The Safeware Test, Assessment, Research Prototype, Infrastructure, and Literature Overview Team (STARPILOT)

STARPILOT, funded by DARPA’s SafeWare program, aims to evaluate progress in program obfuscation (PO) research by performers in other Technical Areas of SafeWare and keep those performers informed about progress in Program Obfuscation beyond SafeWare.

Typical research programs today in fields such as cryptography focus on making new contributions yet fail to apply adequate expertise and effort to assess them well. Theory contributions often step back in some dimensions of progress to move forward in others, yet typical research programs fail to provide a “level playing field” to allow meaningful comparison of progress in such a “give-and-take” world. Research in cryptography in particular may also address vulnerabilities of contributions, yet fail to apply sufficient effort to implement attacks on those vulnerabilities and learn from them Research in particularly compute-intensive areas of cryptography such as cryptographic program obfuscation would benefit from small-scale demonstrations, but often rely on demonstrating only basic ideas without  certainty about how to extrapolate those results to the real world.

In the STARPILOT project, our Galois-led team aims to provide world-class capabilities that address some of the shortcomings described above. We characterize and compare program obfuscation artifacts created during the program. We manage a repository, shared by all performers, for developing, documenting, and storing those artifacts. We technically assess and characterize implementation artifacts developed by program performers. We quantitatively assess average and worst-case runtime overhead of artifacts; implement attacks and assess adversary work factor (in a platform-independent way) to break security of those artifacts; We operate a measurement infrastructure scaled appropriately for executing those evaluations. We also develop and assist other performers in developing non-trivial, defense-related obfuscation prototypes such as the first SafeWare obfuscation benchmark, already released to the public.

The DARPA SafeWare Program aims to develop obfuscation technology that would render the intellectual property in software (e.g., proprietary algorithms) incomprehensible to a reverse engineer, but allow the code to otherwise compile and run normally. In other words, SafeWare aims to develop the ability for users to access and run programs easily, without being able to determine how the programs work for nefarious purposes.

This material is based upon work supported by the ARO and DARPA under Contract No. W911NF-15-C-0227. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the ARO and DARPA.