| Tool protects .NET, Windows app source code |
Aug. 15, 2007
V.I. Labs has added new "secure debugging" capabilities to its solution for protecting software IP (intellectual property). The company's CodeArmor for .NET and CodeArmor for Windows are said to protect applications without requiring any modifications to the source code.
The company claims that unlike simple encryption wrappers or obfuscation tools, such as Dotfuscator, CodeArmor requires no changes in the software development process. Instead, it introduces protection after the fact, when the applications are already in an executable form.
The CodeArmor architecture
(Click to enlarge)
CodeArmor for .NET
V.I. Labs notes that "while .NET offers an efficient framework for developing and deploying Windows applications, it also uses intermediate language containing highly detailed metadata that makes compiled applications easier to reverse engineer." V.I.'s CodeArmor for .NET tool is said to protect .NET applications as follows:- Using the CodeArmor Post Processor, an administrator selects the files to be protected, configures the security settings, and initiates the protection process.
- The Post Processor analyzes .NET assemblies and dependent managed and unmanaged DLL files, encrypts the assemblies and individual unmanaged software functions, embeds an active run-time agent (Secure Execution Monitor), and adds pre-defined application and security extensions.
- The Post Processor then outputs an encrypted and protected version of the application binary files that .NET decompilers cannot access.
- When the secured application is executed, the Secure Execution Monitor transparently instantiates itself, verifies the integrity of the runtime environment, decrypts .NET assemblies, and decrypts and re-encrypts sensitive unmanaged functions.
According to V.I. Labs, because CodeArmor authenticates the Microsoft Common Runtime Language (CRL) environment, hackers and competitors are deterred from hooking the CLR and other core components to access decrypted managed code in memory.
CodeArmor for Windows
V.I. Labs claims that CodeArmor for Windows "combines granular encryption, decryption, anti-debugging, anti-tampering, and secure run-time execution monitoring" to provide comprehensive software protection for any Windows application. It's said to operate as follows:- To protect a software application, a user starts the Post Processor and selects the executable and associated dll files to be protected.
- Once these are selected, the Post Processor locates the application functions, creates and stores a digest of each, and encrypts select functions with unique keys.
- The Secure Execution Monitor is embedded in the application along with any previously defined application extensions.
- When an application is run, the monitor decrypts each protected function in real-time on a block-by-block or a function call basis; the monitor never decrypts the entire application in memory.
V.I. Labs says that when a protected application is launched, the Monitor checks the run-time environment to detect hacker attempts to attach debuggers, insert malicious code, or utilize other techniques to capture code. If tampering is detected, the Monitor can notify a user, log the event, or halt the executable altogether.
Secure debugging
According to the company, CodeArmor now offers a new secure debugging capability that allows third parties to debug and develop without exposing a protected application. To access the secure debugger, developers authenticate via unique shared secrets or custom extensions that are defined in existing license enforcement systems. Once authenticated, developers can access and debug their third party extensions but not the source code resident within the protected application, the company explained.
CodeArmor for Windows and CodeArmor for .NET are available now. They are priced on a subscription basis, starting at $20,000 per application.
Related Stories:
(Click here for further information)
|
|
|
|
|
|
|
news feed
