Skip Links

If it can protect bombs, why not commercial software, too?

Software protection used by Department of Defense comes to commercial sector

By , Network World
May 21, 2007 12:05 AM ET

Network World - A technology used by the U.S. Department of Defense to protect software from piracy and tampering has been released to the commercial sector to help software companies avoid loss of intellectual property, the makers of the product announced Monday.

The team behind vendor Arxan Technologies began designing the product five years ago at Purdue University with funding from the National Security Agency, according to Amena Ali, Arxan’s chief marketing officer.

The military incorporates Arxan technology into weapons systems to prevent tampering, she says. If a weapon went down in enemy territory and did not explode, hackers could use reverse engineering techniques to learn how the missile was built and make duplicates. Arxan prevents that by placing modules of object code into software at the binary level.

“Today every single major defense contractor, as well as the Army, Navy and Air Force all use Arxan because there is a Department of Defense mandate to incorporate antitamper technology in weapons systems,” Ali says.

Arxan decided to take the technology to the commercial sector about a year ago and is marketing it as GuardIT. Arxan has 11 customers in the private sector so far, most of which use GuardIT to protect desktop software. They pay an average of $500,000 to $1 million per year in licensing and support costs, says Arxan CEO Mike Dager.

Worldwide, vendors made $65 billion in PC software in 2006, but lost $40 billion in potential revenue due to pirated software, according to this report by the Business Software Alliance and IDC. In developing countries, more than two-thirds of the market is composed of illegally made software.

A number of vendors have tackled the problem, such as AntiPiracy World, the maker of CipherPack and SafeNet.

Arxan uses a library of 12,000 guards that are placed into software code and prevent hacking in a variety of ways. One guard encrypts sections of a program, and decrypts the sections at runtime, keeping the key a secret so an attacker can’t reverse the process. Another guard obfuscates program logic, breaking up its basic building blocks to make it hard to trace. Another guard overrides code altered by hackers with the original code after tampering has been detected.

The GuardIT system uses a Design Wizard that matches guards to the resources a customer wants to protect and the types of threats the customer wants to avoid, whether that be piracy, reverse engineering, tampering or malware. A single customer could receive thousands of guards, Dager says.

“The attackers and the hackers and the pirates, they’ve got a wide variety of things they can do to steal software, tamper with code,” he says. “We analyze those methods they can come in with and we develop guards to stop that.”

Hurco, an Indiana company that makes software for the machine tools industry, is using GuardIT as it expands into countries where piracy is more common than in the United States, says Hurco Vice President Greg Volovic.

Hurco officials are well aware of piracy threats, having seen one of its products copied illegally and sold on the Internet about six years ago.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News