Computer hackers, who break security codes and illegally use or copy software, might have met their match. Computer scientists at Purdue University have come up with a new way to deter software piracy and tampering.
Software creators have traditionally tried to protect their products by keeping unauthorized users out. They have concocted secret passwords that must be used in order to start the software, and made such credentials-checking mechanisms more and more sophisticated over time.
Purdue University computer science professor Mike Atallah has come up with a different approach. Instead of erecting a single check point, Mr. Atallah plants hundreds or even thousands of check points or "guards" into the binary code of each software program. This connects the security measures to the software's operation.
"So instead of having to attack and disable one or a few spots," Mr. Atallah explains, "[computer hackers] now have to deal with thousands. And they are all tied together and they are all bound to the functionality of the original code, so that you can not disable them without damaging the software. And they are interdependent, so it is extremely hard to undo what we do."
Mr. Atallah says previous security measures have taken up a lot of computer space, forcing software to operate very slowly. His approach sidesteps that problem by spreading the security measures out in tiny spaces throughout the software. "Ours is light weight in terms of its effect, very little footprint on the time it takes to run the program, almost none on the space, so the download times don't increase or anything," he said.
Mr. Atallah helped found a start-up company, Arxan Technologies, to move the system out of the laboratory and into commerce. Arxan Chief Executive Officer, Rich Earley, says the company is focussing on two key markets: software vendors and the U.S. government's military and intelligence agencies.
"An F-16 fighter plane, before it is sold to a country, even an ally, needs to have its code tamper-proofed so that it can't be reverse-engineered," Mr. Early said. "On the commercial side, it's the prevention of piracy, so people can't just download your software for free or download your game for free, or download your movie for free."
Mr. Early says test results thus far have been encouraging. The company hopes to have a finished product available in a few months. Then, of course, the real test will come, as computer hackers attempt to break through all the security devices Mr. Atallah has put in place.