How GuardIT^® Works

Harden Your Applications

GuardIT enables you to quickly build and easily customize a Guard Network (represented by an XML file called a GuardScript™) to protect your application. It then automates the process of injecting Guards according to the scheme specified by the GuardScript into your compiled binary.

Arxan Guards provide Binary Protection. The Guards are:

1. Small security units, under 100 instructions each
2. Inserted directly into the binary by sophisticated engine
3. Execute at specified locations in your application
4. Protect a specified area or function in your application, or another Guard.
5. React when a hacker attack is detected

Arxan Guard Types:

Arxan’s Guard technology is based on various Guard types that perform the functions of Defend, Detect and React:

• Defend against compromise
  • Encryption and Obfuscation to deter static reverse engineering
• Including powerful white box cryptography for key protection
  • Pre- and post-damage to minimize window of opportunity
• Detect attempted attacks
  • Anti-Debug to detect reverse engineering attempts
• Authentication and anti-tamper to detect modification attempts
• React in a customized fashion to detected attacks to prevent actual compromise to prevent actual compromise
  • Self-healing to undo attempted tampering
  • Customizable reactions, e.g. traitor tracing, warn user, exit or crash

Arxan’s Guards work in concert with each other that combines layers of these binary-based Guard types and creating“Moving-Maze” architecture against attacks. This design of dynamic defense ensures that the fortified application has no one single point of failure.

 

There are 3 Easy Steps to Protect Your Software Application with GuardIT:

Step 1: Assess Risk
Using standard best practices, Identify threats to the software, and which functions within the software are vulnerable.

Step 2: Design Protection
The protection design defines the Guard network through an XML-based file called the GuardScript. GuardIT provides the GuardScript Design Wizard – an intelligent, patent-pending engine which automatically generates an optimal Guard network based on your risk assessment.

Advanced users can use the Design Wizard to generate an initial GuardScript, and then augment it for advanced protection measures, custom reactions and fine-grained performance control.

Step 3: Software Protection
Protect your application with Guards. GuardIT takes the GuardScript and original compiled binary as input and provides the protected binary as output. Protection is fully automated and can be done via a button click on the user interface or can be scripted into your nightly builds via the command line invocation option.