The Air Force Research Laboratory has awarded Network Associates
with a $1.8m (£1.13m) contract to support research that may have
widespread implications for the future of government and private
sector cybersecurity.
The contract is part of the Software Protection Initiative (SPI), a
government programme focusing on cutting-edge technologies to
protect critical software that supports national and defence
capabilities.
The research being planned for the programme is also likely to
benefit the private sector.
The focus of one research project is to produce a secure
development repository with the aim of developing information
assurance techniques and malicious code-scanning capabilities for
software production systems, said Pete Dinsmore, director of
research operations at Network Associates Laboratories.
A second project will focus on protecting software from reverse
engineering, which can be a critical weapon in the malicious
hacker's arsenal. Using reverse-engineering techniques, tools such
as disassemblers and decompilers can extract and exploit
information about the design and operation of software.
Researchers from the Air Force and Network Associates plan to study
the feasibility of constructing new defences against reverse
engineering and embedding those defences in critical software.
"This is cutting-edge," said Dinsmore. "We're doing research to
understand software obfuscation and de-obfuscation tools to
understand how well a hacker can take apart the software you've
created," he said.
"We're also developing a secure [change management] repository that
can ensure that the code that comes out of the repository only goes
to the people it's supposed to go to."
Alan Paller, director of research at the SANS Institute, said
government funding of this type of research could have a
significant spillover effect for the entire software and Internet
industry. "Government funding of advanced research on code analysis
tools could lead to valuable resources for everyone," he said.
Paller said many advanced hackers no longer study software code.
Rather, they rely on automated tools that isolate places in the
object code where buffer overflows and similar problems are
possible. "Developers should use those same tools first and have
access to the most sophisticated tools available to the hackers,"
said Paller.
IDC analyst Charles Kolodgy said that while the focus on reverse
engineering was unique, it could be a double-edged sword.
"Many vendor vulnerabilities are discovered by people who take the
code apart to look at it," he said.