Purdue marshals new approach to protect software
Hackers who try to use or copy software illegally may soon find a sticky web waiting to trap them.
Its not the World Wide Web. Instead, its a new approach under development at Purdue University designed to protect software. By placing a linked brigade of hundreds of tiny “guards” at different points within software code, computer scientists have made it far more difficult for hackers to use software without permission from the vendor.
“Merely cracking a single password wont do it anymore,” said Mikhail (Mike) Atallah, professor of computer science at Purdue. “We are distributing security measures throughout the software. It is no longer enough to hack past one point; the guards will notice what youve done and prevent you from using the program.”
Atallah, who leads the research team that came up with this new approach, co-authored a paper on the results with Purdue graduate student Hoi Chang. Chang presented their ideas at the Association for Computing Machinery (ACM) workshop on Security and Privacy in Digital Rights Management, SPDRM 2001.
Atallah has since helped found the startup venture Arxan Technologies Inc. to develop the protection measures for market. The company hopes to have a finished product available by this fall.
“We are encouraged by our test results so far,” Atallah said. “We have been able to add custom levels of security to software without significantly decreasing its speed or increasing the time it takes to download over the Internet.”
Traditional software protection measures typically demand that a user enter a password supplied by the vendor at the time of purchase. But it has proven all too easy for hackers to get past a single security checkpoint, after which they can use a program for free and copy it as often as they wish.
“The old way is a lot like having a single guard at the bank,” Atallah said. “Neutralize him, and the vault is yours.”
The innovation of Atallahs team lies in connecting the security measures with the softwares operation, making the two inextricable. This effectively multiplies the number of guards to dozens or hundreds, and makes it impossible for a hacker to neutralize one guard without the rest noticing.
“These measures will deter software piracy for a simple reason – it will become too much of a hassle for a hacker to find and disable all the guards,” Atallah said. “And we have additional strategies to compound the effectiveness of our approach.”
One such strategy involves adding 100 guards to a piece of software, but only having 10 of them actively on the job at a given moment; their membership changes constantly and in secret. Keeping most of the guards “sidelined” in this fashion is one way Atallah keeps programs functioning fast, even after the guards are added.
“Security measures like ours must be added to existing software,” Atallah said. “Historically, this has meant two things in practice: The modified software takes up more memory in your computer, and it runs more slowly. Our approach sidesteps both of those problems by spreading the additional code out in tiny pieces throughout the software. So far, it has caused very little reduction in speed.”
Arxan is currently testing the security measures on Windows systems in several corporate environments. The system can easily be modified for other operating systems, and the company plans to market versions for Mac and Linux systems as well. Arxan has licensed the technology from Purdue based on several patent applications.
The company is based in Purdues Research Park, which currently encompasses 619 acres about two miles north of Purdue Universitys West Lafayette campus. Almost 150 acres have been developed with approximately 1 million square feet owned or leased by more than 100 companies. More than 40 of these companies are growing within the research parks high-tech incubation complex, which is the largest university-affiliated business incubator in the country. Many of these ventures are developing Purdue-licensed technologies.
Initial funding for the research was provided by Purdues Center for Education and Research in Information Assurance and Security (CERIAS).
Writer: Chad Boutin, (765) 494-2081, firstname.lastname@example.org
Sources: Mike Atallah, (765) 494-6017, email@example.com
Donna Jeker, (917) 415-0837, firstname.lastname@example.org
Purdue News Service: (765) 494-2096; email@example.com
All latest news from the category: Information Technology
Here you can find a summary of innovations in the fields of information and data processing and up-to-date developments on IT equipment and hardware.
This area covers topics such as IT services, IT architectures, IT management and telecommunications.
In the quantum realm, not even time flows as you might expect
New study shows the boundary between time moving forward and backward may blur in quantum mechanics. A team of physicists at the Universities of Bristol, Vienna, the Balearic Islands and…
Hubble Spots a Swift Stellar Jet in Running Man Nebula
A jet from a newly formed star flares into the shining depths of reflection nebula NGC 1977 in this Hubble image. The jet (the orange object at the bottom center…