Binding a protected application program to shell code

US 20070174571A1
Filed: 01/25/2006
Published: 07/26/2007
Est. Priority Date: 01/25/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method of binding a security code shell module to an application, comprising the steps of:

a. creating a resource, performed by the shell module;

b. attempting to access the resource performed by the application; and

c. if the access is not successful, terminating the application.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for binding a protected application to a shell module. The shell module is appended to the application. The shell module executes prior to the execution of the application, and first creates a resource. After the shell module finishes execution, the application tries to access the created resource. If the access is successful, the application is allowed to proceed. Otherwise, the application terminates. The inability of the application to access the resource is an indication that the shell module never actually created the resource. This suggests that the shell module never executed; the shell module may have been either removed or functionally disconnected from the application. This further implies that the security functionality of the shell module has not executed. The application is therefore not permitted to execute, since the shell'"'"'s security checks have probably not been performed.

15 Citations

View as Search Results

25 Claims

1. A method of binding a security code shell module to an application, comprising the steps of:
- a. creating a resource, performed by the shell module;
  
  b. attempting to access the resource performed by the application; and
  
  c. if the access is not successful, terminating the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the resource comprises allocated memory, said method further comprising:
    - d. storing an agreed upon value into the allocated memory;
      
      e. saving an indication of the address of the allocated memory, performed by the shell module after step a. and before step b.
  - 3. The method of claim 2, wherein the indication of the address comprises an address of the allocated memory.
  - 4. The method of claim 2, wherein the indication of the address comprises an address of the allocated memory, in combination with a constant known to both the application and the shell module.
  - 5. The method of claim 4, wherein at least a portion of the constant is supplied by a developer of the application.
  - 6. The method of claim 4, wherein the combination of the constant and the address of the allocated memory comprises a bitwise XOR of the known constant and the address.
  - 7. The method of claim 2, wherein at least a portion of the agreed upon value is supplied by a developer of the application.
  - 8. The method of claim 2, wherein the indication of the address of the allocated memory is saved in an executable header of the application.
  - 9. The method of claim 8, wherein said step b. comprises:
    - i. attempting to retrieve the indication of the address from the executable header, wherein failure to retrieve the indication of the address from the executable header represents unsuccessful access of the resource.
  - 10. The method of claim 9, wherein said step b further comprises:
    - ii. reading the contents of the allocated memory; and
      
      iii. determining if the read contents match the agreed upon value, wherein failure to match the agreed upon value represents unsuccessful access of the resource.
  - 11. The method of claim 1, wherein the resource comprises a named resource.
  - 12. The method of claim 11, wherein the named resource comprises a mutex.
  - 13. The method of claim 11, wherein a named resource comprises a semaphore.
  - 14. The method of claim 11, wherein said step a comprises deriving a name for the named resource.
  - 15. The method of claim 14, wherein said derivation of the name for the named resource comprises:
    - i. obtaining name information; and
      
      ii. creating the name based on the name information and wherein said step b. comprises;
      
      i. retrieving the name information;
      
      ii. creating the name based on the name information; and
      
      iii. attempting to access the named resource using the created name.
  - 16. The method of claim 15, wherein the name information comprises information supplied by a developer of the application.
  - 17. The method of claim 15, wherein the name information comprises a process specific value.
  - 18. The method of claim 17, wherein said process specific value comprises the start time of a process.
  - 19. The method of claim 17, wherein said process specific value comprises a process ID.

20. A computer program product comprising a computer useable medium having computer program logic recorded thereon, which, when executed on a computer, binds a security code shell module to an application, said computer program logic comprising:
- first computer program logic, in the shell module, that causes the computer to create a resource;
  
  second computer program logic, in the application, that causes the computer to attempt to access the resource; and
  
  third computer program logic that causes the computer to terminate the application if the access is not successful.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The computer program product of claim 20, wherein the resource comprises allocated memory, said computer program product further comprising:
    - fourth computer program logic that causes the computer to store an agreed upon value into the allocated memory; and
      
      fifth computer program logic that causes the computer to save an indication of the address of the allocated memory, wherein said fourth and fifth computer program logic execute after said first and before said second computer program logic.
  - 22. The computer program product of claim 21, wherein the indication of the address of the allocated memory is saved in an executable header of the application.
  - 23. The computer program product of claim 22, wherein said second computer program logic comprises:
    - i. computer program logic that causes the computer to attempt to retrieve the indication of the address from the executable header, wherein failure to retrieve the indication of the address from the executable header represents unsuccessful access of the resource;
      
      ii. computer program logic that causes the computer to read the contents of the allocated memory; and
      
      iii. computer program logic that causes the computer determine if the read contents match the agreed upon value, wherein failure to match the agreed upon value represents unsuccessful access of the resource.
  - 24. The computer program product of claim 20, wherein the resource comprises a named resource.
  - 25. The computer program product of claim 24, wherein said first computer program logic comprises:
    - i. computer program logic that causes the computer to obtaining name information;
      
      ii. computer program logic that causes the computer to create a name for the resource based on the name information and wherein said second computer program logic comprises;
      
      i. computer program logic that causes the computer to retrieve the name information;
      
      ii. computer program logic that causes the computer to create the name based on the name information; and
      
      iii. computer program logic that causes the computer to attempt to access the named resource using the created name, wherein failure to access the named resource using the created name represents unsuccessful access of the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Incorporated (Thales SA)
Original Assignee
SafeNet Incorporated (Thales SA)
Inventors
Elteto, Laszlo

Application Number

US11/338,690
Publication Number

US 20070174571A1
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 21/125 by manipulating the program...

Binding a protected application program to shell code

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Binding a protected application program to shell code

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links