Purdue marshals new approach to protect software

Hackers who try to use or copy software illegally may soon find a sticky web waiting to trap them.

It’s not the World Wide Web. Instead, it’s a new approach under development at Purdue University designed to protect software. By placing a linked brigade of hundreds of tiny “guards” at different points within software code, computer scientists have made it far more difficult for hackers to use software without permission from the vendor.

“Merely cracking a single password won’t do it anymore,” said Mikhail (Mike) Atallah, professor of computer science at Purdue. “We are distributing security measures throughout the software. It is no longer enough to hack past one point; the guards will notice what you’ve done and prevent you from using the program.”

Atallah, who leads the research team that came up with this new approach, co-authored a paper on the results with Purdue graduate student Hoi Chang. Chang presented their ideas at the Association for Computing Machinery (ACM) workshop on Security and Privacy in Digital Rights Management, SPDRM 2001.

Atallah has since helped found the startup venture Arxan Technologies Inc. to develop the protection measures for market. The company hopes to have a finished product available by this fall.

“We are encouraged by our test results so far,” Atallah said. “We have been able to add custom levels of security to software without significantly decreasing its speed or increasing the time it takes to download over the Internet.”

Traditional software protection measures typically demand that a user enter a password supplied by the vendor at the time of purchase. But it has proven all too easy for hackers to get past a single security checkpoint, after which they can use a program for free and copy it as often as they wish.

“The old way is a lot like having a single guard at the bank,” Atallah said. “Neutralize him, and the vault is yours.”

The innovation of Atallah’s team lies in connecting the security measures with the software’s operation, making the two inextricable. This effectively multiplies the number of guards to dozens or hundreds, and makes it impossible for a hacker to neutralize one guard without the rest noticing.

“These measures will deter software piracy for a simple reason – it will become too much of a hassle for a hacker to find and disable all the guards,” Atallah said. “And we have additional strategies to compound the effectiveness of our approach.”

One such strategy involves adding 100 guards to a piece of software, but only having 10 of them actively on the job at a given moment; their membership changes constantly and in secret. Keeping most of the guards “sidelined” in this fashion is one way Atallah keeps programs functioning fast, even after the guards are added.

“Security measures like ours must be added to existing software,” Atallah said. “Historically, this has meant two things in practice: The modified software takes up more memory in your computer, and it runs more slowly. Our approach sidesteps both of those problems by spreading the additional code out in tiny pieces throughout the software. So far, it has caused very little reduction in speed.”

Arxan is currently testing the security measures on Windows systems in several corporate environments. The system can easily be modified for other operating systems, and the company plans to market versions for Mac and Linux systems as well. Arxan has licensed the technology from Purdue based on several patent applications.

The company is based in Purdue’s Research Park, which currently encompasses 619 acres about two miles north of Purdue University’s West Lafayette campus. Almost 150 acres have been developed with approximately 1 million square feet owned or leased by more than 100 companies. More than 40 of these companies are growing within the research park’s high-tech incubation complex, which is the largest university-affiliated business incubator in the country. Many of these ventures are developing Purdue-licensed technologies.

Initial funding for the research was provided by Purdue’s Center for Education and Research in Information Assurance and Security (CERIAS).

Writer: Chad Boutin, (765) 494-2081, cboutin@purdue.edu

Sources: Mike Atallah, (765) 494-6017, mja@cs.purdue.edu

Donna Jeker, (917) 415-0837, djeker@ix.netcom.com

Purdue News Service: (765) 494-2096; purduenews@purdue.edu

Media Contact

Chad Boutin EurekAlert!

Alle Nachrichten aus der Kategorie: Information Technology

Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.

This area covers topics such as IT services, IT architectures, IT management and telecommunications.

Zurück zur Startseite

Kommentare (0)

Schreib Kommentar

Neueste Beiträge

Cyanobacteria: Small Candidates …

… as Great Hopes for Medicine and Biotechnology In the coming years, scientists at the Chair of Technical Biochemistry at TU Dresden will work on the genomic investigation of previously…

Do the twist: Making two-dimensional quantum materials using curved surfaces

Scientists at the University of Wisconsin-Madison have discovered a way to control the growth of twisting, microscopic spirals of materials just one atom thick. The continuously twisting stacks of two-dimensional…

Big-hearted corvids

Social life as a driving factor of birds’ generosity. Ravens, crows, magpies and their relatives are known for their exceptional intelligence, which allows them to solve complex problems, use tools…

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close