Protecting your Ocean plug-in Intellectual Property and Licensing code

Arxan Confidential 

Protecting your Ocean plug-in 

Intellectual Property and 

Licensing code 

10/21/2010 

Vince Arneja 

Vice President, Product Management 

Arxan Technologies

Today’s Topic 

Arxan Technologies 

– Company and Technology Overview 

Application Threats facing Oil & Gas Software 

Countermeasures to mitigate threats and preserving your 

revenue stream 

– Application Hardening 

– Arxan’s GuardIT for license management and intellectual property 

protection 

Protection Automation 

Q&A 


2

Arxan At-A-Glance 

• History: Founded in 2001 from NSA Center of Excellence (CERIAS) at Purdue University. Software 

Company with Department of Defense pedigree 

- NOT a Norwegian Company!!! 

- Leading Anti-Tamper/Software Protection solution since 2001, with 6 th generation product offering 

- Protecting Petrel and other SLB applications since 2006 

• Current Standing: Privately held, VC backed, well-funded, and growing 

- Horizontal software solution used in a variety of markets including Govt, Digital Media, Gaming, Enterprise, ISV and 

various other market segments 

- Customer Value: Maximize revenues by protecting applications against tampering, piracy and IP theft, 

and assure integrity of customer experience 

- Solution Targets Man At The End (MATE) attacks 

- Where the adversary gains an advantage from violating software under their control 

- Cross-Platform Software Protection Suite 

- Covers Windows, Linux, MacOSX, Android, .NET, Java, etc. 

- Real-time protection against attempted hacks in running applications 

- Add security in application, so protection goes wherever the app goes and is distributed 

Offices/labs in Bethesda (MD), San Francisco and W Lafayette (IN) 

GuardIT Won Application 

Security Award 

Won Global Product 

Excellence Award 

DRM Finalist 

Finalist for Red Herring 

100 Awards 

Named a “Cool Vendor” 

By Gartner 


3

GuardIT ® Overview 

• GuardIT is a software product that hardens applications to prevent 

unauthorized access, malware insertion, tampering and compromise. 

• GuardIT enables you to quickly and easily implement a deep intricate 

layered protection by embedding a collection of interdependent 

protection routines, called Guards, into a program at the binary level. 

• The Guards, which appear to be normal code: 

– Enable the program to DEFEND itself, 

– To DETECT and ALERT if it is attacked, 

– To REACT if it is modified 

– Are policy and threat driven 

• Benefits of GuardIT include: 

– Multiple uses: Embedded, Web, Mobile, Desktop 

– Layered protection for defense-in-depth 

– Low performance impact, low development impact 


4

Why Protect Managed Code 

• Easy to decompile 

– Metadata in tact 

• Type information 

• Strings 

• Symbols 

• Control / Data flow 

– Tools are freely available: 

e.g., Reflector 

• Easy to modify 

– Decompile 

– Modify source code 

– Recompile 

• Everything including License 

management becomes more 

vulnerable 

.NET Decompilation Example 


5

Common Attack Tools 

• Debuggers (dynamic analysis) - ICorDebug Tools 

• Disassemblers (static analysis) - ILDASM 

• Assemblers – ILASM 

• Decompilers - Reflector 

• Hex editors (patch programs, edit raw data) - 

Hackman, XVI32 

• Portable Executable (PE) editors 

• Comparison tools 

• File or registry monitors 


6

Attack Vectors and Intelligent 

SW Protection 

Intelligent Software Protection 

Defend Against 

Static Attacks 

Detect/Defend 

Against Dynamic 

Attacks 

Guard Types 

Guard Reactions 

and Recoveries 

Decompiling 

Disassembling 

Signature 

Matching 

Tampering 

Differential 

Analysis 

Debugging 

Virtualized 

Execution 

Emulating or 

Spoofing 

Memory 

Scanning 

Memory 

Dumping 

Tampering 

Code Injection 

Obfuscation 

Encryption 

Value Verification 

Checksumming 

Anti-debug 

Authentication 

Damage/repair 

Watermarking 

Self-Heal 

Exit or Fail 

User Notification 

Covert Phone Home 

Erase Assets 

Degradation 

Reactivate/Renew 

Custom Function 

Secure Patching 


7

Defense in Depth 

Control Flow Graph 

Encryption 

Guard Protected by: 

Encryption Guard 

CPI/IP Code 

Identified 

Checksum 

IP Protected by: 

Checksum Guard 

Obfuscation 

Checksum 

IP Protected by: 

Obfuscation Guard 

Obfuscation 

Guard Protected by: 

Checksum Guard 

Guards Protected by: 

Obfuscation Guard 


8

Feature Use Case: 

Schlumberger - Open, extensible and 

secure platform for geoscience 

9

Oil and Gas Applications at Risk 

High value applications provide oil and gas 

competitive advantage and differentiation in a 

global and commoditized market. 

Complex Code 

Differentiating science 

These applications are distributed and 

deployed in hostile environments and are 

regularly subject to attacks 

Rampant (and rapid) availability of high-valued 

software on multiple crack sites. 

New versions advertised for download prior to 

being cracked — trolling for customers! 

Brand degradation and other consequences 

Revenue Leakage Prevention 

Licensing logic 


10

Case Study: Schlumberger 

• SW Vendor Goal 

– Multi-billion dollar ISV 

– Sell sophisticated oil field modeling software to countries with high 

piracy rates and no legal or government IP protection. 

• SW Vendor Problem 

– License management and dongle security mechanisms being easily hacked 

– Hacked version of new releases on cracked SW sites within days of GA 

– Complex application, many exploitable gaps between modules 

– Piracy rampant in Asia 

• Arxan Solution 

– Full risk assessment, then complete fortification of application with Arxan 

– Arxan now deployed as a security best practice across entire portfolio 

of applications 

– Protected applications successfully deployed worldwide for 4+ years 

– Customer benefitting from significantly increased revenues, and expanding 

protection to .NET ecosystem of plug-in apps 


11

GuardIT for .NET Automated Protection 

Goal is to protect licensing and IP in the plug-in itself 

Externalize the protection definition from your plug-in 

Schlumberger architects involved with Risk Assessment 

Phase 1 

 

Licensing Module Image (Example Protections) 

Phase 2 

• Obfuscation guard: obfuscate the entire image 

• Checksum guard: checksum the entire image 

• String encryption guard: encrypt all strings in this module so "license succeeded" doesn't appear in plain text 

• Others 

 

Plug-in Module Image (Example Protections) 

• Checksum guard: checksum high performance code 

• Obfuscation guard: obfuscate sensitive IP 

• Checksum guard: checksum sensitive IP 

• Checksum guard: checksum the entire image 

• String encryption guard: encrypt all strings in this module 

• Others 


12

GuardIT for .NET Automated Protection 

Minor customization allows for quick and strong protection 

Specify variety of class and method names for licensing 

and IP protection for guard invocation 

Specify high performance code location 

Seamless Build Integration 


13

Competitive Differences 

Cross Platform Software Protection Suite (Native, 

Managed, Interpreted) 

Strength of diversification/ individualization 

Protection Techniques contains a lot more than Renaming 

(Obfuscation, Checksum, Cross Module, Encryption, etc.) 

Power of a Guard Network – Guards protecting code and 

each other – Eliminates single point of attack 

Licensing Model is not per developer based 

Licensing Risk Assessment and Protection Scheme 

already done 


14

Arxan’s GuardIT ® Protection Process 

1 

.NET Assembly file – 

Ocean Plug-in 

GuardScript 

2 

Pre-fortified GuardScript for 

protection based on Risk 

Assessment 

Original 

Plug-in 

.EXE, .DLL 

3 

GuardIT ® Insertion 

Engine 

Engine automates 

Guard insertion as 

defined by GuardScript 

directly into binary 

Guard library contains many 

different Guard types such as: 

• Obfuscation 

•Checksum 

• String Encryption, etc. 

4 

Protected 

Plug-in 

After Guard injection 

• Guards dissolve into assembly 

• Guard cannot be identified or 

isolated 


15

The Ocean Store – Protected Apps 

Shopping Cart 

Plug-in detail 


16

Arxan Software Protection Suite 

• Code Protection (Anti-RE and Anti-Tamper): 

– Desktop/Server/Embedded/Mobile Applications 

• GuardIT for Windows 

• GuardIT for Microsoft .NET Framework 

• GuardIT for Mac OS X 

• GuardIT for Linux 

• GuardIT for Java 

• EnsureIT for Mac/PowerPC 

• EnsureIT for Android/ARM 

• EnsureIT for Linux/ARM 

• EnsureIT for iOS/ARM 

• Add-ons 

- Arxan Licensing Code Protection for FlexNet Publisher 

Certificate Based 


Vendor Daemon 


Trusted Storage 

- Arxan Tamper Resistance Solution for Marlin DRM 

• Cryptographic Key Protection (Public/Private Key 

Hiding): 

– TransformIT 

• Host-ID Spoofing Prevention 

– BindIT 

• Professional Services: 

– Product Extension Services, Security audits, 

Blue team, Risk assessments, etc. 

• Supported languages 

– C, C++; both native and mixed mode images 

– C# , VB.NET for managed code applications 

• Supported executable file formats 

– PE 

– ELF 

– Mach-O/Universal Binary 

• Supported compilers 

– Visual Studio 2003, 2005(SP1), 2008, 2010 

– Various Flavors of GCC 

• Supported Development (Host) Platforms 

– All Flavors of Windows 

• Supported Deployment (Target) Platforms 

– All Flavors of Windows 

– Red Hat Enterprise Linux 4 and 5 

– Mac OS X 10.4 – 10.6 

– .NET 2.0 – 4.0 

• Supported Target chipsets 

– Intel Compatible x86 (32-bit); 64-bit chipset ; PPC ; 

ARM; 

• Build integration 

– Command line interface allows seamless integration 

into any build environment 


17


Contact Information 

QUESTIONS ? 

Email: info@arxan.com for more information about protecting 

your Ocean plug-in code. 

www.arxan.com

Protecting your Ocean plug-in Intellectual Property and Licensing code

Create successful ePaper yourself

Delete template?

Save as template?