Paradoxically, effective next-generation
software protection technology requires development of effective
next-generation software attack (reverse engineering) technology,
for two quite different reasons:
- Cutting edge software attack tools
must be developed to test cutting edge protection techniques,
and the protection techniques must be upgraded as vulnerabilities
to each new generation of attack tools are identified.
- Software virus developers are beginning
to use software protection techniques to prevent analysis of viruses.
Without successful analysis, it is not possible to develop successful
anti-virus "cures". Software protection, in this case,
requires unrelenting software attack - on the viruses.
As part of the national Software Protection
Initiative, Anacapa Sciences has received seed funding to develop
a next-generation set of software reverse engineering tools. As
these tools mature, the Department of Defense and the Department
of Homeland Security will use them to protect national-interest
software. The tools will also be available to legitimate commercial
enterprises, who will use them for the two purposes listed above
and for a third purpose - performing legitimate reverse engineering
in the form of debugging their software products prior to distribution.
A key product from this work is a "Commercial-Strength
C Decompiler", which provides automated support for:
- Source code recovery
- Vulnerability analysis
- Malicious code analysis
- Torture-testing software protection technology.
Funding for the development of the C Decompiler,
and for development of a wide variety of software analysis and protection
technologies, has been provided by the Department of Defense's Software
Protection Initiative. More information is available at http://spi.dod.mil
an email to Project Director Bob Dick