CA2324759A1 - Tamper resistance with pseudo-random binary sequence program interlocks - Google Patents
Tamper resistance with pseudo-random binary sequence program interlocks Download PDFInfo
- Publication number
- CA2324759A1 CA2324759A1 CA002324759A CA2324759A CA2324759A1 CA 2324759 A1 CA2324759 A1 CA 2324759A1 CA 002324759 A CA002324759 A CA 002324759A CA 2324759 A CA2324759 A CA 2324759A CA 2324759 A1 CA2324759 A1 CA 2324759A1
- Authority
- CA
- Canada
- Prior art keywords
- pseudo
- binary sequence
- differentiated
- random binary
- differentiated section
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 101150071746 Pbsn gene Proteins 0.000 claims abstract 4
- 238000000034 method Methods 0.000 claims description 20
- 238000001514 detection method Methods 0.000 claims description 3
- 230000002093 peripheral effect Effects 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 33
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000018109 developmental process Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 206010042618 Surgical procedure repeated Diseases 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- PWPJGUXAGUPAHP-UHFFFAOYSA-N lufenuron Chemical compound C1=C(Cl)C(OC(F)(F)C(C(F)(F)F)F)=CC(Cl)=C1NC(=O)NC(=O)C1=C(F)C=CC=C1F PWPJGUXAGUPAHP-UHFFFAOYSA-N 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 239000013598 vector Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
Abstract
Tamper resistance is provided to avoid observation of the behavior of portions of software by calling a function exclusively available in one differentiated section of a processor and its peripherals and drivers from another differentiated section. A pseudo-random binary sequence generator is associated with each such differentiated section and incremented incident to the calling and performance of the function, respectively. The pseudo-random binary sequence values are compared prior to allowing or preventing further execution of the software.
The comparison can be performed at any privilege level and a variation of the invention provides additional security by utilizing an additional privileged function to perform the comparison. An enhancement of the invention corrupts data or program files using a PRBS value at one privilege level and performs the inverse function to restore the data or program files at another privilege level with its own PRBS
value.
The comparison can be performed at any privilege level and a variation of the invention provides additional security by utilizing an additional privileged function to perform the comparison. An enhancement of the invention corrupts data or program files using a PRBS value at one privilege level and performs the inverse function to restore the data or program files at another privilege level with its own PRBS
value.
Description
TAMPER RESISTANCE WITH PSEUDO-RANDOM
BINARY SEQUENCE PROGRAM INTERLOCKS
BACKGROUND OF THE INVENTION
Field of the Invention The present invention generally relates to the provision of security for computer software applications and, more particularly, to arrangements for preventing observation of the behavior of applications programs by unauthorized personnel.
Description of the Prior Art The number and diversity of computer applications software has proliferated during the past few years. Hardware developments of computers has allowed the functionality of such applications programs to be greatly expanded and, consequently the amount of code that must be written and other development costs has increased greatly. During the same period of time, the awareness of software vendors of the value of such programs which may be lost by unauthorized duplication has grown. Accordingly, it is now common practice for software vendors to require registration of individual program copies or to sell site licenses for particular users and to include features in the program which prevent the running of the application or maj or portions thereof by persons other than 2 0 those to whom the program copy is registered.
Registration of software is generally enforced by disabling large portions of the software unless access is authorized in accordance with the registration. In much the same manner, it is common practice to promote sales of software by providing the software to the user, possibly on-line, in a form which has reduced functionality similar to that of a demonstration copy which can 2 5 be run sufficiently for a potential purchaser to determine whether or not to purchase it. The enablement of initially disabled functions is then performed remotely upon purchase, payment and registration. Distribution of software in such a convertible form also provides the benefit of avoiding the need to produce a separate version as a demonstration copy and the potential for corruption of one copy with another.
However, while such features have developed a level of sophistication and complexity and have achieved a good level of security, it is axiomatic that any such feature can be defeated by modification of the application program to bypass such features. The process by which functionality of protected software and access to protected functions can be restored is generally referred to as "hacking", which is also generally applied to the defeat of password protection, user identification or verification and the like. The process of modification of the program is often referred to as "patching". The quality of providing difficulty in modification of the program by hacking is referred to as "tamper resistance". Of course, "tamper resistance" is a desirable quality for many types of software, such as databases, as well as application programs.
Creation of tamper resistant software often involves the concept of privilege levels incorporated in the processor and so-called privileged instructions.
Privileged instructions are generally required to allow access to restricted features of the processor architecture. For example, privileged instructions or functions may include the loading and unloading of protected dedicated debug registers in the processor, hooking of interrupt vectors and processing critical operating system (OS) memory areas as well as input/output (I/O) fixnctions. These privileged functions are controlled (e.g. requested) by the application at a low privilege level but are actually performed by other structure or software at a higher privilege level during normal operation of the application program through more privileged operating system components. In particular, execution of I/O
functions is restricted to the highest privilege levels) of the OS and cannot be performed but only 2 0 requested by applications operating or executing at lower privilege levels.
That is, to make application software more secure, consistent with software development requirements, it is often necessary to develop a privileged companion software module (usually in the form of a device driver) which works in tandem with the application and performs these privileged operations on behalf of the less privileged application. When the application has a need 2 5 (or should have a need, as determined by the programmer) to verify system integrity or to determine if certain types of tampering have occurred, the application can make a call to the privileged module to perform these services. Unfortunately, such an organization and its relatively widespread use make the interface between the application and the privileged module a logical point of attack for attempting to defeat a security feature. For example, patching out the security related calls to the END9-1999-O l 13 2 privileged module would, in many cases defeat the tamper resistance and integrity check functions they are intended to perform.
While no form of tamper resistance is completely secure, it is generally recognized that the greater the level of complexity that can be provided in such measures (e.g. by inclusion of more techniques, traps and interdependencies) within the application and the corresponding privileged module, the lower the likelihood of success in defeating them within a given amount of time and effort to compromise application or data integrity or to obtain access to secrets contained therein.
Unfortunately, such complexity may also compromise the reliability and/or stability of the software application (or, for example, the robustness of a data base and/or error recovery systems) as well as l0 the execution speed and efficiency of the software, itself. Therefore, there is a heretofore unavoidable trade-off between efficiency of application execution and security of the application, itself, and its data.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a technique of increasing security for software by detection of tampering and termination of execution and/or corruption of files when tampering is detected.
It is another obj ect of the present invention to provide effective security for software without significant compromise of execution efficiency of the software.
It is a further object of the invention to prevent the observation of software behavior by unauthorized persons.
It is yet another object of the invention to prevent unauthorized enablement or observation of disabled or protected portions of software.
In order to accomplish these and other objects of the invention, a method for providing tamper resistance in software running on a processor having a plurality of differentiated sections, a first differentiated section being capable of performing a function not available on a second differentiated section, and software containing commands for performing the method are provided comprising the steps of incrementing a first pseudo-random binary sequence associated with the second differentiated section, calling the function in the first differentiated section from the second differentiated section, incrementing a second pseudo-random binary sequence generator associated with the first differentiated section, performing the function (which may include a comparison of 2 0 pseudo-random sequence values or may or may not include one or more operations in addition to the incrementing of a pseudo-random binary sequence generator), comparing pseudo-random binary sequence values in said first and second pseudo-random binary sequence generators, and controlling execution of said software in accordance with a result of the comparison.
In accordance with another aspect of the invention, a method for providing tamper resistance 2 5 in software running on a processor having a plurality of differentiated sections, one differentiated section being capable of performing a function not available on a second differentiated section, and software containing commands for performing the method are provided comprising the steps of altering data using an algorithm and a pseudo-random binary sequence value in a first differentiated section, and altering data using an inverse algorithm and a pseudo-random binary sequence value at the first differentiated section, whereby data altered by said algorithm is restored when the pseudo-random binary sequence values of said differentiated section and said another differentiated section are the same.
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing and other objects, aspects and advantages will be better understood from the following detailed description of a preferred embodiment of the invention with reference to the drawings, in which:
Figure 1 is a high-level block diagram of a preferred embodiment of the invention and illustrating operation thereof, Figures 2A and 2B comprise a flow chart depicting the operation of the embodiment of the invention illustrated in Figure 1, Figure 3 is a high-level block diagram illustrating preferred enhancements to the embodiment of Figure 1, and Figure 4 is a flow chart illustrating the enhancement of the invention shown in Figure 3.
DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION
Referring now to the drawings, and more particularly to Figures 1, 2A and 2B, there is shown an embodiment of the invention 100 in high-level schematic block diagram form.
It should be noted that an arbitrary time scale (from left to right) is provided in Figure 1, as indicated by arrow 104, in which solid blocks denote functional elements which may be embodied in either hardware or software. Blocks depicted with dashed lines represent software sequences for which protection is desired. In Figures 2A and 2B, the sequence proceeds from top to bottom and the software on which each function illustrated is performed is segregated to the left or right in much the same manner that Figure 1 is divided by dashed line 106 which divides privilege levels. Thus, Figures 1 and Figures 2A and 2B depict much the same subject matter with different emphasis and point of view.
Corresponding reference numerals will be used where possible. (The same drawing conventions are adopted in Figures 3 and 4, respectively, as well.) Pseudo-random binary sequence (PRBS) generators are well-known and have been used and implemented in many forms, as will be recognized by those skilled in the art.
In general, PRBS
generators are embodied as a logic array that may include a plurality of storage devices. One often used form of PRBS generator utilizes a serially connected string of flip-flops in the nature of a shift register. It has been shown for such shift registers of various lengths that feedback of the output of some stages to other stages as either the true or complement value and possibly combined logically 2 0 with the output of other stages (more generally referred to as a mask), long strings of logic values can be produced that have statistical properties substantially identical to truly random values. Of course, such a hardware implementation can be, and often is, simulated in software in a manner well-understood in the art. (In fact, a software implementation is much preferred for practice of the invention, as will be discussed in greater detail below.
The repetition period of a PRBS generator may be made extremely long relative to the number of storage stages provided. The output of a PRBS generator may be taken serially from a single stage or in parallel in a byte of arbitrary length (up to the number of storage stages) in parallel from internal taps. While the PRBS will repeat after a number of binary digits that may be made arbitrarily long, the starting point of the sequence may be begun at any point by the particular values which are initially provided to the PRBS generator as, for example, the initial storage states of the storage devices therein. These initial states are collectively referred to as a seed value. Therefore, the number of unique sequences which can be derived from a PRBS generator is equal to the number of digits in the repetition sequence.
Further, each different logic array interconnection or mask in the PRBS
generator (e.g.
feedback and logical combination of outputs of respective stages) will provide a unique binary sequence. By the same token, however, the same binary sequence can only be derived from functionally identical PRBS generators having the same mask, number of storage stages and initialized with the same seed value. Therefore, PRBS sequences are difficult to duplicate without foreknowledge of these parameters.
The invention, in principle, uses two identical PRBS generators 110 and 120 (or PRBS
generators having the same mask and number of stages, n) and initialized with the same seed value which are incremented upon the request and execution of a privileged call, respectively. One of these identical PRBS generators is provided at or made accessible to each of the privilege levels between which tamper resistance is to be provided in accordance with the principles ofthe invention.
The PRBS from the PRBS generators are compared at either the more privileged or less privileged level (or other functions performed at both differing privilege levels based on the PRBS in each respective level) and interruption of execution and interception of results of the more privileged function are carried out whenever the respective PRBS signals are not identical. This basic mode 2 0 of operation can be carried out very rapidly and does not significantly compromise execution efficiency of the software, even when repeated frequently, and can be readily enhanced as will be described in greater detail below, with reference to Figures 3 and 4.
Referring now to Figure 1 and Figures 2A and 2B, It will be appreciated that two levels of privilege are shown; each having a respective PRBS generator 110 or 120. These levels of privilege are denominated as ring 3 (less privileged) and ring 0 (more privileged) consistent with Windows-Intel environment terminology. However, it should be understood that the invention is fully applicable to any environment in which different functions are executed at different privilege levels or otherwise restricted to execution by specific, segregated hardware, software or firmware.
For example, a specific data path or register may be required for execution of a command.
That is, for successful practice of the invention to provide its intended purpose, it is only necessary for the processor or its peripherals or drivers therefor to have (or be configurable to have) differentiated operational sections capable ofbeing associated with discrete, identical (or identically configured and initialized) PRBS generators and that one such differentiated section be capable of performing a function not available in the other differentiated section.
Accordingly, the term "differentiated section" should be understood as comprehending all such possible arrangements meeting these conditions.
In this regard, it can be appreciated that implementation of the PRBS
generators in software is preferred principally because hardware access may be denied at lower privilege levels which would thus require a software PRBS generator implementation. Further, software implementation of PRBS generators facilitates provision of identical PRBS generators and initialization thereof in both an application and its companion device driver or other higher privilege level software. It will also be appreciated that the invention can and should be used to protect the PRBS generators, themselves.
It is assumed for purposes of the following discussion that the application or other software is executing and performing functions which have not been secured in accordance with the invention, as indicated at dashed arrow 200. It is also assumed that PRBS generators 110, 120 have been initialized to the same seed value, the same mask and the same value of n and thus will output the same value and can be considered as being synchronized.
2 0 At some point in the list of program instructions prior to a section of the program which it is desired to secure, a sequence of operations A (and/or B and/or X) is interposed. These operations need not be performed in immediate sequence but can have other operations interposed among them in order to render their purpose less recognizable to unauthorized personnel.
For purposes of explanation of the invention, the sequence of instructions A is indicated as comprising three operations A1, A2 and A3. Each ofthese operations may include a plurality of commands.
When sequence A is reached in the program to secure one or more subsequent operations (e.g. A2) which are performed at a different privilege level or with specific hardware, step A1 increments the PRBS generator as shown at 202 and proceeds to protected step A2 which calls the desired function A (Fn,~) at privileged ring 0 (e.g. in the device driver) as shown at 204. Function A then increments PRBS generator 120. Function A then performs the desired operation and make a return to the application as shown at 208.
The application then proceeds to operation A3 and fetches the output of PRBS
generator 110 as shown at 210 and calls Fnp to fetch the output of PRBS generator 120 as shown at 212 and return it to the application as shown at 214. Operation A3 then compares the outputs of PRBS generators 110 and 120 and, since they were both initially synchronized and both incremented once in the course of sequence A the comparison will be successful and the application continues as shown at 218.
Sequence B operates in a similar manner and need not be separately described.
If the comparison of PRBS generator outputs is successful in operation B3 (corresponding to operation A3) the application continues as shown at 222.
If, however, operation A2 had not been authorized because, for example, the application had not been registered and access to ring 0 or any function therein (or operation to be performed thereby) was denied, the application could not proceed. If an unauthorized user were to attempt to defeat this denial of access by patching out step A1 (202), step A2 would increment PRBS generator 120 without PRBS generator 110 being incremented and the comparison at A3 (216) would fail.
Conversely, if an attempt to defeat the denial of access was made by patching out the incrementing of PRBS generator 120 during operation A, the comparison would also fail.
Attempting to defeat the denial of access to subsequent sections of the application (e.g. for 2 0 comparison of code) by patching out function A (e.g. by deleting or "NO-OPing operation A2) would also cause failure of the comparison since PRBS
generator 110 would be incremented while PRBS generator 120 would not. Attempting to defeat the denial of access by patching in an increment or decrement to the PRBS generator 120 or 110 would also cause failure of the comparison at A3 since FnA and other privileged functions, in accordance with the invention, increments PRBS generator 120 before performing the function.
Even if a privileged function is performed, a comparison is made before report of the result to the application. Upon failure of the comparison 216, the execution of the application may be terminated in any manner desired by the programmer, for example, by branching to any desired subroutine including deletion of the application or a more or less critical portion thereof from storage or even the storage medium by which it was loaded onto the computer.
A minimum of two patches must be simultaneously and correctly performed in order to defeat the denial of access to the privileged function and it is very unlikely that this could be successfully accomplished by an unauthorized user that does not have foreknowledge of the behavior of the application. It should be recalled that the observation of the behavior of the system is the very type of tampering which the invention is intended to prevent. Therefore, it can be understood that the invention, while simple and rapidly executable even if utilized or repeated many times in the application, is quite effective in providing protection against tampering which could expose the behavior of the application to an unauthorized person.
It is immaterial to the practice of the basic principles of the invention where the comparison is performed or if additional functions are performed in doing so that may also be privileged functions. However, some additional protection may be provided by performing such additional functions as will now be described in regard to secured operation X in Figure 1 and Figure 2B. In this case, operation X 1 increments PRBS generator 110 as before in operation A 1 as shown at 222.
Operation X2 calls FnX (224) and increments PRBS generator 120 (226) as before. A return is made to the application (228), again, in the manner described above.
Then operation X3 fetches (230) the PRBS value from PRBS generator 110 but now calls operation FnP and provides the PRBS value (232) from PRBS generator 110 to the device driver.
Privileged function Fnp, then fetches the PRBS value from PRBS generator 120 and performs the comparison. Fnp, either does not increment the PRBS generator 120 further or, alternatively, both X3 and Fnp, could be arranged to further increment PRBS generators 110 and 120, respectively. This operation is similar to operation sequence A except that the comparison is performed at a higher (or at least different) privilege level. In practical effect, however, more locations are provided at which patches can be incorrectly applied by an unauthorized person and an inconsistency in convention is 2 5 provided at either X3 or FnP, as compared to operation A3 and other privileged functions.
Referring now to Figures 3 and 4, an enhancement of the invention will now be described.
Whereas the embodiment of the invention described above can initiate termination of the application or destruction or corruption of files after the comparison of PRBS outputs fails, the enhancement of the invention illustrated in Figures 3 and 4 includes file corruption and repair as part of the tamper resistance and thus is both more robust in performance and causes protective action to be taken at an earlier time even before tampering is detected. This enhancement will be described as a variation A' of secured operation A described above.
Operation A1 is performed as before to increment PRBS generator 110. However, as indicated at 402, the incremented PRBS value is returned to the application.
Operation A2' utilizes the PRBS value to intentionally disrupt or corrupt data and/or application program code using an algorithm X, as shown at 404 and the current PRBS value from PRBS generator 110. Operation A3' then calls privileged function FnA, to perform operation A' after incrementing PRBS generator 120 and returning the new PRBS value. The new PRBS value from PRBS generator 120, which should now be the same as that of PRBS generator 110, is then used to perform operation A4 using the PRBS value from PRBS generator 120 and algorithm X' which is the inverse of algorithm X to reconstruct the data or code corrupted at 404 as shown at 410.
In this case, no separate comparison need be made since incorrect reconstruction of the data or code will either halt the application or return an incorrect and meaningless result (since the data or code was corrupted by an effectively random binary code sequence). Further, no privileged operation other than the corruption and reconstruction of data need be performed in the course of operation A' and virtually no information can be obtained from the application by an unauthorized person attempting to observe program behavior. This enhancement may be used alone or in combination with privileged functions utilizing comparison as an alternative to particular instances 2 0 of privileged functions such as A, B or X described above.
In view of the foregoing, it is seen that the invention, while simple and rapidly executed, provides a very high degree of tamper resistance in a single instance.
Multiple instances of the invention can be provided and the tamper resistant procedure repeated, particularly with variations (e.g. Figure 2B) and enhancements (e.g. Figure 4) to provide a practically insurmountable degree 2 5 of protection without compromising execution speed of the application.
While the invention has been described in terms of a single preferred embodiment, those skilled in the art will recognize that the invention can be practiced with modification within the spirit and scope of the appended claims.
BINARY SEQUENCE PROGRAM INTERLOCKS
BACKGROUND OF THE INVENTION
Field of the Invention The present invention generally relates to the provision of security for computer software applications and, more particularly, to arrangements for preventing observation of the behavior of applications programs by unauthorized personnel.
Description of the Prior Art The number and diversity of computer applications software has proliferated during the past few years. Hardware developments of computers has allowed the functionality of such applications programs to be greatly expanded and, consequently the amount of code that must be written and other development costs has increased greatly. During the same period of time, the awareness of software vendors of the value of such programs which may be lost by unauthorized duplication has grown. Accordingly, it is now common practice for software vendors to require registration of individual program copies or to sell site licenses for particular users and to include features in the program which prevent the running of the application or maj or portions thereof by persons other than 2 0 those to whom the program copy is registered.
Registration of software is generally enforced by disabling large portions of the software unless access is authorized in accordance with the registration. In much the same manner, it is common practice to promote sales of software by providing the software to the user, possibly on-line, in a form which has reduced functionality similar to that of a demonstration copy which can 2 5 be run sufficiently for a potential purchaser to determine whether or not to purchase it. The enablement of initially disabled functions is then performed remotely upon purchase, payment and registration. Distribution of software in such a convertible form also provides the benefit of avoiding the need to produce a separate version as a demonstration copy and the potential for corruption of one copy with another.
However, while such features have developed a level of sophistication and complexity and have achieved a good level of security, it is axiomatic that any such feature can be defeated by modification of the application program to bypass such features. The process by which functionality of protected software and access to protected functions can be restored is generally referred to as "hacking", which is also generally applied to the defeat of password protection, user identification or verification and the like. The process of modification of the program is often referred to as "patching". The quality of providing difficulty in modification of the program by hacking is referred to as "tamper resistance". Of course, "tamper resistance" is a desirable quality for many types of software, such as databases, as well as application programs.
Creation of tamper resistant software often involves the concept of privilege levels incorporated in the processor and so-called privileged instructions.
Privileged instructions are generally required to allow access to restricted features of the processor architecture. For example, privileged instructions or functions may include the loading and unloading of protected dedicated debug registers in the processor, hooking of interrupt vectors and processing critical operating system (OS) memory areas as well as input/output (I/O) fixnctions. These privileged functions are controlled (e.g. requested) by the application at a low privilege level but are actually performed by other structure or software at a higher privilege level during normal operation of the application program through more privileged operating system components. In particular, execution of I/O
functions is restricted to the highest privilege levels) of the OS and cannot be performed but only 2 0 requested by applications operating or executing at lower privilege levels.
That is, to make application software more secure, consistent with software development requirements, it is often necessary to develop a privileged companion software module (usually in the form of a device driver) which works in tandem with the application and performs these privileged operations on behalf of the less privileged application. When the application has a need 2 5 (or should have a need, as determined by the programmer) to verify system integrity or to determine if certain types of tampering have occurred, the application can make a call to the privileged module to perform these services. Unfortunately, such an organization and its relatively widespread use make the interface between the application and the privileged module a logical point of attack for attempting to defeat a security feature. For example, patching out the security related calls to the END9-1999-O l 13 2 privileged module would, in many cases defeat the tamper resistance and integrity check functions they are intended to perform.
While no form of tamper resistance is completely secure, it is generally recognized that the greater the level of complexity that can be provided in such measures (e.g. by inclusion of more techniques, traps and interdependencies) within the application and the corresponding privileged module, the lower the likelihood of success in defeating them within a given amount of time and effort to compromise application or data integrity or to obtain access to secrets contained therein.
Unfortunately, such complexity may also compromise the reliability and/or stability of the software application (or, for example, the robustness of a data base and/or error recovery systems) as well as l0 the execution speed and efficiency of the software, itself. Therefore, there is a heretofore unavoidable trade-off between efficiency of application execution and security of the application, itself, and its data.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a technique of increasing security for software by detection of tampering and termination of execution and/or corruption of files when tampering is detected.
It is another obj ect of the present invention to provide effective security for software without significant compromise of execution efficiency of the software.
It is a further object of the invention to prevent the observation of software behavior by unauthorized persons.
It is yet another object of the invention to prevent unauthorized enablement or observation of disabled or protected portions of software.
In order to accomplish these and other objects of the invention, a method for providing tamper resistance in software running on a processor having a plurality of differentiated sections, a first differentiated section being capable of performing a function not available on a second differentiated section, and software containing commands for performing the method are provided comprising the steps of incrementing a first pseudo-random binary sequence associated with the second differentiated section, calling the function in the first differentiated section from the second differentiated section, incrementing a second pseudo-random binary sequence generator associated with the first differentiated section, performing the function (which may include a comparison of 2 0 pseudo-random sequence values or may or may not include one or more operations in addition to the incrementing of a pseudo-random binary sequence generator), comparing pseudo-random binary sequence values in said first and second pseudo-random binary sequence generators, and controlling execution of said software in accordance with a result of the comparison.
In accordance with another aspect of the invention, a method for providing tamper resistance 2 5 in software running on a processor having a plurality of differentiated sections, one differentiated section being capable of performing a function not available on a second differentiated section, and software containing commands for performing the method are provided comprising the steps of altering data using an algorithm and a pseudo-random binary sequence value in a first differentiated section, and altering data using an inverse algorithm and a pseudo-random binary sequence value at the first differentiated section, whereby data altered by said algorithm is restored when the pseudo-random binary sequence values of said differentiated section and said another differentiated section are the same.
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing and other objects, aspects and advantages will be better understood from the following detailed description of a preferred embodiment of the invention with reference to the drawings, in which:
Figure 1 is a high-level block diagram of a preferred embodiment of the invention and illustrating operation thereof, Figures 2A and 2B comprise a flow chart depicting the operation of the embodiment of the invention illustrated in Figure 1, Figure 3 is a high-level block diagram illustrating preferred enhancements to the embodiment of Figure 1, and Figure 4 is a flow chart illustrating the enhancement of the invention shown in Figure 3.
DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT OF THE INVENTION
Referring now to the drawings, and more particularly to Figures 1, 2A and 2B, there is shown an embodiment of the invention 100 in high-level schematic block diagram form.
It should be noted that an arbitrary time scale (from left to right) is provided in Figure 1, as indicated by arrow 104, in which solid blocks denote functional elements which may be embodied in either hardware or software. Blocks depicted with dashed lines represent software sequences for which protection is desired. In Figures 2A and 2B, the sequence proceeds from top to bottom and the software on which each function illustrated is performed is segregated to the left or right in much the same manner that Figure 1 is divided by dashed line 106 which divides privilege levels. Thus, Figures 1 and Figures 2A and 2B depict much the same subject matter with different emphasis and point of view.
Corresponding reference numerals will be used where possible. (The same drawing conventions are adopted in Figures 3 and 4, respectively, as well.) Pseudo-random binary sequence (PRBS) generators are well-known and have been used and implemented in many forms, as will be recognized by those skilled in the art.
In general, PRBS
generators are embodied as a logic array that may include a plurality of storage devices. One often used form of PRBS generator utilizes a serially connected string of flip-flops in the nature of a shift register. It has been shown for such shift registers of various lengths that feedback of the output of some stages to other stages as either the true or complement value and possibly combined logically 2 0 with the output of other stages (more generally referred to as a mask), long strings of logic values can be produced that have statistical properties substantially identical to truly random values. Of course, such a hardware implementation can be, and often is, simulated in software in a manner well-understood in the art. (In fact, a software implementation is much preferred for practice of the invention, as will be discussed in greater detail below.
The repetition period of a PRBS generator may be made extremely long relative to the number of storage stages provided. The output of a PRBS generator may be taken serially from a single stage or in parallel in a byte of arbitrary length (up to the number of storage stages) in parallel from internal taps. While the PRBS will repeat after a number of binary digits that may be made arbitrarily long, the starting point of the sequence may be begun at any point by the particular values which are initially provided to the PRBS generator as, for example, the initial storage states of the storage devices therein. These initial states are collectively referred to as a seed value. Therefore, the number of unique sequences which can be derived from a PRBS generator is equal to the number of digits in the repetition sequence.
Further, each different logic array interconnection or mask in the PRBS
generator (e.g.
feedback and logical combination of outputs of respective stages) will provide a unique binary sequence. By the same token, however, the same binary sequence can only be derived from functionally identical PRBS generators having the same mask, number of storage stages and initialized with the same seed value. Therefore, PRBS sequences are difficult to duplicate without foreknowledge of these parameters.
The invention, in principle, uses two identical PRBS generators 110 and 120 (or PRBS
generators having the same mask and number of stages, n) and initialized with the same seed value which are incremented upon the request and execution of a privileged call, respectively. One of these identical PRBS generators is provided at or made accessible to each of the privilege levels between which tamper resistance is to be provided in accordance with the principles ofthe invention.
The PRBS from the PRBS generators are compared at either the more privileged or less privileged level (or other functions performed at both differing privilege levels based on the PRBS in each respective level) and interruption of execution and interception of results of the more privileged function are carried out whenever the respective PRBS signals are not identical. This basic mode 2 0 of operation can be carried out very rapidly and does not significantly compromise execution efficiency of the software, even when repeated frequently, and can be readily enhanced as will be described in greater detail below, with reference to Figures 3 and 4.
Referring now to Figure 1 and Figures 2A and 2B, It will be appreciated that two levels of privilege are shown; each having a respective PRBS generator 110 or 120. These levels of privilege are denominated as ring 3 (less privileged) and ring 0 (more privileged) consistent with Windows-Intel environment terminology. However, it should be understood that the invention is fully applicable to any environment in which different functions are executed at different privilege levels or otherwise restricted to execution by specific, segregated hardware, software or firmware.
For example, a specific data path or register may be required for execution of a command.
That is, for successful practice of the invention to provide its intended purpose, it is only necessary for the processor or its peripherals or drivers therefor to have (or be configurable to have) differentiated operational sections capable ofbeing associated with discrete, identical (or identically configured and initialized) PRBS generators and that one such differentiated section be capable of performing a function not available in the other differentiated section.
Accordingly, the term "differentiated section" should be understood as comprehending all such possible arrangements meeting these conditions.
In this regard, it can be appreciated that implementation of the PRBS
generators in software is preferred principally because hardware access may be denied at lower privilege levels which would thus require a software PRBS generator implementation. Further, software implementation of PRBS generators facilitates provision of identical PRBS generators and initialization thereof in both an application and its companion device driver or other higher privilege level software. It will also be appreciated that the invention can and should be used to protect the PRBS generators, themselves.
It is assumed for purposes of the following discussion that the application or other software is executing and performing functions which have not been secured in accordance with the invention, as indicated at dashed arrow 200. It is also assumed that PRBS generators 110, 120 have been initialized to the same seed value, the same mask and the same value of n and thus will output the same value and can be considered as being synchronized.
2 0 At some point in the list of program instructions prior to a section of the program which it is desired to secure, a sequence of operations A (and/or B and/or X) is interposed. These operations need not be performed in immediate sequence but can have other operations interposed among them in order to render their purpose less recognizable to unauthorized personnel.
For purposes of explanation of the invention, the sequence of instructions A is indicated as comprising three operations A1, A2 and A3. Each ofthese operations may include a plurality of commands.
When sequence A is reached in the program to secure one or more subsequent operations (e.g. A2) which are performed at a different privilege level or with specific hardware, step A1 increments the PRBS generator as shown at 202 and proceeds to protected step A2 which calls the desired function A (Fn,~) at privileged ring 0 (e.g. in the device driver) as shown at 204. Function A then increments PRBS generator 120. Function A then performs the desired operation and make a return to the application as shown at 208.
The application then proceeds to operation A3 and fetches the output of PRBS
generator 110 as shown at 210 and calls Fnp to fetch the output of PRBS generator 120 as shown at 212 and return it to the application as shown at 214. Operation A3 then compares the outputs of PRBS generators 110 and 120 and, since they were both initially synchronized and both incremented once in the course of sequence A the comparison will be successful and the application continues as shown at 218.
Sequence B operates in a similar manner and need not be separately described.
If the comparison of PRBS generator outputs is successful in operation B3 (corresponding to operation A3) the application continues as shown at 222.
If, however, operation A2 had not been authorized because, for example, the application had not been registered and access to ring 0 or any function therein (or operation to be performed thereby) was denied, the application could not proceed. If an unauthorized user were to attempt to defeat this denial of access by patching out step A1 (202), step A2 would increment PRBS generator 120 without PRBS generator 110 being incremented and the comparison at A3 (216) would fail.
Conversely, if an attempt to defeat the denial of access was made by patching out the incrementing of PRBS generator 120 during operation A, the comparison would also fail.
Attempting to defeat the denial of access to subsequent sections of the application (e.g. for 2 0 comparison of code) by patching out function A (e.g. by deleting or "NO-OPing operation A2) would also cause failure of the comparison since PRBS
generator 110 would be incremented while PRBS generator 120 would not. Attempting to defeat the denial of access by patching in an increment or decrement to the PRBS generator 120 or 110 would also cause failure of the comparison at A3 since FnA and other privileged functions, in accordance with the invention, increments PRBS generator 120 before performing the function.
Even if a privileged function is performed, a comparison is made before report of the result to the application. Upon failure of the comparison 216, the execution of the application may be terminated in any manner desired by the programmer, for example, by branching to any desired subroutine including deletion of the application or a more or less critical portion thereof from storage or even the storage medium by which it was loaded onto the computer.
A minimum of two patches must be simultaneously and correctly performed in order to defeat the denial of access to the privileged function and it is very unlikely that this could be successfully accomplished by an unauthorized user that does not have foreknowledge of the behavior of the application. It should be recalled that the observation of the behavior of the system is the very type of tampering which the invention is intended to prevent. Therefore, it can be understood that the invention, while simple and rapidly executable even if utilized or repeated many times in the application, is quite effective in providing protection against tampering which could expose the behavior of the application to an unauthorized person.
It is immaterial to the practice of the basic principles of the invention where the comparison is performed or if additional functions are performed in doing so that may also be privileged functions. However, some additional protection may be provided by performing such additional functions as will now be described in regard to secured operation X in Figure 1 and Figure 2B. In this case, operation X 1 increments PRBS generator 110 as before in operation A 1 as shown at 222.
Operation X2 calls FnX (224) and increments PRBS generator 120 (226) as before. A return is made to the application (228), again, in the manner described above.
Then operation X3 fetches (230) the PRBS value from PRBS generator 110 but now calls operation FnP and provides the PRBS value (232) from PRBS generator 110 to the device driver.
Privileged function Fnp, then fetches the PRBS value from PRBS generator 120 and performs the comparison. Fnp, either does not increment the PRBS generator 120 further or, alternatively, both X3 and Fnp, could be arranged to further increment PRBS generators 110 and 120, respectively. This operation is similar to operation sequence A except that the comparison is performed at a higher (or at least different) privilege level. In practical effect, however, more locations are provided at which patches can be incorrectly applied by an unauthorized person and an inconsistency in convention is 2 5 provided at either X3 or FnP, as compared to operation A3 and other privileged functions.
Referring now to Figures 3 and 4, an enhancement of the invention will now be described.
Whereas the embodiment of the invention described above can initiate termination of the application or destruction or corruption of files after the comparison of PRBS outputs fails, the enhancement of the invention illustrated in Figures 3 and 4 includes file corruption and repair as part of the tamper resistance and thus is both more robust in performance and causes protective action to be taken at an earlier time even before tampering is detected. This enhancement will be described as a variation A' of secured operation A described above.
Operation A1 is performed as before to increment PRBS generator 110. However, as indicated at 402, the incremented PRBS value is returned to the application.
Operation A2' utilizes the PRBS value to intentionally disrupt or corrupt data and/or application program code using an algorithm X, as shown at 404 and the current PRBS value from PRBS generator 110. Operation A3' then calls privileged function FnA, to perform operation A' after incrementing PRBS generator 120 and returning the new PRBS value. The new PRBS value from PRBS generator 120, which should now be the same as that of PRBS generator 110, is then used to perform operation A4 using the PRBS value from PRBS generator 120 and algorithm X' which is the inverse of algorithm X to reconstruct the data or code corrupted at 404 as shown at 410.
In this case, no separate comparison need be made since incorrect reconstruction of the data or code will either halt the application or return an incorrect and meaningless result (since the data or code was corrupted by an effectively random binary code sequence). Further, no privileged operation other than the corruption and reconstruction of data need be performed in the course of operation A' and virtually no information can be obtained from the application by an unauthorized person attempting to observe program behavior. This enhancement may be used alone or in combination with privileged functions utilizing comparison as an alternative to particular instances 2 0 of privileged functions such as A, B or X described above.
In view of the foregoing, it is seen that the invention, while simple and rapidly executed, provides a very high degree of tamper resistance in a single instance.
Multiple instances of the invention can be provided and the tamper resistant procedure repeated, particularly with variations (e.g. Figure 2B) and enhancements (e.g. Figure 4) to provide a practically insurmountable degree 2 5 of protection without compromising execution speed of the application.
While the invention has been described in terms of a single preferred embodiment, those skilled in the art will recognize that the invention can be practiced with modification within the spirit and scope of the appended claims.
Claims (18)
1. A method for providing tamper resistance in software running on a processor having differentiated sections, one differentiated section being capable of performing a function not available on another differentiated section, said method comprising the steps of incrementing a first pseudo-random binary sequence associated with said another differentiated section, calling said function in said one differentiated section from said another differentiated section, incrementing a second pseudo-random binary sequence generator associated with said one differentiated section, performing said function, comparing pseudo-random binary sequence values in said one and said another pseudo-random binary sequence generators, and controlling execution of said software in accordance with a result of said comparing step.
2. A method as recited in claim 1, wherein said function is limited to incrementing a PRBS
generator of said differentiated section.
generator of said differentiated section.
3. A method as recited in claim 1, wherein a further function available in said differentiated section calls for the pseudo-random binary sequence value from said another differentiated section and performs said comparison step in said differentiated section.
4. A method as recited in claim 3, wherein said further function increments said pseudo-random binary sequence generator in said differentiated section and said pseudo-random binary sequence generator in said another differentiated section is incremented when said further function is called.
5. A method as recited in claim 2, wherein a function available in said differentiated section calls for the pseudo-random binary sequence value from said another differentiated section and performs said comparison step in said differentiated section.
6. A method as recited in claim 5, wherein said further function increments said pseudo-random binary sequence generator in said differentiated section and said pseudo-random binary sequence generator in said another differentiated section is incremented when said further function is called.
7. A method as recited in claim 1, including the further steps of altering data using an algorithm and a pseudo-random binary sequence value in said another differentiated section, and altering data using another algorithm having a function that is an inverse of said algorithm and a pseudo-random binary sequence value at said differentiated section, whereby data altered by said algorithm is restored when the pseudo-random binary sequence values of said differentiated section and said another differentiated section are the same.
8. A method as recited in claim 1 wherein said differentiated sections are different privilege levels.
9. A method for providing tamper resistance in software running on a processor having differentiated sections, one differentiated section being capable of performing a function not available on another differentiated section, said method comprising the steps of altering data using an algorithm and a pseudo-random binary sequence value in said another differentiated section, and altering data using another algorithm having a function that is an inverse of said algorithm and a pseudo-random binary sequence value at said differentiated section, whereby data altered by said algorithm is restored when the pseudo-random binary sequence values of said differentiated section and said another differentiated section are the same.
10. A method as recited in claim 8 wherein said differentiated sections are different privilege levels.
11. A stored program for controlling a processor having differentiated sections, one differentiated section being capable of performing a function not available on another differentiated section, containing commands for causing said processor to perform the steps of incrementing a first pseudo-random binary sequence associated with said another differentiated section, calling said function in said one differentiated section from said another differentiated section, incrementing a second pseudo-random binary sequence generator associated with said one differentiated section, performing said function, comparing pseudo-random binary sequence values in said one and said another pseudo-random binary sequence generators, and controlling execution of said software in accordance with a result of said comparing step, whereby execution of said software may be controlled upon detection of tampering.
12. A program as recited in claim 11, wherein said function is limited to incrementing a PRBS
generator of said differentiated section.
generator of said differentiated section.
13. A program as recited in claim 11, wherein a further function available in said differentiated section calls for the pseudo-random binary sequence value from said another differentiated section and performs said comparison step in said differentiated section.
14. A program as recited in claim 13, wherein said further function increments said pseudo-random binary sequence generator in said differentiated section and said pseudo-random binary sequence generator in said another differentiated section is incremented when said further function is called.
15. A program as recited in claim 12, wherein a function available in said differentiated section calls for the pseudo-random binary sequence value from said another differentiated section and performs said comparison step in said differentiated section.
16. A program as recited in claim 15, wherein said further function increments said pseudo-random binary sequence generator in said differentiated section and said pseudo-random binary sequence generator in said another differentiated section is incremented when said further function is called.
17. A program as recited in claim 11, including the further steps of altering data using an algorithm and a pseudo-random binary sequence value in said another differentiated section, and altering data using another algorithm having a function that is an inverse of said algorithm and a pseudo-random binary sequence value at said differentiated section, whereby data altered by said algorithm is restored when the pseudo-random binary sequence values of said differentiated section and said another differentiated section are the same.
18. A stored program for controlling a processor having differentiated sections, one differentiated section being capable of performing a function not available on another differentiated section, said stored program containing commands for causing said processor to perform the steps of altering data using an algorithm and a pseudo-random binary sequence value in said another differentiated section, and altering data using another algorithm having a function that is an inverse of said algorithm and a pseudo-random binary sequence value at said differentiated section, whereby data altered by said algorithm is restored when the pseudo-random binary sequence values of said differentiated section and said another differentiated section are the same, whereby execution of said software is controlled upon detection of tampering.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US09/500,345 | 2000-02-08 | ||
| US09/500,345 US6789199B1 (en) | 2000-02-08 | 2000-02-08 | Tamper resistance with pseudo-random binary sequence program interlocks |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2324759A1 true CA2324759A1 (en) | 2001-08-08 |
Family
ID=23989003
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002324759A Abandoned CA2324759A1 (en) | 2000-02-08 | 2000-10-30 | Tamper resistance with pseudo-random binary sequence program interlocks |
Country Status (7)
| Country | Link |
|---|---|
| US (1) | US6789199B1 (en) |
| JP (1) | JP3721085B2 (en) |
| KR (1) | KR100406228B1 (en) |
| CN (1) | CN1303529C (en) |
| CA (1) | CA2324759A1 (en) |
| GB (1) | GB2366028B (en) |
| TW (1) | TW490608B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7305564B2 (en) | 2002-12-19 | 2007-12-04 | International Business Machines Corporation | System and method to proactively detect software tampering |
| US7100205B2 (en) * | 2003-10-22 | 2006-08-29 | The United States Of America As Represented By The Secretary Of The Navy | Secure attention instruction central processing unit and system architecture |
| US7552342B1 (en) | 2005-02-16 | 2009-06-23 | Rennie Glen Software, Llc | Method and system for increasing the tamper resistance of a software application |
| US20090201126A1 (en) * | 2008-02-11 | 2009-08-13 | Sanyo Electric Co., Ltd. | Electronic device provided with theft prevention function, and method for preventing theft of electronic devices |
| US20110030036A1 (en) * | 2009-07-31 | 2011-02-03 | Wells Jr James W | Running a software module at a higher privilege level in response to a requestor associated with a lower privilege level |
| EP2362314A1 (en) * | 2010-02-18 | 2011-08-31 | Thomson Licensing | Method and apparatus for verifying the integrity of software code during execution and apparatus for generating such software code |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4310720A (en) | 1978-03-31 | 1982-01-12 | Pitney Bowes Inc. | Computer accessing system |
| US4573119A (en) | 1983-07-11 | 1986-02-25 | Westheimer Thomas O | Computer software protection system |
| US4644493A (en) * | 1984-09-14 | 1987-02-17 | International Business Machines Corporation | Implementing a shared higher level of privilege on personal computers for copy protection of software |
| US4605922A (en) | 1984-09-14 | 1986-08-12 | Racon, Inc. | Intrusion detector |
| FR2638869B1 (en) | 1988-11-10 | 1990-12-21 | Sgs Thomson Microelectronics | SECURITY DEVICE AGAINST UNAUTHORIZED DETECTION OF PROTECTED DATA |
| GB9005916D0 (en) | 1990-03-16 | 1990-05-09 | Amstrad Plc | Computer system |
| US5175847A (en) | 1990-09-20 | 1992-12-29 | Logicon Incorporated | Computer system capable of program execution recovery |
| US5337357A (en) | 1993-06-17 | 1994-08-09 | Software Security, Inc. | Method of software distribution protection |
| GB9422389D0 (en) * | 1994-11-05 | 1995-01-04 | Int Computers Ltd | Authenticating access control for sensitive functions |
| US5724423A (en) * | 1995-09-18 | 1998-03-03 | Telefonaktiebolaget Lm Ericsson | Method and apparatus for user authentication |
| US5757914A (en) * | 1995-10-26 | 1998-05-26 | Sun Microsystems, Inc. | System and method for protecting use of dynamically linked executable modules |
| FR2742616B1 (en) * | 1995-12-18 | 1998-01-09 | Cit Alcatel | ENCRYPTION DEVICE AND ENCRYPTION DEVICE OF INFORMATION TRANSPORTED BY CELLS WITH ASYNCHRONOUS TRANSFER MODE |
| GB9608696D0 (en) | 1996-04-26 | 1996-07-03 | Europ Computer Ind Res | Electronic copy protection mechanism |
| US6463538B1 (en) * | 1998-12-30 | 2002-10-08 | Rainbow Technologies, Inc. | Method of software protection using a random code generator |
-
2000
- 2000-02-08 US US09/500,345 patent/US6789199B1/en not_active Expired - Fee Related
- 2000-10-30 CA CA002324759A patent/CA2324759A1/en not_active Abandoned
- 2000-12-29 TW TW089128217A patent/TW490608B/en not_active IP Right Cessation
-
2001
- 2001-01-19 KR KR10-2001-0003121A patent/KR100406228B1/en not_active IP Right Cessation
- 2001-01-29 GB GB0102166A patent/GB2366028B/en not_active Expired - Lifetime
- 2001-02-01 JP JP2001025815A patent/JP3721085B2/en not_active Expired - Fee Related
- 2001-02-05 CN CNB01103212XA patent/CN1303529C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| GB2366028A (en) | 2002-02-27 |
| KR100406228B1 (en) | 2003-11-17 |
| JP2001236132A (en) | 2001-08-31 |
| CN1303529C (en) | 2007-03-07 |
| GB0102166D0 (en) | 2001-03-14 |
| GB2366028B (en) | 2004-08-18 |
| TW490608B (en) | 2002-06-11 |
| CN1314635A (en) | 2001-09-26 |
| KR20010078013A (en) | 2001-08-20 |
| JP3721085B2 (en) | 2005-11-30 |
| US6789199B1 (en) | 2004-09-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Naumovich et al. | Preventing piracy, reverse engineering, and tampering | |
| US8261359B2 (en) | Systems and methods for preventing unauthorized use of digital content | |
| AU2009200459B2 (en) | Systems and Methods for the Prevention Of Unauthorized Use and Manipulation of Digital Content Related Applications | |
| KR100368947B1 (en) | Integrity checking an executable module and associated protected service provider module | |
| US6006328A (en) | Computer software authentication, protection, and security system | |
| CA2543572C (en) | Tamper-resistant trusted virtual machine | |
| US20030110387A1 (en) | Initiating execution of a computer program from an encrypted version of a computer program | |
| US8225290B2 (en) | Systems and methods for regulating execution of computer software | |
| US7647639B2 (en) | Methods for detecting executable code which has been altered | |
| Cohen | Models of practical defenses against computer viruses | |
| US7263606B2 (en) | Method and apparatus for software protection via multiple-route execution | |
| US6789199B1 (en) | Tamper resistance with pseudo-random binary sequence program interlocks | |
| CN101189615B (en) | Method for establishing and maintaining protected computing environment | |
| US20050198516A1 (en) | Intentional cascade failure | |
| WO2007092524A2 (en) | Systems, methods, and media for repairing the state of constrained data items in an application | |
| AU2002219852B2 (en) | Systems and methods for preventing unauthorized use of digital content | |
| CN115310055B (en) | Software integrity protection method based on double watchdog | |
| AU725098B2 (en) | Computer software authentication, protection, and security system | |
| AU2002219852A1 (en) | Systems and methods for preventing unauthorized use of digital content | |
| Cohen | Current best practices against computer viruses with examples from the DOS operating system | |
| AU2008200472A1 (en) | Systems and methods for preventing unauthorized use of digital content related applications | |
| KR20200060157A (en) | Method and apparatus for detection alteration of smram | |
| AU2010202883A1 (en) | Systems and Methods for Preventing Unauthorized Use of Digital Content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request | ||
| FZDE | Discontinued |