How to protect intellectual property on someone else's server

Question

Person A owns a server (in particular, an Amazon EC2 instance).

I have to upload a binary (written in C++) onto this server which periodically receives data from a third party server, and then periodically and strategically sends HTTP requests to some other third party server.

These strategically-sent HTTP requests ultimately generate financial gain, which will be shared between Person A and myself.

I wrote the source code of the binary, which contains a number of trade secrets.

For various reasons, the binary has to be run on Person A's server (and not my own).

Thus, I want to ensure 2 things:

1) That Person A cannot somehow reverse engineer the binary to obtain the aforementioned trade secrets.

2) That Person A cannot copy this binary and run it by himself in perpetuity.

If I'm unable to ensure both of these things, then Person A would be able to cut me out of the process, allowing Person A to reap the entirety of the financial gain himself.

The financial gain may be very large, so it's possible that Person A may be willing to expend a lot of time and resources to do this.

Any thoughts on how to accomplish what I described above? Thanks so much!

Answer 1

Buy your own EC 2 instance.

Break your program into two pieces, a stub and a server.

The stub connects to the server and relays requests, the sever makes the decisions, and the stub responds.

If the server is taken down, the stub won't work; it has no significant IP.

Answer 2

If it were only data that you store on the untrusted server, solution would be simple: encryption (although, the A would have ample opportunity to attempt cracking the encryption, which would have to be taken into consideration when choosing the strength of said encryption).

But you want A to be able to execute the "secret" program, which makes the problem harder. To summarise what you're asking:

1. How do I prevent reverse engineering?
2. How do I do prevent software piracy? In other words: How to implement copy protection?

These are sort of related. If A successfully reverse engineers your program, then they should be able to create a "tampered" version that avoids any copy protection scheme that you attempt to employ.

There is no way to prevent A - or rather A's CPU - from seeing exactly what the program does. These tasks are theoretically impossible to achieve. See for example On the (Im)possibility of Obfuscating Programs (Barak, 2001) for theoretical analysis.

The best that you can achieve through obfuscation is to make it (more or less) harder to reverse engineer. There is plenty of research into obfuscation techniques; I'm sure that you can find a book or two about the subject.

---

If it is an option to require the program to have access to the internet, then you could have the distributed binary be a hollow shell without any trade secrets. The trade secrets could then be stored on your own server, and the distributed binary could make requests to that trusted server which does the secret thing and responds with the result.

This of course has performance implications as well as responsibility of maintaining your own public server.

If your secrets are valuable enough, you might not want to trust a cloud provider to host the server - safer to buy your own hardware. Then again, how much do you trust Intel? It could be even safer to design your own CPU. Then again, how much do you trust your own engineers...

Answer 3

I didn't study this in detail but at first sight it looks like solution: Software Guard Extensions