Method of secure function loading
First Claim
1. A method of providing a securely loaded function for calling by a program module in place of calling an operating system function comprising:
- obtaining object code for the securely loaded function from a signed binary description file;
performing signature and integrity verification of the program module using the signed binary description file;
loading the object code for the securely loaded function into memory; and
updating an address for calling the securely loaded function by the program module.
1 Assignment
0 Petitions
Accused Products
Abstract
Redirecting function calls through a protected environment to effect secure linkage of program modules. In one embodiment, a program module, such as a player application for example, may make function calls to secure functions instead of to insecure operating system (OS) services, thereby deterring attacks on the player'"'"'s calls to OS services. In one embodiment, the new secure functions provide similar functionality to the replaced OS services. Providing a securely loaded function for calling by a program module in place of calling an insecure OS function includes obtaining object code for the securely loaded function from a signed binary description file, performing signature and integrity verification of the program module using the signed binary description file, loading the object code for the securely loaded function into memory, and updating an address for calling the securely loaded function by the program module.
-
Citations
27 Claims
-
1. A method of providing a securely loaded function for calling by a program module in place of calling an operating system function comprising:
-
obtaining object code for the securely loaded function from a signed binary description file; performing signature and integrity verification of the program module using the signed binary description file; loading the object code for the securely loaded function into memory; and updating an address for calling the securely loaded function by the program module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article comprising:
- a machine accessible medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for providing a securely loaded function for calling by a program module in place of calling an operating system function by
obtaining object code for the securely loaded function from a signed binary description file; performing signature and integrity verification of the program module using the signed binary description file; loading the object code for the securely loaded function into memory; and updating an address for calling the securely loaded function by the program module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- a machine accessible medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for providing a securely loaded function for calling by a program module in place of calling an operating system function by
-
19. A system for providing a securely loaded function comprising:
-
a memory to store a program module having a data structure storing an address of a call to an operating system function; a signed binary description file storing the securely loaded function; an agent to continuously verify the integrity of the program module, the agent including a secure loader to obtain the securely loaded function from the signed binary description file, to load the securely loaded function into memory, and to update the address to reference the securely loaded function in place of the operating system function; and a processor to execute instructions implementing the program module and agent when the program module and agent are read from the memory. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification