|
||
www.design-reuse-embedded.com |
Code Protection: Instilling trust into your applications
|
|
Overview Modern applications typically run on open devices (e.g. mobile phones) that are known to be vulnerable to attack. Therefore the devices cannot be trusted by the application developers. This means that developers need to build the applications that are secure regardless of the device environment. This means utilising tools, technologies and methodologies that allow the applications to protect themselves. Inside Secure s Code Protection technology provides powerful automated software protection tools applicable across Mobile, IoT, Desktop and Server platforms. Anti-tamper The integrity of an application and its function is achieved by tamper-proofing the application code itself. Tamper proofing is achieved by use of the Code Protection Tool to render an application resistant to analysis, change or manipulation by a hacker. Tamper proofing means that an attacker cannot:
At the heart of this is a runtime integrity network embedded throughout the application code. This detects and responds to any attempts to analyse, reverse-engineer or otherwise manipulate the application. Attackers trying to compromise the application or other security measures (e.g. white-boxes) will find their room for manoeuvre highly restricted to the point that they cannot do any useful work. The integrity network created by Inside Secure s anti-tamper technology enables the application to defend itself. The integrity network creates a strong foundation on which to build other security techniques (such as Obfuscation). Without this foundation, these other techniques are easily and quickly broken down by even novice hackers. Obfuscation Obfuscation on its own is not application protection; but it can be a useful technique to have as part of wider defences. Application developers should hide sensitive data in software and obfuscate sensitive code. The obfuscation applied by Inside Secure s tool greatly hinders an attacker s ability to statically analyse an application. Integrated directly with the integrity network, and further hardened by it, Inside Secure s Code Protection provides multiple powerful Obfuscation techniques that render reverse engineering and static analysis impractical, ensuring that even elite hackers will move on to softer, less frustrating targets. Automated not Manual It is important to ensure that there are no gaps in the protection that can be exploited. Inside Secure s Code Protection Tool works on an automated model to protect code. It first dynamically analyses the software, then uses that analysis to determine where best to insert the integrity network checks. This gives an optimised integrity network to the profile of the specific application. In practice, this means the number of checks inserted is an order of magnitude higher than those achieved with a manual or scripted injection approach.
Please sign in to view full IP description :
|
Partner with us |
List your ProductsSuppliers, list and add your products for free. |
More about D&R Privacy Policy© 2024 Design And Reuse All Rights Reserved. No portion of this site may be copied, retransmitted, reposted, duplicated or otherwise used without the express written permission of Design And Reuse. |
||||||