User:Wiketech/sandbox

Arxan Technologies ("Arxan") Arxan is a privately held global software security company with application protection technology that secures software applications.

Arxan’s software-based security products and services protect mobile, desktop, server and embedded software applications for industry leaders in digital media  , financial services, enterprise, ISVs and gaming companies to ensure the underlying applications of their business models maintain integrity.

The company is headquartered in Bethesda, MD, with engineering and research and development facilities in both San Francisco, CA and West Lafayette, IN, and also has international offices in EMEA and APAC. Arxan is venture backed with investments from Trident Capital, EDF Ventures, Legend Ventures, Paladin Capital, Dunrath Capital, TDF Fund and Solstice Capital.

Products
Arxan has patented security products   for code hardening, key security and node locking  to provide  application protection for code, data and keys. The company’s Guarding technology enables companies to deploy internal and real-time guarding of applications to make code tamper-aware and tamper-resistant through self-protections.

All Arxan products are deployed in concert with Arxan’s binary- based guarding technology to safeguard revenue channels from tampering, piracy and unauthorized access across diverse platforms, including those designed for mobile platforms and devices such as Android™ , and iOS®.

Code Hardening
Spanning a broad range of platforms, of languages (native and hybrid) and operating systems, Arxan’s GuardIT® and EnsureIT® code hardening products work at the binary and object-level to defend, detect, alert and react to application threats. Without changing source code or disrupting software development, Arxan’s security technology provides tamper resistance by embedding Guards (a collection of interdependent protection routines) directly into a program.

A customized and renewable security design is implemented for each application and is comprised of a diverse set of Guards protecting each other in a layered approach to provide encryption, obfuscation, anti-debugging and other security mechanisms against passive and active application attacks. Arxan anti-tamper, anti-reverse engineering technology protects applications at the final security perimeter against code analysis, malware invasion, unauthorized use, access control circumvention, piracy or intellectual property theft.

GuardIT

GuardIT is Arxan’s founding technology which targets x86  Native code. It performs code transformations on executable files to effect anti-tamper and anti-reverse engineering attributes in the software, under the control of an input Guard Specification file. A variety of proprietary code obfuscation and dynamic protection mechanisms are available through the injection of “Guards”, which are small units of run-time code that perform a variety of security functions. GuardIT for x86 is a code processing tool that targets final native x86 executable code for Windows ,Linux or Mac OS X.

GuardIT for.NET code shares common code engine processing elements with GuardIT for x86, and performs similar functions, with the addition of substantial obfuscation and/or elimination of metadata components to stymy casual reversing that is generally enabled by byte code languages such as .NET. The .NET functionality extends for coverage of Microsoft Silverlight software and application code for Windows Phone 7.

GuardIT for Java is a fully independent product from the other GuardIT target versions. While it uses the same general approaches to anti-tamper and anti-reverse engineering, the specific features are appropriate for Java code.

EnsureIT

EnsureIT is Arxan's mobile and embedded code protection technology for non-x86 architectures. EnsureIT utilizes the same general approach and techniques used in GuardIT, but is implemented at the object code level instead of at the binary executable  code level. Arxan's EnsureIT technology supports a wide variety of processors including ARM, MIPS, PowerPC platforms with code protection products such as Android/ARM code, iOS/ARM code, and Linux/ARM code MacOS/PPC code.

Cryptographic Key Security
Arxan provides cryptographic key security with its TransformIT® product.

TransformIT

TransformIT is a White Box Cryptography solution which protects the secrecy of keys. The technology achieves key security via combination of mathematical algorithms and code and data obfuscation techniques. These techniques enable encryption and decryption functionality and never require the key to be present in memory, in complete or even partial form, but rather only in an encoded (hidden) form. A wide range of cyphers are supported, including at a high level AES, RSA and ECC.

TransformIT secures static and dynamic keys, as well as sensitive data and is commonly used with code hardening to ensure all programmatic elements of an application are tamper resistant to maintain application integrity.

Secure Node Locking
BindIT

BindIT(R) is Arxan's technology for locking software to a particular instance of computing hardware. The product uses a wide number of hardware identifiers, and includes a sensitivity level to allow some degree of hardware change without triggering a hardware mismatch failure.

Professional Services
Arxan’s provides Professional Services that evaluate and design anti-tamper plans, conduct vulnerability assessments, provide technical training and create product-specific protection schemes.

Partnerships and Industry Affiliates
IBM Rational: Arxan works with IBM Rational tools to secure and harden applications. Arxan has achieved Best Practice Compliance status for its solution, GuardIT for Java, which integrates seamlessly with the Rational Application Developer IDE.

ARM: Arxan protects applications in ARM-based architectures with its EnsureIT family of application hardening products. Microsoft Visual Studio: Arxan works with Microsoft Visual Studio tools to secure and harden applications. Flexera Software: Arxan provides application security that mitigates license management piracy and tampering. One of the most common attacks on software applications today is to circumvent or defeat the license management policies of a software application using Binary Code Modification. In conjunction with Flexera, GuardIT for FlexNet Publisher is specifically designed to thwart binary level attacks by protecting FlexNet libraries and application calls to the FlexNet libraries.

Red Hat: Arxan protects applications in Linux-based platforms with GuardIT family of application hardening products. Intertrust: Arxan protects InterTrust technologies such as Marlin DRM solutions.

Google Widevine:  Arxan protects Google technologies such as its  Widevine DRM solutions.

Fortify Software: Arxan’s application protection solutions extend Fortify’s source code analysis by ensuring application integrity is maintained with code hardening.

UltraViolet ®: The Digital Entertainment Content Ecosystem (DECE) LLC is an open, cross-industry consortium formed to facilitate the development and operation of UltraViolet™ – an ecosystem delivering a new digital media experience for home video entertainment. Centered around a shared, cloud-based account and an interoperable digital rights locker system, UltraViolet will allow consumers to create personal virtual video libraries, with the freedom to access movies and TV shows both at home and on-the-go across multiple devices.

PCGA: The PC Gaming Alliance (PCGA) is a nonprofit corporation whose mission is to drive the continued growth of gaming on Personal Computers, the world’s most popular platform for gaming. The PCGA provides an open forum where companies can cooperate to develop and promote solutions that drive the PC gaming industry forward, exchange information and views to promote PC gaming, and share promotional activity designed to grow the PC gaming industry.

CEA: The Consumer Electronics Association (CEA) unites 2,000 companies within the consumer technology industry. CEA's mission is to grow the consumer electronics industry.

DAPA: The Digital Asset Protection Association (DAPA) is dedicated to the advancement and successful deployment of technologies for protecting the privacy and integrity of digital assets including software, content, keys, and other valuable digital information. DAPA is a trusted advisor and recognized authority on digital asset protections, and is instrumental in developing industry-specific standards, evaluation criteria, best practices and curricula.

CERIAS: is one of the world's leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure. CERIAS is unique among such national centers in its multidisciplinary approach to the problems, ranging from purely technical issues (e.g., intrusion detection, network security, etc) to ethical, legal, educational, communicational, linguistic, and economic issues, and the subtle interactions and dependencies among them. The mission of CERIAS is to advance the knowledge and practice of information assurance and security through the performance of world-class research, the delivery of the highest quality education, and by serving as an unbiased source of information locally, nationally, and internationally.

History
Arxan was founded in 2001 by Dr. Hoi Chang (VP of Technology, Arxan), based on PhD research performed at Purdue University under the direction of Dr. Mikhail Atallah to protect defense technologies (US DoD weapons systems/command and control). With the hire of Michael Dager as CEO and Chairman of the Board, in 2006 Arxan broadened into the commercial market. In 2009 the defense business subsidiary Arxan Defense Systems was sold to MicroSemi Corporation, and the company has since focused on providing best of breed application protection product and services to commercial markets across all platforms.