Hypervisor Protection

Binary FortressTM

Software Protection

Phase II SBIR (Started 1/08)

The ability to protect software from theft, piracy, unauthorized use, reverse engineering, or other malicious analysis represents a valuable commodity in a currently underserved market. While existing techniques for protecting software applications are able to stop juvenile hacking attempts, a desperate need exists for more sophisticated solutions which can protect Critical Program Information (CPI) from skilled software crackers and state-sponsored reverse engineering labs.

The focus of this Phase II SBIR is development of a hypervisor that is designed to actively protect a Windows application against static analysis, runtime debugging, memory access, unauthorized use, and theft. These, and other built-in protections, ensure that only valid users are allowed to run the protected application on authorized machines. Even if cracking software is surreptitiously installed on the authorized machines, Binary Fortress actively protects the application to ensure that CPI is not exposed, stolen, or otherwise exploited. The ultimate goal of Binary Fortress is to provide a secure environment for the safe execution of sensitive applications without fear that confidential data or proprietary algorithms will be exposed or stolen. This process is transparent to the user, and the underlying protection mechanisms do not require any access to the application's source code or software build process. Instead, protection can be added to any existing binary executable or application library that is in the Windows-native file format. This flexibility ensures that additional complexities and requirements are not introduced in the software development process. Instead, system architects are given the freedom to choose exactly which applications require enhanced software protection in a variety of deployment scenarios.

Situational Awareness

AkitaTM

Software Situational Awareness

Phase II SBIR (Started 1/08)

Akita is a software-based situational awareness system that aids in the protection of sensitive applications by using inherent system and environmental characteristics to generate unique encryption/decryption keys. Similar to biometrics taken from humans, digital metrics create a unique fingerprint of a computer system or network. The fingerprint generated can unlock protected data or applications; eliminating the need to store a static key. The protection is keyed to the environment for which it was generated; therefore an attacker must be capable of recreating the environment to defeat the security. Through the use of a dynamically generated key, the system is much less susceptible to fail as a result of break once, break often category that has plagued so many modern DRM and protection systems. Akita eliminates the need for key-files, key-fobs, or dongles, all of which can be stolen and used to execute pirated copies of otherwise protected software. It forces the adversary out to the field to attack the system. Then, even the act of trying to exploit the system will remove access to the key material and render the attack futile.

Anti-Forensic Research and Development

Phase II SBIR (Started 8/08)

The ability to protect computer software against malicious attacks originating from an equal or greater privilege level remains exceedingly difficult even in "best case" operational scenarios. During situations such as this, the predominant tools for thwarting reverse-engineering and piracy efforts involve obfuscation, deception, misdirection, and functional compartmentalization. In particular, the goal is not to design a provably secure architecture (an impossible task given the attacker's level of access) - rather the approach is to make proper identification and understanding of the running software so difficult that it quickly becomes too costly for the attacker to pursue. The field of anti-forensic research is helpful in providing novel and innovative techniques for maintaining software confidentiality and integrity during concentrated analysis and sabotage attempts by malicious attackers who have full access to system resources.

This Phase II SBIR is focused on developing anti-forensic techniques to obscure data storage, transmission, and execution in such a way that it remains hidden from even a professional, dedicated examiner with physical access to the system. Application of these techniques will dramatically increase the level of effort required by an attacker to fully understand and reverse-engineer a software system.

AirmidTM

Self-healing and Active Defense

Phase II SBIR (Started 8/08)

Airmid is a newly awarded Phase II SBIR that focuses on development of an autonomous healing system that will operate in both Linux and Windows environments. It provides four layers of self-healing, which can be used together or individually. The first layer leverages the unique approach taken by Electronic Armor to preprocess multiple variations of program sections within protected binaries. Airmid verifies the integrity of these sections before and after decryption to ensure that they have not been modified. The second layer of Airmid is the ability to heal using a mesh network. This network will establish itself autonomously using swarming, self-organize by operating system releases and patch levels, and randomly query associated hosts to continuously verify integrity of memory within the network. Use of specialized processor modes will provide the third layer of defense, which will be used to monitor the kernel threads from outside of the kernel. Tampered portions of the kernel threads will be repaired when feasible. The fourth layer of healing will be an extension of the existing FPGA capability being developing for Electronic Armor kernel attestation; new research will provide a mechanism to heal both applications and the kernel when modifications are detected.

Cross Domain Digital Rights Management

Phase II SBIR (Started 12/08)

The explosive growth of digital storage, transport, and processing technologies has allowed for enormous advances in the way that information is created, accessed, and disseminated. Unfortunately, data protection standards have failed to keep pace with advances in the digital revolution. With an increasing significance placed on proprietary and sensitive information stored within electronic data files, both Government and private sector entities are searching for innovative methods to combat inappropriate disclosure of proprietary information. The focus of this Phase II SBIR is to use proven cryptographic techniques, secure design principles, and innovative software enforcement mechanisms for the purpose of controlling information access and data flow within networked computer environments. The inner-workings of this technology will not require any modifications to existing application software, file formats, or user operations. Instead a small, high-performance kernel module will transparently encrypt and decrypt files in memory as they are read, modified, and written back to disk. Further control and enforcement of data rights, such as the ability to copy, print, modify, or otherwise manipulate protected information, will also be provided. The successful development of a comprehensive, but non-intrusive, Cross Domain Digital Rights Management solution will provide a common DRM standard for use throughout the Department of Defense or Corporate Enterprises.

Data Authentication and Dissemination using Network Watermarking

Phase II SBIR (Started 2/09)

The ability to provide positive identification and authentication of data as it is disseminated throughout a network environment remains unsolved for the vast majority of current operational deployments; however, recent advances in steganography and watermarking technology have now begun to provide approaches that address this problem. In combination with traditional encryption, hashing, and time stamping techniques, these technological advances are now able to provide the necessary framework to support proper identification and authentication of data as it traverses a network. The Global Information Grid (GIG) will benefit greatly from such a utility, as the information and applications being distributed across the network have various classification levels. The successful development and deployment of this data protection platform could eventually lead to a common network watermarking standard for use across the entire Department of Defense. Similarly, this standard will be of great interest to commercial organizations as they seek protection against inappropriate disclosure and dissemination of proprietary intellectual property.

Research Focus

Pikewerks Brain Image

The core capabilities of Pikewerks include Cyber Security, Anti-Tamper, Software Protection, Data Protection, Live-System Forensics, Information Operations, and Insider Threat Protection. Pikewerks has developed several products and integrated technologies, which target the Cyber Security, Anti-tamper and Forensic communities.

In support of Electronic Armor and Second Look, Pikewerks is also actively working on additional capabilities and products including software situational awareness, data security, autonomous system healing, anti-forensics, data watermarking and hypervisor-based protections. These additional capabilities are in various stages of development and will be released to our partners as they are completed.

Our solutions are created by a "trusted" group of developers; which give Pikewerks an added competitive advantage and its customers an increased level of security. Pikewerks intends to become a leading provider of computer security solutions that are ready for commercialization in government programs and initiatives.

Interacting with Pikewerks during the research and development phase of a commercial capability has its advantages! A strong business partnership or early adopter relationship with Pikewerks enables developers to involve you early in the design and feature selection of our products. Early involvement ensures that the final release meets or exceeds your expectations. You will also have a glimpse into cutting edge research and development before it is publicly available. Please contact Pikewerks for additional details, to schedule a demonstration, or to take part in our early adopter program.

Sponsored and Cooperative Research

Developers at Pikewerks are actively engaged in several sponsored research programs. The company is also actively reinvesting in Internal Research and Development programs, and has an interest in performing cooperative research with organizations that have complementary capabilities.