Securing distributable content against hostile attacks

US 20050050355A1
Filed: 08/29/2003
Published: 03/03/2005
Est. Priority Date: 08/29/2003
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

dynamically obtaining one or more program operators from source code; and

applying data transformation to a portion of the source code based on one of said one or more program operators to provide encrypting compiler-generated code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, the present invention may perform a transformation based on existing program operations or operators which may provide encrypting compiler-generated code for compilation with original source code, securing distributable content in hostile environments. As an example, use of compiler analysis and heuristics for pairing variables and identifying encryption/decryption points may protect distributable software, such as the compiled code from automated attacks. In one embodiment, pre-compiler software may dynamically obtain one or more program operators from the source code for applying data transformation based on custom ciphers to encrypt/decrypt data in between references to data variables in a particular portion of the source code, providing encrypting compiler-generated code for mixing with the source code prior to compilation into tamper-resistant object code.

Citations

27 Claims

1. A method comprising:
- dynamically obtaining one or more program operators from source code; and
  
  applying data transformation to a portion of the source code based on one of said one or more program operators to provide encrypting compiler-generated code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, including mixing the encrypting compiler-generated code with the source code other than said portion before compilation.
  - 3. The method of claim 1, further comprising deriving from the source code at least one compiler-generated operator for said data transformation.
  - 4. The method of claim 3, further comprising performing encryption using at least one of said at least one compiler-generated operator and said at least one of said one or more program operators.
  - 5. The method of claim 1, further comprising selectively encrypting one or more regions of the source code with a custom cipher formed from said at least one of said one or more program operators.
  - 6. The method of claim 1, including:
    - determining at least two references for each variable of a variable pair to selectively encrypt and decrypt data in between said at least two references; and
      
      associating at least two data values with each variable of the variable pair for encryption of the data in a first transformation and decryption of the data in a second transformation.
  - 7. The method of claim 6, further comprising:
    - iteratively forming matching pairs of said data values for each variable of the variable pair; and
      
      creating interlocking Feistal networks in each iteration involving a different matching pair of said data values.
  - 8. The method of claim 7, further comprising:
    - enabling detection of usage of one or more redundant computations in the interlocking Feistal networks; and
      
      in response to a change in at least one of the one or more redundant computations, provisioning for corruption of unrelated data values relative to said data values.

9. A method comprising:
- analyzing flow of data in source code having one or more program operators to determine matching references to a pair of variables;
  
  determining a block of the source code in which said pair of variables is not used;
  
  associating the matching references based on a heuristic to provide data encryption to modify a portion of the source code into encrypting compiler-generated code; and
  
  mixing the encrypting compiler-generated code with the source code.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, wherein analyzing flow of data further including:
    - detecting a first region of the source code in which use of a stored value for at least one variable of said pair of variables occurs; and
      
      detecting a second region of the source code in which the stored value is defined for the at least one variable of said pair of variables.
  - 11. The method of claim 9, including utilizing the heuristic to enhance obfuscation of the encrypting compiler-generated code within the source code using at least one of said one or more program operators.

12. A method comprising:
- identifying a first reference point and a second reference point within a set of blocks of source code having one or more program operators;
  
  associating an encryption code in proximity to the first reference point and associating a decryption code in proximity to the second reference point; and
  
  compiling a portion of the source code into encrypting compiler-generated code to mix with the source code other than said portion.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, further comprising:
    - customizing a cipher based on at least one of said one or more program operators;
      
      selecting a block from the set of blocks, the block containing a first variable having a maximum distance over the set of blocks, and a second variable having a next maximal distance in the same block;
      
      providing the encryption code to encrypt data in between a pair of references to the first and second variables; and
      
      providing the decryption code to decrypt said data.
  - 14. The method of claim 13, further comprising recompiling the encrypting compiler-generated code with the source code other than said portion into tamper resistant object code.
  - 15. The method of claim 13, including:
    - deriving from the source code at least one compiler-generated operator for data flow transformation; and
      
      using at least one of said at least one compiler-generated operator and said at least one of said one or more program operators to provide the encryption code.

16. An article comprising a medium storing instructions that, if executed enable a system to:
- dynamically obtain one or more program operators from source code; and
  
  apply data transformation to a portion of the source code based on one of said one or more program operators to form encrypting compiler-generated code.
- View Dependent Claims (17, 18, 19)
- - 17. The article of claim 16, further comprising instructions that if executed enable the system to mix the encrypting compiler-generated code with the source code other than said portion.
  - 18. The article of claim 16, further comprising instructions that, if executed enable the system to use at least one compiler-generated operator and said at least one of said one or more program operators for encryption.
  - 19. The article of claim 16, further comprising instructions that, if executed enable the system to selectively encrypt one or more regions of the source code with a cipher formed from said at least one of said one or more program operators.

20. An apparatus comprising:
- an analyzer to perform data flow analysis of source code to dynamically obtain one or more program operators therefrom; and
  
  a code transformer coupled to said analyzer to apply data transformation to select a selected region of the source code in which to provide encrypting compiler-generated code based on one of said one or more program operators.
- View Dependent Claims (21, 22, 23)
- - 21. The apparatus of claim 20, further comprising a cipher based on said at least one of one or more program operators.
  - 22. The apparatus of claim 20, further comprising an encryption engine to selectively encrypt and decrypt the selected region based on references to a variable identified in the selected region.
  - 23. The apparatus of claim 22, further comprising a heuristic to select the selected region and the references.

24. A system comprising:
- a dynamic random access memory having source code stored therein;
  
  an analyzer to perform data flow analysis of the source code to dynamically obtain one or more program operators therefrom; and
  
  a code transformer coupled to said analyzer to apply data transformation to select a selected region of the source code to provide encrypting compiler-generated code based on one of said one or more program operators.
- View Dependent Claims (25, 26, 27)
- - 25. The system of claim 24, further comprising a cipher based on said at least one of one or more program operators.
  - 26. The system of claim 24, further comprising an encryption engine to selectively encrypt and decrypt the selected region based on references to a variable identified in the selected region.
  - 27. The system of claim 26, further comprising a heuristic to select the selected region and the references.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Graunke, Gary L.

Granted Patent

US 7,366,914 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/14 against software analysis o...

H04L 9/06 the encryption apparatus us...

Securing distributable content against hostile attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Securing distributable content against hostile attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links