Method and system for tamperproofing software
First Claim
1. Method of protecting host application code comprising a plurality of code blocks, the method comprising:
- preprocessing the host application code;
obfuscating the host application code;
installing a guard in the host application code to protect a client block, the client block being at least one code block;
randomly rearranging the code blocks of the host application code without rearranging the code blocks that have already been protected;
linking the rearranged host application code with other resources to produce a binary executable image; and
patching the binary executable image with data values to be used by the guard.
5 Assignments
0 Petitions
Accused Products
Abstract
Method of protecting host application code comprising a plurality of code blocks. The method includes steps of preprocessing the host application code; obfuscating the host application code; installing guards in the host application code to protect client blocks; randomly rearranging the code blocks of the host application code; linking the rearranged host application code with other resources to produce a binary executable image; and patching the binary executable image with data values to be used by the guard. The method can be used to install a plurality of guards to form a distributed network of guards that cooperatively protect the host application code and the other guards in the network. The installation of the guards can be performed automatically using a guard formation graph; and guard formation graph customization parameters. The obfuscation step can include control flow graph merging, cloning, and data-aliasing.
-
Citations
21 Claims
-
1. Method of protecting host application code comprising a plurality of code blocks, the method comprising:
-
preprocessing the host application code;
obfuscating the host application code;
installing a guard in the host application code to protect a client block, the client block being at least one code block;
randomly rearranging the code blocks of the host application code without rearranging the code blocks that have already been protected;
linking the rearranged host application code with other resources to produce a binary executable image; and
patching the binary executable image with data values to be used by the guard. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 13, 14, 15, 16, 17, 18, 20)
-
-
11. The method of claim I, wherein the obfuscating step comprises:
-
identifying a set of candidate blocks having the same program instructions in the same order with possibly conflicting parameter values;
selecting candidate blocks that do not share a predecessor block with any other candidate block of the set of candidate blocks, and are not a predecessor of itself or of any other candidate block of the set of candidate blocks;
for each candidate block that has no predecessor block, creating an empty code block as the predecessor block of that candidate block;
merging the set of candidate blocks into a merged block;
updating control flow instructions in the predecessor blocks of each of the candidate blocks to direct control flow to the merged block;
identifying each conflicting set of values in the set of candidate blocks, including any successor flow value that directs control flow from the merged block to the appropriate successor block for each candidate block of the set of candidate blocks;
assigning an assigned variable to each conflicting set of values;
pre-computing the set of conflicting values for each assigned variable; and
initializing each assigned variable in the host application code to contain the appropriate value from the set of conflicting values before use of the assigned variable by the merged block. - View Dependent Claims (12)
-
-
19. The method of claim I, further comprising:
removing symbol tables from the binary executable image.
-
21. Method of coordinating the installation of a guard network to protect host code, the guard network being formed by a plurality of guards, the protection being specified by the portions of the host code and the guard network that is to be protected by each guard of the plurality of guards, and how each guard of the plurality of guards is to perform the protection, the method of coordinating the installation of the guard network comprising:
-
selecting a next guard of the plurality of guards to be installed in the guard network such that the next guard protects host code only, protects other guards that have already been installed, or protects host code and other guards that have already been installed; and
installing the next guard.
-
Specification