SafeWare puts DARPA in the hunt for unbreakable code
The Defense Advanced Research Projects Agency plans to fund research in how to create groundbreaking software “obfuscation” techniques, innovative methods for coding that leave resulting software nearly impossible to hack.
In announcing funding for the SafeWare research program, DARPA invited researchers to submit proposals for the development of new mathematical foundations and new implementation paths for “provably secure” software obfuscation.
In software development, obfuscation a technique for creating source code that is extraordinarily difficult to understand. Programmers use the technique to purposefully scramble program logic to prevent code tampering and or to reverse engineer software.
DARPA wants to take the technique to the another level.
In its announcement, the agency said it would only consider proposals that led to “revolutionary” advances in science, devices and systems. “Specifically excluded is research that primarily results in evolutionary improvements to the existing state of the practice.”
"The goal of the SafeWare research effort is to drive fundamental advances in the theory of program obfuscation and to develop highly efficient and widely applicable program obfuscation methods with mathematically proven security properties," DARPA said.
Proposals must meet several criteria, including methods that require the solution of a “computationally hard mathematical problem as a necessary condition of a successful de-obfuscation attack,” DARPA said.
Other requirements are that the method does not depend on special hardware or resources and does not lose its effectiveness even if it’s fully understood by an adversary.
Conversely, DARPA said it does not want to entertain obfuscation proposals that depend on the use of a cryptographic key or any hardware or software token for its operation. And it doesn’t want ideas that do not rely on the difficulty of mathematical problem.
This not the first major research effort into obfuscation techniques, part of the reason DARPA wants to set the bar very high for the proposals it receives.
In March of last year, UCLA computer scientist Amit Sahai presented a paper on the technology. Sahai said previous attempts at obfuscation presented only a “speed bump” to potential attackers, forcing them to spend a few days in an effort to reverse engineer the software.
The UCLA team said its technology would present an “iron wall” against reverse engineering artists.
“The real innovation that we have here is a way of transforming software into a mathematical jigsaw puzzle," according to a UCLA report. "What we're giving you is just math, just numbers, or a sequence of numbers. But it lives in this mathematical structure so that these individual pieces, these sequences of numbers, can only be combined with other numbers in very specified ways.”
The UCLA-based researchers were funded in part by the National Science Foundation.
Connect with the GCN staff on Twitter @GCNtech.