Without self-defense and tamper proof mechanisms embedded directly into your code, persistent attacks on the application result in disabled or circumvented security, piracy, unauthorized access, theft, malware insertion or intellectual property loss, which in turn significantly affect your brand, revenue, end-user experience and liability exposure. As the application layer increasingly comes under widespread hacking and cracking attacks, the App Economy demands a more powerful level of security.
Arxan’s unique “Guard” technology provides durable, resilient, layered and customizable application security that is proven to withstand persistent and sophisticated attacks by even the most determined hackers. Businesses spanning diverse markets around the world use our Application Protection Product Suite to preserve the integrity of their code and keys in order to assure brand integrity and preserve revenue streams on millions of devices.
Arxan’s patented and award-winning Guard Technology embeds small security units to “lockdown” applications against attack and are comprised of many Guard types, such as obfuscation,encryption, authentication and other technologies. Our military-grade software security technology originates from satisfying nation-level anti-tamper mandates and is commercially deployed on over 200 million devices worldwide protecting mobile, desktop, embedded and server applications from attack.
Multi-layered and dynamic, various Guard types are used to create a unique security scheme, or GuardSpec®, which is optimized per application. In a GuardSpec, Arxan’s Guards work in concert with each other to combine layers of binary-based Guard types creating a “Moving-Maze” architecture against passive and active attacks. This design of dynamic defense ensures that the “hardened” application has no one single point of failure.
Arxan’s Guard technology is based on various Guard types that perform the functions of Defend, Detect, Alert and React:
Defend against compromise; including powerful white box cryptography for key protection
Detect attempted attacks
Alert and React in a customized fashion to detected attacks to prevent actual compromise
Arxan’s Guard technology is integral to all Arxan products to secure both code and keys from attacks. Leveraging Arxan’ s Guard technology provides app owners with end-to-end compiled in security at the binary layer so that the protection goes wherever the application resides, at rest or run time.
Arxan’s Application Protection Process
Step 1: Assess Risk
Using standard best practices, identify threats to the critical areas of application code (i.e. security logic, authentication routines, jailbreak detection, DRM policies, intellectual property, etc), and which functions are vulnerable to hacking and cracking attacks, such as reverse engineering and tampering.
Step 2: Design Protection
The protection design defines a unique Guard network through an XML-based file called the GuardSpec, which is customized to the unique security requirements of each application. The resulting multi-layered and dynamic web of Guards provides durable security that is scalable and easy to deploy. Each GuardSpec can be easily updated with each new product release (or even sooner as required).
Step 3: Software Protection
Protect your application with Guards compiled in security. Takes the GuardSpec and original compiled binary as input and provides the protected binary as output. Protection is fully automated or can be scripted into your nightly builds via the command line invocation option.
Arxan easily integrates protection at the binary and object levels.
Arxan Guards provide Binary Protection
1. Small security units, under 100 instructions each
2. Inserted directly into the binary
3. Execute at customized locations in your app
4. Protect specified code segment, function or another Guard
5. Customized reactions to detected hacker attacks