Last Man Standing or Self Defensive Software

Mr. Serhat Toktamışoğlu- MilSOFT

Issue 48 - January 2014

In this article, we’ll try to shed some lights on software protection which is actually an interesting sub area of software security. It is part of software security because it may be seen as the last line of defence (for man-at-the-end attacks) for securing your software against certain type of software security attacks. The reason why we call the software protection as “last line of defence” is that if the adversary passes perimeter security measures (firewalls, IDS, AV, etc.) then your software should defend itself to protect its intellectual property as well as to continue run as it is programmed originally.

Software protection is part of software security so it should be considered as a major part of cyber security concepts and studies. In classical cyber warfare approaches, the man-in-the-middle type of attacks is common so perimeter security plays a major role. However, software protection complement but don’t rely upon network firewalls or hardware security. There are many solid cases which you need to protect the software and the content. To name some solid examples; you can think of you’re a military contractor and produce critical embedded software which is used in UAV systems. What happens if the UAV is shot down (or hijacked) in adversary’ territories? What if a maliciously modified/patched version of your fighter’s avionics code which acts unreliable at a critical time was uploaded into your state of art new fighter jets? Or, imagine you wouldn’t have enough time to destroy all critical software and hardware used in your state-of-the-art spy plane when it was forced to land in your adversary’s controlled region. What happens then?