Software self-checking systems and methods

US 20030023856A1
Filed: 06/13/2002
Published: 01/30/2003
Est. Priority Date: 06/13/2001
Status: Active Grant

First Claim

Patent Images

1. A method of creating a self-checking software program, the method comprising:

(a) inserting multiple self-checking code sequences into the program, each self-checking code sequence being operable to calculate a function of a portion of the program;

(b) inserting a plurality of correctors into the program;

(c) assigning the self-checking code sequences to overlapping portions of the program, each portion containing at least one corrector; and

(d) assigning values to the correctors, the value of the correctors being chosen such that the function calculated by the self-checking code sequence assigned to a given portion of the program results in a predefined value if the given portion has not been improperly modified.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

251 Citations

28 Claims

1. A method of creating a self-checking software program, the method comprising:
- (a) inserting multiple self-checking code sequences into the program, each self-checking code sequence being operable to calculate a function of a portion of the program;
  
  (b) inserting a plurality of correctors into the program;
  
  (c) assigning the self-checking code sequences to overlapping portions of the program, each portion containing at least one corrector; and
  
  (d) assigning values to the correctors, the value of the correctors being chosen such that the function calculated by the self-checking code sequence assigned to a given portion of the program results in a predefined value if the given portion has not been improperly modified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method as in claim 1, in which the multiple self-checking code sequences are inserted into the program'"'"'s source code, the method further comprising:
    - (a)(1) compiling the program'"'"'s source code to form object code; and
      
      (a)(2) rearranging basic blocks of the program'"'"'s object code such that the self-checking code sequences are distributed in a relatively uniform fashion throughout the program'"'"'s object code.
  - 3. A method as in claim 2, in which the plurality of correctors are inserted between basic blocks of the program'"'"'s object code.
  - 4. A method as in claim 1, further comprising:
    - (c)(1) inserting watermark values into the program.
  - 5. A method as in claim 1, in which the self-checking code sequences are assigned to overlapping portions of the program in a relatively random fashion.
  - 6. A method as in claim 5, further comprising:
    - (c)(1) determining whether a graph representing the assignment of self-checking code sequences to overlapping portions of the program is strongly connected; and
      
      (c)(2) repeating step (c) if the graph is not strongly connected.
  - 7. A method as in claim 1, in which the function that each self-checking code sequence is operable to calculate comprises a hash function.
  - 8. A method as in claim 7, in which the hash function is invertible.
  - 9. A method as in claim 8, in which the hash function is relatively lightweight.
  - 10. A method as in claim 7, in which a first class of said multiple self-checking code sequences calculates a first hash function and a second class of said multiple self-checking code sequences calculates a second hash function that differs at least in part from the first hash function.
  - 11. A method as in claim 10, in which a plurality of the first class of self-checking code sequences are customized, such that each of said plurality of customized self-checking code sequences differs, at least in part, from other self-checking code sequences in the first class.
  - 12. A method as in claim 4, in which steps (a) through (c) are performed before the program is distributed to an end user, and steps (c)(1) and (d) are performed after the program is distributed to the end user.
  - 13. A method as in claim 1, in which the self-checking code sequences are further operable to trigger a tamper response mechanism if an improper modification of the program is detected.

14. A method of creating a dynamic self-checking program, the method comprising:
- inserting self-checking code into the program, the self-checking code being operable to perform dynamic integrity checks on overlapping intervals of the program.
- View Dependent Claims (15)
- - 15. The method of claim 14, further comprising:
    - inserting corrector values into the program, the corrector values being chosen such that the dynamic integrity checks performed by the self-checking code result in a predefined value or values if the program has not been improperly modified.

16. A self-checking program comprising:
- a first code sequence configured to perform a first integrity check on a first portion of the program while the program is running;
  
  a second code sequence configured to perform a second integrity check on a second portion of the program while the program is running;
  
  wherein the first portion of the program and the second portion of the program overlap at least in part, and wherein the integrity of the first code sequence is checked by at least one code sequence and the integrity of the second code sequence is checked by at least one code sequence.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 17. A self-checking program as in claim 16, in which the first code sequence is further configured to trigger a first tamper response mechanism if the first integrity check indicates that the program has been improperly modified, and in which the second code sequence is further configured to trigger a second tamper response mechanism if the second integrity check indicates that the program has been improperly modified.
  - 18. A self-checking program as in claim 17, in which the first tamper response mechanism and the second tamper response mechanism are the same.
  - 19. A self-checking program as in claim 16, in which the first integrity check comprises computation of a first hash function of the first portion of the program, and in which the second integrity check comprises computation of a second hash function of the second portion of the program.
  - 20. A self-checking program as in claim 19, further comprising:
    - a first corrector contained within the first portion of the program, the first corrector being assigned a value such that computation of the first hash function results in a first predefined value if the first portion of the program has not been improperly modified.
  - 21. The self-checking program of claim 20, further comprising:
    - a second corrector contained within the second portion of the program, the second corrector being assigned a value such that computation of the second hash function results in a second predefined value if the second portion of the program has not been improperly modified.
  - 22. The self-checking program of claim 21, wherein the first and second predefined values are the same.
  - 23. The self-checking program of claim 22, wherein the first and second predefined values are different.
  - 24. The self-checking program of claim 19, in which the first hash function is different from the second hash function.
  - 25. The self-checking program of claim 19, in which the first hash function and the second hash function are relatively lightweight.
  - 26. The self-checking program of claim 19, in which the first hash function and the second hash function are relatively easily invertible.
  - 27. The self-checking program of claim 19, in which the first hash function and the second hash function are summarizable.
  - 28. The self-checking program of claim 19, in which the first hash function and the second hash function comprise chained linear hash functions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Matheson, Lesley R., Tarjan, Robert E., Horne, William G., Sheehan, Casey

Granted Patent

US 7,581,103 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/187
CPC Class Codes

G06F 11/3624   by performing operations on...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2149   Restricted operating enviro...

G06F 3/0623   in relation to content

G06F 3/064   Management of blocks

G06F 3/0659   Command handling arrangemen...

G06F 3/0673   Single storage device

Software self-checking systems and methods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

251 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Software self-checking systems and methods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

251 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links