Cloakware, Intel focus on application security

A recent alliance between Cloakware Corp. and Intel Corp. underscores their commitment to security, company officials said.

Last month Cloakware announced that Intel had licensed its tamper-resistant software technology to the Ottawa-based firm. The companies also said they will work jointly to integrate Intel’s technology into other current and future Cloakware security products.

The Intel technology addresses the specific security needs of broadcast systems, new media and defense applications, the companies said.

Alec Main, vice-president of products and services at Cloakware, said the Intel licence will serve to provide customers with a broader range of technologies to incorporate within Cloakware’s security tools.

Central to Cloakware solutions is its automated Cloakware/Transcoder offering, which uses proprietary code transformation technology to secure applications.

“What people are realizing is that (developers) need to build security features up front,” Main said.

A key feature of the technology is its ability to inject “diversity” into an application – each instance of the “diversity” is structured differently, but retains identical functionality. Some of the issues surrounding application security centre on defending against sophisticated hackers intent on altering or bypassing functionality, exposing sensitive data or algorithms, or pirating protected digital content.

“The big reason that attacks are so scalable on the Internet, whether it’s for digital content protection or satellite broadcast markets…is that the software is all the same, very homogeneous,” Main said.

But the Cloakware-Intel solution allows developers to retain the source code and when it’s compiled, “it creates diverse instances that are functionally equivalent, but structurally different.”

Unlike traditional perimeter approaches to application security, such as firewalls and other network solutions, the code transformation technology guards against users attempting to change the intended functionality of software, exposing algorithms or sensitive data, or removing digital content protected by that software, Cloakware said.

For developers, noted Vancouver-based independent data security consultant Richard Chadderton, the majority of content protection issues arise from software deployed on open platforms in hostile environments.

It’s important that enterprises realize that security engineering right from the start of a product’s development is, in the long run, the way to go, he added.