SUMMARY
Software to combat data piracy and hacking is important in ensuring secure
software solutions. Hardening is the process of securing software by reducing
its vulnerability to potential threats. There are a variety of techniques to
harden applications including strong encryption, firewalls, intrusion-detection
systems, and highly sophisticated hacker confusion techniques. Current
hardening solutions in the market need to be complicated so as to dissuade
hackers from attempting to decompile code.
The solution developed here inserts security checks into the application to
detect deviations and help deter software attacks that may occur by causing
deviations from the expected control flow of software applications. The
software tool-chain includes a compiler that compiles the source code of a
software application into executable code while simultaneously inserting
security checks into the executable code for detecting control-flow deviations.
In addition, a runtime system, which can load application libraries, further
enhances the execution of the software hardening capability. Finally, the
method can support dynamic loading of libraries in multithread applications
and can insert security checks when multiple threads are running in parallel.
Competitive Advantage
This solution provides a number of competitive advantages when compared
to existing software hardening methods. Current methods of control-flow
integrity do not support separate compilation with fine-grained control-flow
graphs and require all modules of an application to be available all at once.
The modular control-flow integrity enables individual modules to be
processed separately, without accessing the code of other modules. The
developed method also requires low performance overhead. The security
checks cause only limited slowdown to the application due to a novel use of
transactional memory. Furthermore, the method can be utilized with most
programs and requires minimal or no changes to the source code of the
application.
Lehigh Tech ID # 041014-01
Market Need/Opportunity
The cyber security market is estimated to grow from $95.60 billion in 2014 to
$155.74 billion by 2019, at a Compound Annual Growth Rate (CAGR) of
10.3% from 2014 to 2019.The growth of the Global Cyber Security market is
driven by several factors, one such factor being the need to improve the
quality of protection. Another factor driving growth is the increasing demand
for consumer and enterprise security tools in application such as internet
browsers, email clients, server application and mobile/smart phone
applications. In addition, the emergence of new security threats and
increasing mobile trend is also contributing to growth of the market. In the
United States segment, large enterprise applications, cyber attacks, and the
increase in data theft are impacting favorable growth in the segment with the
growth trend expected to continue.
Status
Lehigh University is looking for a partner for further development and
commercialization of this technology through a license. The inventor is
available to collaborate with interested companies.