The intellectual property (IP) contained in high value software applications makes them
a prime target for miscreants who want to lift the code and sell it to the highest
bidder or distribute it on the Web for notoriety. As software vendors
and equipment manufacturers extend their markets into foreign countries where IP enforcement
is lax, the problem of code theft only increases. While there are technologies available to
protect the way computers process and store sensitive and classified data, they don’t
prevent hackers from lifting the IP contained in the algorithms themselves. Using a variety
of freely available tools (i.e., debuggers, instruction simulators, disassemblers) and
techniques, hackers can easily reverse engineer applications to get what they want.
While no technology can guarantee 100% security for applications, it is possible
to make the process of reverse engineering so expensive, time consuming, and difficult
that attackers are deterred from even attempting it. V.i. Labs' application security
solutions embed strong encryption and an active monitoring process within a software
application to protect the operation of software code and algorithms. Because security
is embedded within the software application itself, the application is hardened
to protect against tampering, misuse and theft wherever it is distributed. Our solution
does this without requiring code modifications or design process changes so that
organizations can quickly and easily secure software applications at any point after
they're developed.
Key solution features and benefits:
Strong Granular Encryption
The V.i. Labs solution uses strong encryption and function level protection to prevent
reverse engineering. The solution automatically parses the executable file (
including .exe and .dll) identifying individual functions to encrypt. At run-time
the solution ensures that only a subset of the application's functions are
ever decrypted in memory and, once executed, the application functions are returned
to their encrypted state.
Protection without Source Code Changes
Unlike other software protection approaches, our solution easily applies protection to
pre-compiled executable files. This allows organizations and vendors to apply
comprehensive protection to existing applications without impacting their software
development lifecycle.
Application and Security Extensions
To increase the level of application protection, organizations and software vendors
can leverage available application and security extensions to require additional
user and application authentication or to retrieve encryption keys from an external
key server or hardware device. Because the extensions are attached to the pre-compiled
application files during the protection process, there is no need to modify the original
application source code or impact the product development cycle.
Active Monitoring and Response
CodeArmor attaches a Secure Execution Monitor to the application during the protection
process. This component transparently checks and monitors the computing environment at
run-time. The monitor employs a patent pending technique to thwart hackers from
attaching and using debuggers, instruction simulators, and virtualization tools to
aid attempts to reverse engineer the application. In addition, the V.i. Labs solution
can respond to hacking attempts in a variety of ways, by notifying a user, logging
the event, or halting the executable.