Application randomization mechanism

US 10,007,498 B2
Filed: 08/04/2016
Issued: 06/26/2018
Est. Priority Date: 12/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating, by a computing system comprising one or more processors, first unique configuration information;

generating, by the computing system and based on the first unique configuration information, a first unique instance of a software component that is executable on a runtime computing system, wherein generating the first unique instance of the software component comprises creating, by the computing system, a first modification to an application binary interface (ABI), wherein the first modification to the ABI comprises a first modification to an operating system kernel ABI that is associated with a first reordering of a system call table, and wherein the first unique instance of the software component uses the first modification to the ABI;

generating, by the computing system, second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information; and

generating, by the computing system and based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system, wherein generating the second unique instance of the software component comprises creating, by the computing system, a second modification to the ABI, wherein the first modification to the ABI is different than the second modification to the ABI, wherein the second modification to the ABI comprises a second modification to the operating system kernel ABI that is associated with a second reordering of the system call table, and wherein the second unique instance of the software component uses the second modification to the ABI,wherein the first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example method includes generating, by a computing system, first unique configuration information, generating, by the computing system and based on the first unique configuration information, a first unique instance of a software component, generating second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information, and generating, based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system. The first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.

Citations

25 Claims

1. A method comprising:
- generating, by a computing system comprising one or more processors, first unique configuration information;
  
  generating, by the computing system and based on the first unique configuration information, a first unique instance of a software component that is executable on a runtime computing system, wherein generating the first unique instance of the software component comprises creating, by the computing system, a first modification to an application binary interface (ABI), wherein the first modification to the ABI comprises a first modification to an operating system kernel ABI that is associated with a first reordering of a system call table, and wherein the first unique instance of the software component uses the first modification to the ABI;
  
  generating, by the computing system, second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information; and
  
  generating, by the computing system and based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system, wherein generating the second unique instance of the software component comprises creating, by the computing system, a second modification to the ABI, wherein the first modification to the ABI is different than the second modification to the ABI, wherein the second modification to the ABI comprises a second modification to the operating system kernel ABI that is associated with a second reordering of the system call table, and wherein the second unique instance of the software component uses the second modification to the ABI,wherein the first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1,wherein the software component comprises a component that includes one of an application, a library, or an operating system kernel,wherein the first unique instance of the software component comprises a first instance of the component, andwherein the second unique instance of the software component comprises a second instance of the component.
  - 3. The method of claim 1,wherein generating the first unique instance of the software component comprises using, by the computing system, the first unique configuration information and source code to generate the first unique instance of the software component, andwherein generating the second unique instance of the software component comprises using, by the computing system, the second unique configuration information and the source code to generate the second unique instance of the software component, such that the first and second unique instances of the software component are each generated based on the source code.
  - 4. The method of claim 1, further comprising:
    - generating, by the computing system, intermediate representation bitcode based on binary information that is associated with the software component,wherein generating the first unique instance of the software component comprises using, by the computing system, the first unique configuration information and the intermediate representation bitcode to generate the first unique instance of the software component, and wherein generating the second unique instance of the software component comprises using, by the computing system, the second unique configuration information and the intermediate representation bitcode to generate the second unique instance of the software component, such that the first and second unique instances of the software component are each generated based on the intermediate representation bitcode.
  - 5. The method of claim 1,wherein the first modification to the ABI further comprises a first modification to at least one of function calling conventions, function return value settings, or source code segment reordering used the first unique instance of the software component, andwherein the second modification to the ABI further comprises a second modification to the at least one of function calling conventions, function return value settings, or source code segment reordering used by the second unique instance of the software component.
  - 6. The method of claim 1, wherein the computing system and the runtime computing system comprise the same computing system.
  - 7. The method of claim 1, wherein the first and second unique instances of the software component are each further configured, during execution on the runtime computing system, to output false information to an external computing system.
  - 8. The method of claim 7, wherein the false information comprises false configuration information associated with the runtime computing system.
  - 9. The method of claim 1,wherein the first unique instance of the software component comprises a first ephemeral virtual machine that is configured to service one or more requests from a first client that is external to the runtime computing system, andwherein the second unique instance of the software component comprises a second ephemeral virtual machine that is configured to service one or more requests from a second client that is external to the runtime computing system.
  - 10. The method of claim 1, further comprising:
    - receiving, by the computing system, one or more configuration settings,wherein generating the first unique instance of the software component is further based on the one or more configuration settings.
  - 11. The method of claim 10, wherein generating the first unique instance of the software component based on the one or more configuration settings comprises:
    - generating randomized configuration information based on the one or more configuration settings; and
      
      generating the first unique instance of the software component based on the randomized configuration information.
  - 12. The method of claim 1,wherein the first unique configuration information comprises a first configuration specification that includes first unique binary data, andwherein the second unique configuration information comprises a second configuration specification that includes second unique binary data.

13. A computer-readable storage device storing instructions that, when executed, cause a computing system comprising one or more processors to perform operations comprising:
- generating first unique configuration information;
  
  generating, based on the first unique configuration information, a first unique instance of a software component that is executable on a runtime computing system, wherein generating the first unique instance of the software component comprises creating a first modification to an application binary interface (ABI), wherein the first modification to the ABI comprises a first modification to an operating system kernel ABI that is associated with a first reordering of a system call table, and wherein the first unique instance of the software component uses the first modification to the ABI;
  
  generating second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information; and
  
  generating, based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system, wherein generating the second unique instance of the software component comprises creating a second modification to the ABI, wherein the first modification to the ABI is different than the second modification to the ABI, wherein the second modification to the ABI comprises a second modification to the operating system kernel ABI that is associated with a second reordering of the system call table, and wherein the second unique instance of the software component uses the second modification to the ABI,wherein the first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer-readable storage device of claim 13,wherein generating the first unique instance of the software component comprises using the first unique configuration information and source code to generate the first unique instance of the software component, andwherein generating the second unique instance of the software component comprises using the second unique configuration information and the source code to generate the second unique instance of the software component, such that the first and second unique instances of the software component are each generated based on the source code.
  - 15. The computer-readable storage device of claim 13, wherein the operations further comprise:
    - generating intermediate representation bitcode based on binary information that is associated with the software component,wherein generating the first unique instance of the software component comprises using the first unique configuration information and the intermediate representation bitcode to generate the first unique instance of the software component, andwherein generating the second unique instance of the software component comprises using the second unique configuration information and the intermediate representation bitcode to generate the second unique instance of the software component, such that the first and second unique instances of the software component are each generated based on the intermediate representation bitcode.
  - 16. The computer-readable storage device of claim 13,wherein the first modification to the ABI further comprises a first modification to at least one of function calling conventions, function return value settings, or source code segment reordering used the first unique instance of the software component, andwherein the second modification to the ABI further comprises a second modification to the at least one of function calling conventions, function return value settings, or source code segment reordering used by the second unique instance of the software component.
  - 17. The computer-readable storage device of claim 13, wherein the computing system and the runtime computing system comprise the same computing system.
  - 18. The computer-readable storage device of claim 13, wherein the first and second unique instances of the software component are each further configured, during execution on the runtime computing system, to output false information to an external computing system.
  - 19. The computer-readable storage device of claim 18, wherein the false information comprises false configuration information associated with the runtime computing system.
  - 20. The computer-readable storage device of claim 13,wherein the first unique instance of the software component comprises a first ephemeral virtual machine that is configured to service one or more requests from a first client that is external to the runtime computing system, andwherein the second unique instance of the software component comprises a second ephemeral virtual machine that is configured to service one or more requests from a second client that is external to the runtime computing system.

21. A computing system, comprising:
- one or more processors; and
  
  a computer-readable storage device communicatively coupled to the one or more processors, wherein the computer-readable storage device stores instructions that, when executed by the one or more processors, cause the one or more processors to;
  
  generate first unique configuration information;
  
  generate, based on the first unique configuration information, a first unique instance of a software component that is executable on a runtime computing system, wherein as part of causing the one or more processors to generate the first unique instance of the software component, execution of the instructions causes the one or more processors to create a first modification to an application binary interface (ABI), wherein the first modification to the ABI comprises a first modification to an operating system kernel ABI that is associated with a first reordering of a system call table, and wherein the first unique instance of the software component uses the first modification to the ABI;
  
  generate second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information; and
  
  generate, based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system, wherein as part of causing the one or more processors to generate the second unique instance of the software component, execution of the instructions causes the one or more processors to create a second modification to the ABI, wherein the first modification to the ABI is different than the second modification to the ABI, wherein the second modification to the ABI comprises a second modification to the operating system kernel ABI that is associated with a second reordering of the system call table, and wherein the second unique instance of the software component uses the second modification to the ABI,wherein the first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computing system of claim 21,wherein the instructions stored by the computer-readable storage device that cause the one or more processors to generate the first unique instance of the software component comprise instructions that cause the one or more processors to use the first unique configuration information and source code to generate the first unique instance of the software component, and wherein the instructions stored by the computer-readable storage device that cause the one or more processors to generate the second unique instance of the software component comprise instructions that cause the one or more processors to use the second unique configuration information and the source code to generate the second unique instance of the software component, such that the first and second unique instances of the software component are each generated based on the source code.
  - 23. The computing system of claim 21, wherein the instructions stored by the computer-readable storage device further cause the one or more processors to:
    - generate intermediate representation bitcode based on binary information that is associated with the software component,wherein the instructions stored by the computer-readable storage device that cause the one or more processors to generate the first unique instance of the software component comprise instructions that cause the one or more processors to use the first unique configuration information and the intermediate representation bitcode to generate the first unique instance of the software component, andwherein the instructions stored by the computer-readable storage device that cause the one or more processors to generate the second unique instance of the software component comprise instructions that cause the one or more processors to use the second unique configuration information and the intermediate representation bitcode to generate the second unique instance of the software component, such that the first and second unique instances of the software component are each generated based on the intermediate representation bitcode.
  - 24. The computing system of claim 21, wherein the computing system and the runtime computing system comprise the same computing system.
  - 25. The computing system of claim 21, wherein the first and second unique instances of the software component are each further configured, during execution on the runtime computing system, to output false information to an external computing system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Architecture Technology Corporation
Original Assignee
Architecture Technology Corporation
Inventors
Powers, Judson, Joyce, Robert A.
Primary Examiner(s)
Truong, Lechi

Application Number

US15/228,698
Publication Number

US 20170177314A1
Time in Patent Office

691 Days
Field of Search

719310, 719328, 717106
US Class Current
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/57   Certifying or maintaining t...

G06F 8/30   Creation or generation of s...

G06F 8/37   Compiler construction; Pars...

G06F 8/41   Compilation

G06F 8/52   Binary to binary

G06F 8/71   Version control security ar...

G06F 9/44568   Immediately runnable code

G06F 9/54   Interprogram communication

Application randomization mechanism

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Application randomization mechanism

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links