Run time code integrity checks
First Claim
Patent Images
1. A method for detecting tampered program data comprising at least one program unit, the method comprising:
- receiving a request for use of said at least one program unit;
computing a first fingerprint over stored data associated with said at least one program unit; and
determining whether said stored data is valid based at least in part on whether said first fingerprint matches a second fingerprint, said second fingerprint computed over said stored data prior to said receiving.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for detecting tampered program data comprising at least one program unit includes receiving a request for use of the at least one program unit, computing a first fingerprint over stored data associated with the at least one program unit and determining whether the stored data is valid based at least in part on whether the first fingerprint matches a second fingerprint. The second fingerprint is computed over the stored data prior to receiving the request for use of the at least one program unit.
-
Citations
95 Claims
-
1. A method for detecting tampered program data comprising at least one program unit, the method comprising:
-
receiving a request for use of said at least one program unit;
computing a first fingerprint over stored data associated with said at least one program unit; and
determining whether said stored data is valid based at least in part on whether said first fingerprint matches a second fingerprint, said second fingerprint computed over said stored data prior to said receiving. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for determining at run-time whether a program unit is fit for execution on a device, the method comprising:
-
receiving a request to use said at least one program unit;
computing a first storage commitment fingerprint over said at least one program unit in response to said request; and
indicating said at least one program unit is fit for execution based at least in part on whether said first storage commitment fingerprint matches a second storage commitment fingerprint computed over said at least one program unit upon completely loading said at least one program unit in a non-volatile memory on said device. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method for run-time program unit integrity checking, the method comprising:
-
receiving a request to use said at least one program unit;
determining a dispatch table associated with a protection unit of said at least one program unit, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine;
checking said protection unit if said protection unit has not been checked, said checking comprising;
loading a dispatch table template from a first memory to a second memory; and
making all check bits in said dispatch table indicate an unchecked status if said protection unit comprises a collective protection unit;
examining a dispatch table entry corresponding to said at least one program unit;
verifying said protection unit and making check bits of all entries in said dispatch table indicate a checked status if the check bit of said dispatch table entry indicates an unchecked status; and
calling said at least one program unit using said routine address.
-
-
18. A method for run-time program unit integrity checking, the method comprising:
-
receiving a program comprising a plurality of program units;
determining whether a first method and a second method are within the same protection unit if said first method includes a call to said second method;
rewriting said call to invoke a gateway dispatcher if said first method and said second method are not within the same protection unit, said gateway dispatcher capable of determining a dispatch table associated with the protection unit comprising said second method, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine, said gateway dispatcher also capable of using said dispatch table to ensure that said protection unit has been checked prior to calling said second method.
-
-
19. A method for detecting tampered program data comprising at least one program unit, the method comprising:
-
step for receiving a request for use of said at least one program unit;
step for computing a first fingerprint over stored data associated with said at least one program unit; and
step for determining whether said stored data is valid based at least in part on whether said first fingerprint matches a second fingerprint, said second fingerprint computed over said stored data prior to said receiving. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for determining at run-time whether a program unit is fit for execution on a device, the method comprising:
-
step for receiving a request to use said at least one program unit;
step for computing a first storage commitment fingerprint over said at least one program unit in response to said request; and
step for indicating said at least one program unit is fit for execution based at least in part on whether said first storage commitment fingerprint matches a second storage commitment fingerprint computed over said at least one program unit upon completely loading said at least one program unit in a non-volatile memory on said device. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A method for run-time program unit integrity checking, the method comprising:
-
step for receiving a request to use said at least one program unit;
step for determining a dispatch table associated with a protection unit of said at least one program unit, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine;
step for checking said protection unit if said protection unit has not been checked, said checking comprising;
loading a dispatch table template from a first memory to a second memory; and
making all check bits in said dispatch table indicate an unchecked status if said protection unit comprises a collective protection unit;
step for examining a dispatch table entry corresponding to said at least one program unit;
step for verifying said protection unit and making check bits of all entries in said dispatch table indicate a checked status if the check bit of said dispatch table entry indicates an unchecked status; and
step for calling said at least one program unit using said routine address.
-
-
36. A method for run-time program unit integrity checking, the method comprising:
-
step for receiving a program comprising a plurality of program units;
step for determining whether a first method and a second method are within the same protection unit if said first method includes a call to said second method;
step for rewriting said call to invoke a gateway dispatcher if said first method and said second method are not within the same protection unit, said gateway dispatcher capable of determining a dispatch table associated with the protection unit comprising said second method, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine, said gateway dispatcher also capable of using said dispatch table to ensure that said protection unit has been checked prior to calling said second method.
-
-
37. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for detecting tampered program data comprising at least one program unit, the method comprising:
-
receiving a request for use of said at least one program unit;
computing a first fingerprint over stored data associated with said at least one program unit; and
determining whether said stored data is valid based at least in part on whether said first fingerprint matches a second fingerprint, said second fingerprint computed over said stored data prior to said receiving. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for detecting determining at run-time whether a program unit is fit for execution on a device, the method comprising:
-
receiving a request to use said at least one program unit;
computing a first storage commitment fingerprint over said at least one program unit in response to said request; and
indicating said at least one program unit is fit for execution based at least in part on whether said first storage commitment fingerprint matches a second storage commitment fingerprint computed over said at least one program unit upon completely loading said at least one program unit in a non-volatile memory on said device. - View Dependent Claims (47, 48, 49, 50, 51, 52)
-
-
53. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for run-time program unit integrity checking, the method comprising:
-
receiving a request to use said at least one program unit;
determining a dispatch table associated with a protection unit of said at least one program unit, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine;
checking said protection unit if said protection unit has not been checked, said checking comprising;
loading a dispatch table template from a first memory to a second memory; and
making all check bits in said dispatch table indicate an unchecked status if said protection unit comprises a collective protection unit;
examining a dispatch table entry corresponding to said at least one program unit;
verifying said protection unit and making check bits of all entries in said dispatch table indicate a checked status if the check bit of said dispatch table entry indicates an unchecked status; and
calling said at least one program unit using said routine address.
-
-
54. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method for run-time program unit integrity checking, the apparatus comprising:
-
means for receiving a program comprising a plurality of program units;
means for determining whether a first method and a second method are within the same protection unit if said first method includes a call to said second method;
means for rewriting said call to invoke a gateway dispatcher if said first method and said second method are not within the same protection unit, said gateway dispatcher capable of determining a dispatch table associated with the protection unit comprising said second method, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine, said gateway dispatcher also capable of using said dispatch table to ensure that said protection unit has been checked prior to calling said second method.
-
-
55. An apparatus for detecting tampered program data comprising at least one program unit, the apparatus comprising:
-
means for receiving a request for use of said at least one program unit;
means for computing a first fingerprint over stored data associated with said at least one program unit; and
means for determining whether said stored data is valid based at least in part on whether said first fingerprint matches a second fingerprint, said second fingerprint computed over said stored data prior to said receiving. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63)
-
-
64. An apparatus for determining at run-time whether a program unit is fit for execution on a device, the apparatus comprising:
-
means for receiving a request to use said at least one program unit;
means for computing a first storage commitment fingerprint over said at least one program unit in response to said request; and
means for indicating said at least one program unit is fit for execution based at least in part on whether said first storage commitment fingerprint matches a second storage commitment fingerprint computed over said at least one program unit upon completely loading said at least one program unit in a non-volatile memory on said device. - View Dependent Claims (65, 66, 67, 68, 69, 70)
-
-
71. An apparatus for run-time program unit integrity checking, the apparatus comprising:
-
means for receiving a request to use said at least one program unit;
means for determining a dispatch table associated with a protection unit of said at least one program unit, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine;
means for checking said protection unit if said protection unit has not been checked, said checking comprising;
loading a dispatch table template from a first memory to a second memory; and
making all check bits in said dispatch table indicate an unchecked status if said protection unit comprises a collective protection unit;
means for examining a dispatch table entry corresponding to said at least one program unit;
means for verifying said protection unit and making check bits of all entries in said dispatch table indicate a checked status if the check bit of said dispatch table entry indicates an unchecked status; and
means for calling said at least one program unit using said routine address.
-
-
72. An apparatus for run-time program unit integrity checking, the apparatus comprising:
-
means for receiving a program comprising a plurality of program units;
means for determining whether a first method and a second method are within the same protection unit if said first method includes a call to said second method;
means for rewriting said call to invoke a gateway dispatcher if said first method and said second method are not within the same protection unit, said gateway dispatcher capable of determining a dispatch table associated with the protection unit comprising said second method, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine, said gateway dispatcher also capable of using said dispatch table to ensure that said protection unit has been checked prior to calling said second method.
-
-
73. An apparatus for detecting tampered program data comprising at least one program unit, the apparatus comprising:
-
a memory for storing said program data; and
a processor configured to;
receive a request for use of said at least one program unit;
compute a first fingerprint over stored data associated with said at least one program unit; and
determine whether said stored data is valid based at least in part on whether said first fingerprint matches a second fingerprint, said second fingerprint computed over said stored data prior to said receiving. - View Dependent Claims (74, 75, 76, 77, 78, 79, 80, 81)
-
-
82. An apparatus for determining at run-time whether a program unit is fit for execution on a device, the apparatus comprising:
-
a memory for storing program data comprising said at least one program unit; and
a processor configured to;
receive a request to use said at least one program unit;
compute a first storage commitment fingerprint over said at least one program unit in response to said request; and
indicate said at least one program unit is fit for execution based at least in part on whether said first storage commitment fingerprint matches a second storage commitment fingerprint computed over said at least one program unit upon completely loading said at least one program unit in a non-volatile memory on said device. - View Dependent Claims (83, 84, 85, 86, 87, 88)
-
-
89. An apparatus for run-time program unit integrity checking, the apparatus comprising:
-
a memory for storing program data comprising one or more program unit; and
a processor configured to;
receive a request to use said at least one program unit;
determine a dispatch table associated with a protection unit of said at least one program unit, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine;
check said protection unit if said protection unit has not been checked, said checking comprising;
loading a dispatch table template from a first memory to a second memory; and
making all check bits in said dispatch table indicate an unchecked status if said protection unit comprises a collective protection unit;
examine a dispatch table entry corresponding to said at least one program unit;
verify said protection unit and making check bits of all entries in said dispatch table indicate a checked status if the check bit of said dispatch table entry indicates an unchecked status; and
call said at least one program unit using said routine address.
-
-
90. An apparatus for run-time program unit integrity checking, the apparatus comprising:
-
a memory for storing program data comprising one or more program unit; and
a processor configured to;
receive a program comprising a plurality of program units;
determine whether a first method and a second method are within the same protection unit if said first method includes a call to said second method;
rewrite said call to invoke a gateway dispatcher if said first method and said second method are not within the same protection unit, said gateway dispatcher capable of determining a dispatch table associated with the protection unit comprising said second method, said dispatch table comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine, said gateway dispatcher also capable of using said dispatch table to ensure that said protection unit has been checked prior to calling said second method.
-
-
91. A memory for storing data for access by an application program being executed on a data processing system, comprising:
a data structure stored in said memory, said data structure including information used by said program to detect tampered program data, said data structure comprising at least one executable code segment associated with a program unit and a fingerprint associated with said executable code segment, said fingerprint computed over said executable code segment prior to use of said executable code segment. - View Dependent Claims (92, 93, 94)
-
95. A memory for storing data for access by an application program being executed on a data processing system, comprising:
a data structure stored in said memory, said data structure including information used by said program to ensure a protection unit comprising a callable routine has been checked before said callable routine is called, said data structure comprising an entry for each callable routine in said protection unit, each entry comprising a check bit and a routine address, said check bit to indicate whether the corresponding routine has been checked, said routine address comprising the start address of said callable routine.
Specification