significant investment in software. In the DoD context, these high value applications provide significant technological advantage over our adversaries. It is of paramount importance to protect these applications from reverse engineering, theft or other malicious tampering. We propose a hybridized system called Software Protection and Obfuscation Toolset (SPOT), which provides multiple layers of defense against malicious reverse engineering attacks. The techniques proposed in SPOT provide defenses against both static and dynamic analysis of application binaries. This hybridized approach consisting of code obfuscation, encryption and tamper-proofing will provide an effective deterrent against reverse engineering attacks. Applications protected by the SPOT system can be deployed in hostile environments where the host and the user cannot be trusted. We expect this product to be a major component of the "third leg" to the information assurance triad, namely, the application-centric approach to protecting important DoD software. Our past experience in commercializing SBIR projects, and the experience gained from designing and implementing SPOT will help us to release a commercially viable product in Phase III.

Keywords:
Reverse Engineering, Tamper Proofing, Decompiling, Binary Encryption, Obfuscation, Anti-Debugging, Software Protection