Software vendors, commercial enterprises and government agencies alike are concerned
about the integrity of their applications and the threat of tampering once software
is deployed to less trusted networks or business environments. Tampering with software
applications has been become easier through the availability of reverse engineering
tools, adoption of Microsoft .NET, and increasing hacker expertise. Consider the
following threat scenarios:
-
With minimal effort, a hacker can inject malicious code into an existing software
application, access the password cache and send this information to a hacked server
over the Web.
-
Online and casino-based gaming systems running on a desktop system can be modified
to alter the results and application behavior for financial gain.
-
Supervisory Control and Data Acquisition (SCADA) applications can be modified remotely
to disrupt operation of key infrastructure services.
-
Financial applications deployed to hosting partners contain key protocol information
that if tampered could be used to gain access to customer data.
While no technology can provide absolute tamper-proof security for applications
that reside on non-trusted computing platforms, V.i. Labs provides a solution that
raises the bar substantially in the complexity and expense to do so. V.i. Labs'
anti-tampering solution leverages strong encryption, continuous runtime integrity
checks, and tamper detection and reporting to protect the integrity of deployed
software.
Code Encryption
The V.i. Labs solution uses granular code encryption and Just-In-Time decryption
features to prevent reverse engineering and access to key algorithms. Using CodeArmor
Software Protection, software providers can easily target sensitive routines within
existing application binary files for protection.
Run-Time Integrity Checks
Prior to executing sensitive application functions, the CodeArmor Software Protection
runtime execution monitor verifies the integrity of the functions using cryptographic
hash functions. The execution monitor continously monitors the runtime environment
for threats as well as verifying the application's integrity. The monitor
employs a patented technique to thwart hackers from attaching and using debuggers,
instruction simulators, and virtualization tools that aid attempts to reverse engineer
the application. Integrity verification can extend application and system DLL as
well as device drivers.
If a function is tampered with, the monitor will detect this and perform a set of
responses configured for that particular application (e.g., shut down the application or
create a notification event).
Tamper Detection and Reporting
In addition to software protection, CodeArmor Intelligence can be implemented to
provide transparent tamper detection and reporting functionality within applications.
Organizations can implement the intelligence capability into their software and
configure it to activate notification and reporting based on tamper detection and
other custom threat scenarios. Once activated, the CodeArmor Intelligence system
provides a turnkey system to gather data about the tampering event and other environment
information and report this information back to a gateway server hosted by the organization.
This capability allows software providers to centralize threat detection and reporting
no matter where the applications are deployed.