Implementing portable content protection to secure secrets

US 20040153661A1
Filed: 01/31/2003
Published: 08/05/2004
Est. Priority Date: 01/31/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

developing a program including associated data and a secret based on a source language that is applicative on said associated data; and

compiling the program in a random-execution-order to obscure said secret.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A source-level compiler may randomly select compilation conventions to implement portable content protection, securing the secrets embedded in a program by shuffling associated data. The program may be developed using a source language that is applicative on the associated data. To obscure the embedded secrets, in one embodiment, pre-compiler software may be deployed for compiling the program in a random-execution-order based on a random seed indication that randomly selects compilation conventions and a shuffling algorithm that moves the associated data across the program during execution.

Citations

35 Claims

1. A method comprising:
- developing a program including associated data and a secret based on a source language that is applicative on said associated data; and
  
  compiling the program in a random-execution-order to obscure said secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 including using a seed indication to randomly select compilation conventions for a different compilation of the program.
  - 3. The method of claim 1, wherein compiling the program in the random-execution-order including shuffling said associated data across the program during execution.
  - 4. The method of claim 3 including:
    - using the source language to identify one or more memory allocation and parallel stream objects of the program; and
      
      enabling said random-execution-order of the program based on said one or more memory allocation and parallel stream objects.
  - 5. The method of claim 1 including:
    - embedding said secret in the source code of the program; and
      
      transforming the source code of the program in a tamper-resistant manner into compiler-modified source code that is platform-independent.
  - 6. The method of claim 5 including protecting said secret from disclosure upon recompilation of the compiler-modified source code into object code on a platform-specific compiler by optimizing code obfuscation.
  - 7. The method of claim 2 including:
    - determining whether the seed indication is available for use with debug information; and
      
      if so, permitting recompilation of the program based on the seed indication and the debug information.
  - 8. The method of claim 3 including:
    - building for the program and the associated data a control flow graph indicating one or more data and code paths within the source code of the program;
      
      identifying in the associated data one or more data variables to randomly allocate as array elements;
      
      inserting code in the source code of the program to shuffle data along at least one data path of said one or more data paths for at least one data variable of said one or more data variables; and
      
      producing the same permutation of the data when more than one code paths of said one or more code paths converge to arrive at that permutation by a random, unique order of data exchanges.
  - 9. The method of claim 4 including:
    - using an applicative source language in a single-assignment semantics dialect to obtain the source code for the program;
      
      introducing reference counting for heap-allocated objects to assist with real-time memory recycling for the single-assignment semantics dialect; and
      
      executing the program in the random-execution-order to preserve upon recompilation the single-assignment semantics dialect of the applicative source language.
  - 10. The method of claim 5, including:
    - introducing at least one of redundant and auxiliary computations in the compiler-modified source code; and
      
      detecting during recompiling whether a change is made in the at least one of redundant and auxiliary computations.

11. A method comprising:
- developing for a program including one or more data variables, blocks of code, jumps and a secret in a control flow graph indicative of at least one unique variable layout for said one or more data variables; and
  
  compiling the program based on said at least one unique variable layout to obscure said secret while shuffling data across the program during execution.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, including identifying said one or more blocks of code as nodes and said one or more jumps as arcs of the control flow graph.
  - 13. The method of claim 12, including:
    - adding one or more dummy entry and exit nodes to the control flow graph;
      
      marking said one or more dummy entry and exit nodes as assigned;
      
      allocating a different array for said one or more data variables; and
      
      assigning random permutations for different variable offsets of said one or more data variables.
  - 14. The method of claim 13, including:
    - finding on the control flow graph a shortest connecting walk connecting two marked nodes of said one or more dummy entry and exit nodes;
      
      traversing the shortest connecting walk marking all arcs and nodes;
      
      determining whether all arcs have been marked; and
      
      if not, finding another shortest connecting walk connecting two different marked nodes.
  - 15. The method of claim 14, including responsive to all arcs being marked, generating code using node permutations to determine said different variable offsets in at least one block of said one or more blocks and generating additional code for at least one arc of said one or more arcs of the control flow graph.

16. An article comprising a medium storing instructions that, when executed by a processor-based system result in:
- developing a program including associated data and a secret based on a source language that is applicative on said associated data; and
  
  compiling the program in a random-execution-order to obscure said secret.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The article of claim 16, comprising a medium storing instructions that, when executed by a processor-based system result in using a seed indication to randomly select compilation conventions for a different compilation of the program.
  - 18. The article of claim 16, comprising a medium storing instructions that, when executed by a processor-based system result in compiling the program in the random-execution-order including shuffling said associated data across the program during execution.
  - 19. The article of claim 18, comprising a medium storing instructions that, when executed by a processor-based system result in:
    - using the source language to identify one or more memory allocation and parallel stream objects of the program; and
      
      enabling said random-execution-order of the program based on said one or more memory allocation and parallel stream objects.
  - 20. The article of claim 16, comprising a medium storing instructions that, when executed by a processor-based system result in:
    - embedding said secret in the source code of the program; and
      
      transforming the source code of the program in a tamper-resistant manner into compiler-modified source code that is platform-independent.
  - 21. The article of claim 20, comprising a medium storing instructions that, when executed by a processor-based system result in protecting said secret from disclosure upon recompilation of the compiler-modified source code into object code on a platform-specific compiler by optimizing code obfuscation.
  - 22. The article of claim 17, comprising a medium storing instructions that, when executed by a processor-based system result in:
    - determining whether the seed indication is available for use with debug information; and
      
      if so, permitting recompilation of the program based on the seed indication and the debug information.
  - 23. The article of claim 18, comprising a medium storing instructions that, when executed by a processor-based system result in:
    - building for the program and the associated data a control flow graph indicating one or more data and code paths within the source code of the program;
      
      identifying in the associated data one or more data variables to randomly allocate as array elements;
      
      inserting code in the source code of the program to shuffle data along at least one data path of said one or more data paths for at least one data variable of said one or more data variables; and
      
      producing the same permutation of the data when more than one code paths of said one or more code paths converge to arrive at that permutation by a random, unique order of data exchanges.
  - 24. The article of claim 19, comprising a medium storing instructions that, when executed by a processor-based system result in:
    - using an applicative source language in a single-assignment semantics dialect to obtain the, source code for the program;
      
      introducing reference counting for heap-allocated objects to assist with real-time memory recycling for the single-assignment semantics dialect; and
      
      executing the program in the random-execution-order to preserve upon recompilation the single-assignment semantics dialect of the applicative source language.
  - 25. The article of claim 20, comprising a medium storing instructions that, when executed by a processor-based system result in:
    - introducing at least one of redundant and auxiliary computations in the compiler-modified source code; and
      
      detecting during recompiling whether a change is made in the at least one of redundant and auxiliary computations.

26. An article comprising a medium storing instructions that, when executed by a processor-based system result in:
- developing for a program including one or more data variables, blocks of code, jumps and a secret in a control flow graph indicative of at least one unique variable layout for said one or more data variables; and
  
  compiling the program based on said at least one unique variable layout to obscure said secret while shuffling data across the program during execution.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The article of claim 26, comprising a medium storing instructions that, when executed by a processor-based system result in identifying said one or more blocks of code as nodes and said one or more jumps as arcs of the control flow graph.
  - 28. The article of claim 27, comprising a medium storing instructions that, if executed, enable a processor-based system to perform steps including:
    - adding one or more dummy entry and exit nodes to the control flow graph;
      
      marking said one or more dummy entry and exit nodes as assigned;
      
      allocating a different array for said one or more data variables; and
      
      assigning random permutations for different variable offsets of said one or more data variables.
  - 29. The article of claim 28, comprising a medium storing instructions that, if executed, enable a processor-based system to perform steps including:
    - finding on the control flow graph a shortest connecting walk connecting two marked nodes of said one or more dummy entry and exit nodes;
      
      traversing the shortest connecting walk marking all arcs and nodes;
      
      determining whether all arcs have been marked; and
      
      if not, finding another shortest connecting walk connecting two different marked nodes.
  - 30. The article of claim 29, comprising a medium storing instructions that, if executed, enable a processor-based system to perform steps including responsive to all arcs being marked, generating code using node permutations to determine said different variable offsets in at least one block of said one or more blocks and generating additional code for at least one arc of said one or more arcs of the control flow graph.

31. A system comprising:
- a user interface to develop a program including associated data and a secret based on a source language that is applicative on said associated data;
  
  a pre-compiler coupled to said user interface to compile the program in a random-execution-order to obscure said secret; and
  
  a processor to execute said user interface and said pre-compiler.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The system of claim 31, further comprising:
    - a generator to provide a seed indication to randomly select compilation conventions for a different compilation of the program.
  - 33. The system of claim 32, further comprising:
    - a shuffling algorithm to move said associated data across the program during execution by said pre-compiler.
  - 34. The system of claim 31, wherein said user interface enables embedding of said secret in the source code of the program before said pre-compiler transforms the source code of the program in a tamper-resistant manner into compiler-modified source code that is platform independent.
  - 35. The system of claim 33, further comprising a storage medium, said user interface, said pre-compiler, said generator, and said shuffling algorithm being stored on said storage medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Graunke, Gary L.

Granted Patent

US 7,584,354 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/125 by manipulating the program...

G06F 21/14 against software analysis o...

Implementing portable content protection to secure secrets

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Implementing portable content protection to secure secrets

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links