Modular Control Flow Integrity for Hardening Software Applications

SUMMARY

Software to combat data piracy and hacking is important in ensuring secure

software solutions. Hardening is the process of securing software by reducing

its vulnerability to potential threats. There are a variety of techniques to

harden applications including strong encryption, firewalls, intrusion-detection

systems, and highly sophisticated hacker confusion techniques. Current

hardening solutions in the market need to be complicated so as to dissuade

hackers from attempting to decompile code.

The solution developed here inserts security checks into the application to

detect deviations and help deter software attacks that may occur by causing

deviations from the expected control flow of software applications. The

software tool-chain includes a compiler that compiles the source code of a

software application into executable code while simultaneously inserting

security checks into the executable code for detecting control-flow deviations.

In addition, a runtime system, which can load application libraries, further

enhances the execution of the software hardening capability. Finally, the

method can support dynamic loading of libraries in multithread applications

and can insert security checks when multiple threads are running in parallel.

Competitive Advantage

This solution provides a number of competitive advantages when compared

to existing software hardening methods. Current methods of control-flow

integrity do not support separate compilation with fine-grained control-flow

graphs and require all modules of an application to be available all at once.

The modular control-flow integrity enables individual modules to be

processed separately, without accessing the code of other modules. The

developed method also requires low performance overhead. The security

checks cause only limited slowdown to the application due to a novel use of

transactional memory. Furthermore, the method can be utilized with most

programs and requires minimal or no changes to the source code of the

application.

Lehigh Tech ID # 041014-01

Market Need/Opportunity

The cyber security market is estimated to grow from $95.60 billion in 2014 to

$155.74 billion by 2019, at a Compound Annual Growth Rate (CAGR) of

10.3% from 2014 to 2019.The growth of the Global Cyber Security market is

driven by several factors, one such factor being the need to improve the

quality of protection. Another factor driving growth is the increasing demand

for consumer and enterprise security tools in application such as internet

browsers, email clients, server application and mobile/smart phone

applications. In addition, the emergence of new security threats and

increasing mobile trend is also contributing to growth of the market. In the

United States segment, large enterprise applications, cyber attacks, and the

increase in data theft are impacting favorable growth in the segment with the

growth trend expected to continue.

Status

Lehigh University is looking for a partner for further development and

commercialization of this technology through a license. The inventor is

available to collaborate with interested companies.

App Type Country Serial No. Patent No. File Date Issued Date Expire Date
Provisional [PR] United States 62/009,539 6/9/2014   6/9/2015
Utility United States 14/734,601 9,361,102 6/9/2015 6/7/2016 6/7/2036
Continuation-in-Part [CIP] United States 14/829,963 9,390,260 B2 8/19/2015 7/12/2016  
Category(s):
Software and Computer
For Information, Contact:
Thomas Meischeid
Interim Director
Lehigh University
tjm5@lehigh.edu
Inventors:
Gang Tan
Ben Niu
Keywords: