Method, array and set of several arrays for protecting several programs and/or files from unauthorized access by a process

US 7,120,763 B1
Filed: 07/01/1999
Issued: 10/10/2006
Est. Priority Date: 08/19/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for protecting several programs from unauthorized access by processes, comprising:

assigning an address space to each program to be protected;

assigning a process file to each program to be protected, where the process file is separate from the program and includes a cryptographic value that uniquely identifies each process that may run in the address space;

forwarding, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file;

determining in the checking function whether the accessing process is listed in the process file assigned to the program byforming an accessing cryptographic value for each accessing process, andcomparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and

at least one of starting and continuing execution of the accessing process only if said comparing determines a match between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An area and a process file are assigned to each program to be protected. The process or processes that may run in the corresponding area is or are stored in a process file. When the program is running, a process attempting to access the program is checked to confirm whether the accessing process is included in the corresponding process file. The accessing process is executed only if it is included in the process file.

Citations

16 Claims

1. A method for protecting several programs from unauthorized access by processes, comprising:
- assigning an address space to each program to be protected;
  
  assigning a process file to each program to be protected, where the process file is separate from the program and includes a cryptographic value that uniquely identifies each process that may run in the address space;
  
  forwarding, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file;
  
  determining in the checking function whether the accessing process is listed in the process file assigned to the program byforming an accessing cryptographic value for each accessing process, andcomparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
  
  at least one of starting and continuing execution of the accessing process only if said comparing determines a match between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 3. A method according to claim 1,wherein a call of the accessing process is forwarded to a checking function in which the check takes place, andwherein the checking function is integrated into an operating system core of an operating system with which the programs are executed.
  - 4. A method according to claim 1, wherein in dependency on a predetermined event for each active process that runs along with a program and/or a file to be protected, a check is made to confirm whether the active process is contained in the process file that is assigned to the program to be protected, and the process is ended if that is not the case.
  - 5. A method according to claim 1, wherein a protection program performing the method according to claim 1 is stored encoded and is decoded at the start of the method.
  - 6. A method according to claim 5, wherein the programs to be protected are stored encoded and are decoded at the start of the method.
  - 7. A method according to claim 5, wherein after the decoding of the protection program, its integrity is checked and the method according to claim 1 is executed only if the integrity of the protection program is assured.
  - 8. A method according to claim 7, wherein after the integrity test of the protection program, the integrity of all processes contained in the process files is checked and the method according to claim 1 is executed only if the integrity of all of the processes contained in the process files is assured.
  - 9. A method according to claim 8, wherein after the integrity test of the processes, the integrity of the program to be protected is checked and the method according to claim 1 is executed only if the integrity of the program to be protected is assured.
  - 10. A method according to claim 9, wherein at least one of the integrity tests takes place through the use of a cryptographic method.
  - 11. A method according to claim 10, wherein the cryptographic value is formed through the use of a hash function.

2. An array for protecting several programs from unauthorized access by a process, comprising:
- a processor programmed to assign an address space and a process file to each program to be protected, where the process file is separate from the program and includes a crypto-graphic value that uniquely identifies each process that may run in the address space;
  
  to forward, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file;
  
  to determine, during execution of each program to be protected, for each accessing process that attempts to access the address space of the program, whether the accessing process is listed in the process file assigned to the program by forming an accessing cryptographic value for each accessing process and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
  
  to at least one of start and continue execution of the accessing process only if a match is found between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.
- View Dependent Claims (12)
- - 12. An array according to claim 2, wherein the processor is programmed to execute a call mechanism for a function of an operating system core with which the programs are executed, and a call of the accessing process is forwarded to a checking function to compare the accessing cryptographic value with the cryptographic value stored in the process file.

13. A method for protecting several programs from unauthorized access by processes, comprising:
- assigning an address space to each program file to be protected;
  
  assigning a process file, separate from the program file, to each program file to be protected, where the process includes at least one cryptographic value, each uniquely identifying a process that may run in the address space;
  
  forwarding, in a call mechanism for a function of an operating system core with which each program file to be protected is executed, for each accessing process that attempts to access the address space of the program file, a call of the accessing process to a checking function integrated into at least one of the address space of the program file and the process file to be protected as a dynamically integrated file;
  
  determining, during execution of each program in each program file to be protected, for each accessing process that attempts to access the address space of the program file, whether the accessing process is listed in the process file assigned to the program file byforming an accessing cryptographic value for each accessing process, andcomparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
  
  at least one of starting and continuing execution of the accessing process only if said comparing determines a match between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.

14. An array for protecting several program files from unauthorized access by a process, comprising:
- a processor programmed to assign an address space and a process file to each program file to be protected, where the process file is separate from the program file and includes a cryptographic value that uniquely identifies each process that may run in the address space;
  
  to forward, in a call mechanism for a function of an operating system core with which each program file to be protected is executed, for each accessing process that attempts to access the address space of the program file, a call of the accessing process to a checking function integrated into at least one of the address space of the program file and the process file to be protected as a dynamically integrated file;
  
  to determine, during execution of each program in each program file to be protected, for each accessing process that attempts to access the address space of the program file, whether the accessing process is listed in the process file assigned to the program file by forming an accessing cryptographic value for each accessing process and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
  
  to at least one of start and continue execution of the accessing process only if a match is found between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.

15. A set of several arrays and a server array connected with each of the several arrays, to protect several programs from unauthorized access by a process, comprisingin each of the several arrays a processor programmed to assign an address space and a process file to each program file to be protected, where the process file is separate from the program file and includes a cryptographic value that uniquely identifies each process that may run in the address space;
- to forward, in a call mechanism for a function of an operating system core with which each program to be protected is executed, for each accessing process that attempts to access the address space of the program, a call of the accessing process to a checking function integrated into at least one of the address space of the program and the process file to be protected as a dynamically integrated file;
  
  to determine, during execution of each program in each program file to be protected, for each accessing process that attempts to access the address space of the program file, whether the accessing process is listed in the process file assigned to the program file by forming an accessing cryptographic value for each accessing process and comparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file; and
  
  to at least one of start and continue execution of the accessing process only if a match is found between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process.

16. A method for protecting several programs from unauthorized access by processes, comprising:
- assigning an address space to each program to be protected;
  
  assigning a process file to each program to be protected, where the process file is separate from the program and includes a cryptographic value that uniquely identifies each process that may run in the address space;
  
  determining, during execution of each program to be protected, for each accessing process that attempts to access the address space of the program, whether the accessing process is listed in the process file assigned to the program byforming an accessing cryptographic value for each accessing process, andcomparing the accessing cryptographic value with the cryptographic value stored in the process file for each accessing process listed in the process file;
  
  at least one of starting and continuing execution of the accessing process only if said comparing determines a match between the accessing cryptographic value and the cryptographic value stored in the process file for the accessing process; and
  
  checking, at a predetermined interval of time for each active process that runs along with a program and/or a file to be protected, to confirm whether the active process is contained in the process file that is assigned to the program and/or the file to be protected, and the process is ended if that is not the case.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Siemens AG
Original Assignee
Siemens AG
Inventors
Schäfer, Manfred
Primary Examiner(s)
Revak, Christopher
Assistant Examiner(s)
Sherkat, Arezoo

Application Number

US09/763,029
Time in Patent Office

2,658 Days
Field of Search

713/193, 713/155, 713/176, 713/179, 713/187, 713/200, 713/201, 705/55, 710/220, 711/202, 711152-153, 711/163
US Class Current

711/152
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 9/46   Multiprogramming arrangements

G06F 9/468   Specific access rights for ...

Method, array and set of several arrays for protecting several programs and/or files from unauthorized access by a process

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method, array and set of several arrays for protecting several programs and/or files from unauthorized access by a process

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links