Date of Award

6-2008

Document Type

Thesis

Degree Name

Master of Science in Cyber Operations

Department

Department of Electrical and Computer Engineering

First Advisor

Richard Raines, PhD

Abstract

Protecting intellectual property contained in application source code and preventing tampering with application binaries are both major concerns for software developers. Simply by possessing an application binary, any user is able to attempt to reverse engineer valuable information or produce unanticipated execution results through tampering. As reverse engineering tools become more prevalent, and as the knowledge required to effectively use those tools decreases, applications come under increased attack from malicious users. Emerging development tools such as Microsoft's .NET Application Framework allow diverse source code composed of multiple programming languages to be integrated into a single application binary, but the potential for theft of intellectual property increases due to the metadata-rich construction of compiled .NET binaries. Microsoft's new Software Licensing and Protection Services (SLPS) application is designed to mitigate trivial reversing of .NET applications through the use of virtualization. This research investigates the viability of the SLPS software protection utility Code Protector as a means of mitigating the inherent vulnerabilities of .NET applications. The results of the research show that Code Protector does indeed protect compiled .NET applications from reversing attempts using commonly-available tools. While the performance of protected applications can suffer if the protections are applied to sections of the code that are used repeatedly, it is clear that low-use .NET application code can be protected by Code Protector with little performance impact.

AFIT Designator

AFIT-GCO-ENG-08-09

DTIC Accession Number

ADA487568

Share

COinS