DARPA delving into the black art of super secure software obfuscation

DARPA program seeks to develop security schemes that keep potential villains from the all-important code

Given enough computer power, desire, brains and some luck, the security of most systems can be broken. But there are cryptographic and algorithmic security techniques, ideas and concepts out there that add a level of algorithmic mystification that could be built into programs that would make them close to unbreakable.

+More on Network World: World’s craziest Halloween coffins+

 That’s what the Defense Advanced Research Projects Agency (DARPA) wants for a new program called Safeware.

From DARPA: “The goal of the SafeWare research effort is to drive fundamental advances in the theory of program obfuscation and to develop highly efficient and widely applicable program obfuscation methods with mathematically proven security properties.”

The basic (and I mean basic) idea of software obfuscation is to make the important underlying code or intelligence of an application untouchable (or as untouchable as possible) by an intruder or anyone else looking to access its information.

There is a great description of obfuscation by Johns Hopkins University research professor Matthew Green here if you’d like a seriously more in-depth description of the ideas behind obfuscation.

For its part DARPA says it is looking to discover and develop of new mathematical foundations and new implementation paths for provably- secure program obfuscation.

While many would call obfuscation a black art, DARPA is pretty certain about what it wants to see. For example the agency stated that any proposals for the SafeWare program must satisfy all of the following criteria:

• The method requires the solution of a computationally hard mathematical problem as a necessary condition of a successful de-obfuscation attack.

• The method is not substantially diminished in effectiveness even if they are fully understood by the adversary.

• The method produces an increase in adversary work factor that scales exponentially with respect to a polynomial increase in program runtime overhead.

• The method has general purpose applicability to standard, non-pathological program types.

• The method does not depend on special hardware or special physical resources.

On the flip side, DARPA stated it doesn’t want to see security obfuscation research methods and reverse engineering countermeasures like these:

• Methods whose security does not rely on the hardness of a mathematical problem (typified by, but not limited to control-flow flattening, opaque predicates or breaking abstractions, etc.);

• Methods that require the use of a cryptographic key or any kind of token (hardware or software) for the operation of the program;

• Methods that require encrypted hardware, distributed computation or distributed storage;

• Methods that require exotic physical states or resources not found on commodity digital hardware (typified by, but not limited to coherent quantum states, analog physical states, biological degrees of freedom, etc.)

Check out these other hot stories:

Cooling and crops: US offers $60 million for radical new energy technology

DARPA technology uncovers counterfeit microchips

DARPA image technology would move way beyond X-Rays

FAA lets movie and TV groups operate drones in national airspace, what could go wrong?

Three new (and a few old) cloud computing challenges stymie government rollouts

Internet Crime Complaint Center warns scam uses IC3 e-mail as way to con victims

To combat $5.2 billion worth of identity theft IRS may need to change the way you file taxes, get refunds

Is Pluto a planet? Kinda, sorta, well yes, maybe

Take a spin in the world first 3D –printed electric car

To comment on this article and other Network World content, visit our Facebook page or our Twitter stream.
Related:
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.