Software vendors, commercial enterprises and government agencies alike are seriously
concerned about the ongoing threat of software tampering. And with good reason.
The abundance of software hacking tools available today makes it all too easy for
a malicious user to tamper with, modify and then re-introduce an application into
a network or the Web with serious consequences. Consider the following:
-
With minimal effort, a hacker can inject malicious code into a local user's software
application, access his password cache and send this information to a hacked server
over the Web.
-
In a corporate environment, a disgruntled employee can modify an application offline
and then reintroduce it to the corporate network with the enhanced ability to capture
confidential corporate data.
-
At the U.S. Department of Defense (DoD), agencies are continuously working to prevent
the unapproved transfer of sensitive technology and alteration of defense system
capabilities, and to develop effective countermeasures that deter attacks from hostile
groups and countries. DoD 5000.2 and DoD 5200.39 directives already require program
managers to conduct ongoing reviews and recommend anti-tampering technologies for
new system acquisitions.
While no technology can guarantee 100% tamper-proof security for applications that
reside on non-trusted computing platforms, it is possible to raise the bar substantially.
V.i. Labs' anti-tampering solution leverages strong encryption to protect the operation
of software code and algorithms within a software application. The application is
hardened to automatically protect against tampering, misuse and theft. It does this
without requiring code modifications or software design process changes so that
IT professionals can quickly and easily secure software applications at any point
after they're developed. V.i. Labs' technology approach discourages tampering and
reverse-engineering by making these efforts so time-consuming and expensive that,
even if successful, a critical application will have been replaced by its next-generation
version.
Key solution features and benefits:
Strong Granular Encryption
The V.i. Labs solution uses strong encryption and function level protection to prevent
reverse engineering. The solution automatically parses the executable file ( including
.exe and .dll) identifying individual functions to encrypt. At run-time the solution
ensures that only a subset of the application's functions are ever decrypted in
memory and, once executed, the application functions are returned to their encrypted
state.
Run-Time Tamper Prevention
Our solution can encrypt and decrypt individual functions as well as determine the
integrity of those functions prior to executing the software. A unique digest is
created for each protected function when the application is first protected. These
digests are managed by the V.i. Labs Secure Execution Monitor attached to the protected
application. If a function is tampered with at run time, the monitor will detect
this and perform a set of responses configured for that particular application (i.e.,
shut down the application, create a notification event, or self heal).
Self-Healing
If a malicious user tampers with a function at run-time, the V.i. Labs solution
will detect this and replaced the tampered function with the original software.
This ensures the availability of mission critical software without impacting end
users.
Active Monitoring and Response
During the protection process a Secure Execution Monitor is attached to the application.
This component transparently checks and monitors the application environment at
run-time as well as manages decryption and re-encryption of the applications functions.
The monitor employs a patent-pending technique to thwart hackers from attaching
and using debuggers, instruction simulators, and virtualization tools that aid attempts
to reverse engineer the application. In addition, the V.i. Labs solution can respond
to hacking attempts in a variety of ways such as notifying a user, logging the event,
or halting the executable.