Software Protection White Papers

As the mobile device market continues to explode with new features, apps and content, the need for mobile software security becomes paramount requiring a software-based approach comprised of app hardening and key protection. In addition to outlining today's various mobile security threats, such as malware, the paper addresses the unique nature of Man At The End (MATE) attacks in the mobile arena. Although other tiers of security are identified as options for end users, such as anti-virus, anti-spam, etc., these solutions primarily address network related threats and are less effective for devices outside the enterprise network perimeter.

According to the IDC, software piracy worldwide was nearly $40 billion in 2006. Newly emergent trends clearly indicate that the rampant growth in software-based intellectual property piracy and tampering require software companies to deploy a software protection solution immediately. There are 7 key factors to software protection and Arxan's approach to securing software possesses all of the 7 key factors. This white paper explores the magnitude and types of software threats as well as the Arxan's GuardT technology as a resilient solution to stopping software piracy and tampering.

Software piracy and tampering is rampant and compromises revenues as well as a companies underlying intellectual property. This white paper presents an in-depth overview of the Arxan solution and provides 3 easy steps on how it can be deployed to stop piracy and tampering of your intellectual property.

Application hardening is a critical issue for game developers and game publishers alike. As games become more complex, demand more investment and are played in a wider variety of scenarios, hacking is also on the rise and millions of dollars in R&D investment can be lost in hours to a successful hack. As online gaming grows and in-game commerce gains prominence, cheating and other forms of compromise can lower the value of a game and further impact revenues.

Being a largely open-source platform, Android applications are trivial to reverse engineer as they often rely on system libraries or managed components that are either open source or easily disassembled. What’s more, there are very few anti-tamper and anti-piracy components available for the Android Market. This makes exploits relatively easy to craft and disseminate. In the face of threats such as hacking, piracy, malware injection and data theft, it is critical to Guard the application internally to fully secure these assets. In this whitepaper, we review the risk factors for mobile applications, mobile application exploits, and security recommendations for Android applications.

Key discovery is the most prevalent class of threats to content protection systems today, such as digital rights management (DRM) systems, digital cinema encryption protocols or conditional access solutions. It is therefore critical to protect keys. Protection tools such as anti-tamper and software-based key protection are therefore critical essential to comprehensive security and to mitigating the full spectrum of threats to digital media applications. Arxan’s protection solution based on diversity, defense-in-depth and randomization provides an effective means to protect intellectual property and private or public keys, thereby minimizing losses to piracy or malware attacks.

Software protection is a critical issue for companies seeking to implement or use digital rights management technology. The best encryption schemes are useless if a hacker can quickly acquire the key. Digital rights management technology is all too easily hacked such that its controls are bypassed entirely, leading to rampant media and music piracy. Arxan provides the lowest total cost of ownership for DRM robustness through durable protection, point and click breach management, strong individualization and secure renewability. Impact on development teams is minimized, since we allow the separation of core application development from its fortification. This allows application vendors to focus on meeting consumer needs while Arxan quickly and effectively secures sensitive routines.

Enterprises and software vendors have long recognized that protecting .NET applications against compromise is vital to their long term viability, and to long term safeguarding of an organization’s software and data assets. In this white paper, we will discuss best practices and how GuardIT® for Microsoft .NET Framework can provide an arsenal of deep and intrinsic protection techniques for managed and mixed-mode code that durably fortify your code against disassembly, static analysis, dynamic analysis and tampering.Protecting .NET Software Applications.

Conventional approaches to countering software piracy have been largely ineffectual. Software vendors want to deliver secure, reliable applications to their customer, but perhaps more important, vendors must protect their valuable intellectual property. This vendor spotlight by IDC examines the current state of software application vulnerability, and the measures that are routinely used by enterprise IT organizations and the software vendors themselves to ensure security against the most common breaches. The paper also profiles software security leader Arxan, and its role in more effective and aggressive software protection.

In this paper, we will discuss prevailing threats to cryptographic keys, a defense-in-depth approach to addressing key vulnerabilities and how to prevent compromise of your enterprise’s intellectual property and customer confidential information. A number of security options that address risk mitigation are also reviewed. Additionally, best practices for key protection, which include application hardening are provided. Lastly, Arxan’s TransformIT™ is presented, which enhances software security by preventing tampering and hacking attacks on keys that are used within software applications. Hence, TransformIT prevents content, data and revenue lost.

Software vendors often believe that a license management solution alone is adequate to secure their software against unauthorized use and tampering. However, global piracy continues to grow. In this white paper, Arxan explains ways to tightly bind security to both their applications and license management systems for overall application security.

While Java offers an efficient framework for developing and deploying enterprise and Web 2.0 server or client-side applications, it also presents many risks. Attacks against Java applications come from many different angles. For instance, a rogue employee steals class files containing critical Intellectual Property, a thick client is reverse engineered to gain visibility into business logic, or a high price tag application is pirated. These attacks are unfortunately easy to carry out given that Java, being an interpreted language, contains program metadata which reveals the inner workings of the application. In this white paper, we will discuss: Software vulnerabilities of Java code Attacks used to exploit Java applications Meaningful application protection against disassembly, reverse engineering and tampering by combining popular measures of security with strong binary-level obfuscation and class encryption How GuardIT® for Java provides defense-in-depth to mitigate risk.

The PCGA believes that this document provides the best known collection of information for protecting PC gaming content and integrity while providing the best possible consumer experience. It covers a very broad number of topics that apply to development, publishing, operations, customer service and legal. It is our hope that if these activities and approaches become more standard and consistent, that legitimate consumer experience will improve while at the same time pirates and hackers will become increasingly discouraged. Ultimately, we hope that some small sub-set of pirates& hackers will convert to legitimate consumers and the PC gaming ecosystem becomes increasingly sustainable as a result. An NDA needs to be in place in order to receive this PCGA Best Practices Whitepaper.