News & Events: Press Releases

The latest news from the IEEE Standards Association.

IEEE STANDARDS ASSOCIATION ICSG UNVEILS IEEE SOFTWARE TAGGANT SYSTEM FOR EXPOSING MALWARE CREATORS

Call issued for proposals to develop software libraries for new system designed to identify users of 'packer' software

Contact:
Shuang Yu, IEEE-SA Marketing Manager
+1 732-981-3424, shuang.yu@ieee.org

Las Vegas, 3 August 2011 – The IEEE Standards Association (IEEE-SA) Industry Connections Security Group (ICSG) today announced a call for proposals to develop software libraries for the new IEEE Software Taggant System. By enabling the identification of specific users of binary "packer" software and the blacklisting of misused license keys, the IEEE Software Taggant System is designed to expose creators of malware (malicious software such as viruses, worms and spyware) and improve computer security.

Software developers can visit the Industry Connections Security Group page to download the ICSG's request for proposals (RFP). The IEEE Software Taggant System and RFP will be detailed in an 11:15 a.m. Aug. 3 presentation at the Black Hat® Technical Security Conference in the Florentine Room at Caesars Palace in Las Vegas.

"The taggant concept and term are adopted from explosives, in which a chemical marker is added to allow tracing after an explosion," said Mark Kennedy, Distinguished Engineer, Security Technology and Response, with Symantec Corp. "We think the IEEE Software Taggant System will drive malware developers away from compliant packers, which would both improve our chances of catching rogue operators and allow antivirus software to more efficiently process legitimate executable files created by packer software."

Binary packer software is frequently used for compressing malware for hard-to-detect distribution. ICSG designed the IEEE Software Taggant System to apply a software marker—a well-defined block of metadata containing cryptographic information—to the output of packers, in order to validate which unique license was used to create an executable file.

ICSG is now requesting proposals from prospective developers of software libraries to be used in the IEEE Software Taggant System. Suppliers must notify ICSG of their intention to bid by Aug. 24, and their proposals must be received by close of business on Sept. 7. Suppliers will be notified of the acceptance or rejection of their bid by Sept. 28. The software libraries are to be completed by Nov. 30. ICSG member companies that are Founding Contributors to the IEEE Software Taggant System will have immediate access to the system, and it will be provided free to packer vendors to encourage adoption and made available to other computer-security vendors.

"Packer vendors and computer-security companies had previously engaged in some one-on-one conversations about this industry need, but such a comprehensive solution would not have happened without ICSG," said Igor Muttik, Senior Architect with McAfee Inc. "In the development of the IEEE Software Taggant System, IEEE-SA is facilitating collaboration across and beyond the computer-security industry to solve a very big problem. ICSG provides an open forum for the exchange of good ideas, and we are constantly seeking to expand the conversation to more and more diverse industry elements."

Said Michael "MiZu" Zunke, Director of Technology, SafeNet Inc.: "Today malware uses code-obfuscation techniques to disguise the malicious actions they take on your machine. As it is a hard problem to overcome such protection technologies, computer-security tools have started to become suspicious if an application uses code protection. As a result, even legitimate content-protection technology—generally put in place to either control application usage or protect intellectual property (IP) from exposure or tampering—can lead to false-positive detections. This forces technology vendors, such as software publishers, to make a decision between security and software accessibility. Joining the IEEE Software Taggant System enables SafeNet to provide our customers a way to enjoy the benefits of the proven IP protection without the risk of triggering a negative response from common malware protection tools."

Added Tony Lee, Security Research Manager with Microsoft and Chair of the IEEE-SA ICSG: "The IEEE Software Taggant System is a clear demonstration of the resolution and collaborative effort by the security industry to protect users and the ecosystem." ICSG, an activity of IEEE-SA's Industry Connections program, formed in 2009 as a global effort to pool experience and resources in combating the systematic and rapid rise in threats to computer security. In addition to its work on the IEEE Software Taggant System, ICSG has released a free XML schema designed to facilitate the quick, cost-effective sharing of information about malware samples between computer-security organizations.

"The effort to develop the IEEE Software Taggant System is a new undertaking for IEEE, necessitated by the unique needs of the computer-security industry," said James Wendorf, Director, IEEE-SA Industry Connections. "Computer threats have grown more coordinated and automated, and ICSG was launched to support industry in addressing the problem in a more sophisticated and collaborative fashion, deliver systematic improvements and more rapidly drive innovations. The IEEE Software Taggant System is an example of precisely the type of value that ICSG was formed to deliver."

Through Industry Connections, IEEE-SA facilitates like-minded organizations coming together quickly, effectively and economically to build industry consensus at strategic points in a technology's lifecycle. Groups have the unique opportunity to leverage IEEE resources in a customized format, host workshops and conferences and produce varied content.

To learn more about the IEEE-SA, visit us on Facebook, external link follow us on Twitter external link or connect with us on the Standards Insight Blog. external link

About the IEEE Standards Association
The IEEE Standards Association, a globally recognized standards-setting body within IEEE, develops consensus standards through an open process that engages industry and brings together a broad stakeholder community. IEEE standards set specifications and best practices based on current scientific and technological knowledge. The IEEE-SA has a portfolio of over 900 active standards and more than 500 standards under development. For more information see the IEEE-SA website.

About IEEE
IEEE, the world’s largest technical professional association, is dedicated to advancing technology for the benefit of humanity. Through its highly cited publications, conferences, technology standards, and professional and educational activities, IEEE is the trusted voice on a wide variety of areas ranging from aerospace systems, computers and telecommunications to biomedical engineering, electric power and consumer electronics. Learn more at IEEE website. external link