Method of secure function loading

US 7,181,603 B2
Filed: 03/12/2002
Issued: 02/20/2007
Est. Priority Date: 03/12/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of providing a securely loaded function for calling by a program module in place of calling an operating system function comprising:

obtaining object code for the securely loaded function from a signed binary description file;

performing signature and integrity verification of the program module using the signed binary description file;

loading the object code for the securely loaded function into memory; and

updating an address for calling the securely loaded function by the program module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Redirecting function calls through a protected environment to effect secure linkage of program modules. In one embodiment, a program module, such as a player application for example, may make function calls to secure functions instead of to insecure operating system (OS) services, thereby deterring attacks on the player'"'"'s calls to OS services. In one embodiment, the new secure functions provide similar functionality to the replaced OS services. Providing a securely loaded function for calling by a program module in place of calling an insecure OS function includes obtaining object code for the securely loaded function from a signed binary description file, performing signature and integrity verification of the program module using the signed binary description file, loading the object code for the securely loaded function into memory, and updating an address for calling the securely loaded function by the program module.

46 Citations

View as Search Results

27 Claims

1. A method of providing a securely loaded function for calling by a program module in place of calling an operating system function comprising:
- obtaining object code for the securely loaded function from a signed binary description file;
  
  performing signature and integrity verification of the program module using the signed binary description file;
  
  loading the object code for the securely loaded function into memory; and
  
  updating an address for calling the securely loaded function by the program module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein obtaining the object code for the securely loaded function comprises decrypting the object code stored in the signed binary description file prior to loading the object code.
  - 3. The method of claim 2, further comprising updating the object code according to a plurality of relocation offsets to relocate the securely loaded function.
  - 4. The method of claim 3, further comprising obtaining the relocation offsets from the signed binary description file.
  - 5. The method of claim 2, wherein updating the address for calling the securely loaded function by the program module comprises updating a data structure within the program module by applying target edits specified by a plurality of target relocation offsets to selected elements of the data structure to redirect at least one selected function call by the program module from an operating system function to the securely loaded function.
  - 6. The method of claim 5, further comprising obtaining the target relocation offsets from the signed binary description file.
  - 7. The method of claim 5, further comprising computing a hash value for a code image of the program module after the target edits have been applied.
  - 8. The method of claim 1, wherein the obtaining, performing, loading and updating occur within a hidden execution mode.
  - 9. The method of claim 1, further comprising calling the securely loaded function by the program module, integrity of the securely loaded function and the program module being continuously verified within an integrity verified execution environment.

10. An article comprising:
- a machine accessible medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for providing a securely loaded function for calling by a program module in place of calling an operating system function byobtaining object code for the securely loaded function from a signed binary description file;
  
  performing signature and integrity verification of the program module using the signed binary description file;
  
  loading the object code for the securely loaded function into memory; and
  
  updating an address for calling the securely loaded function by the program module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The article of claim 10, wherein instructions for obtaining the object code for the securely loaded function comprise instructions for decrypting the object code stored In the signed binary description file prior to loading the object code.
  - 12. The article of claim 11, further comprising instructions for updating the object code according to a plurality of relocation offsets to relocate the securely loaded function.
  - 13. The article of claim 12, further comprising instructions for obtaining the relocation offsets from the signed binary description file.
  - 14. The article of claim 11, wherein instructions for updating the address for calling the securely loaded function by the program module comprise instructions for updating a data structure within the program module by applying target edits specified by a plurality of target relocation offsets to selected elements of the data structure to redirect at least one selected function call by the program module from an operating system function to the securely loaded function.
  - 15. The article of claim 14, further comprising instructions for obtaining the target relocation offsets from the signed binary description file.
  - 16. The article of claim 14, further comprising instructions for computing a hash value for a code image of the program module after the target edits have been applied.
  - 17. The article of claim 10, wherein the obtaining, performing, loading and updating occur within a hidden execution mode.
  - 18. The article of claim 10, further comprising instructions for calling the securely loaded function by the program module, integrity of the securely loaded function and the program module being continuously verified within an integrity verified execution environment.

19. A system for providing a securely loaded function comprising:
- a memory to storea program module having a data structure storing an address of a call to an operating system function;
  
  a signed binary description file storing the securely loaded function;
  
  an agent to continuously verify the integrity of the program module, the agent including a secure loader to obtain the securely loaded function from the signed binary description file, to load the securely loaded function into memory, and to update the address to reference the securely loaded function in place of the operating system function; and
  
  a processor to execute instructions implementing the program module and agent when the program module and agent are read from the memory.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The system of claim 19, wherein the program module and the agent operate within an integrity verified execution environment.
  - 21. The system of claim 19, wherein the agent operates within a hidden execution mode.
  - 22. The system of claim 19, wherein the agent is tamper resistant.
  - 23. The system of claim 19, wherein the data structure comprises an import table storing addresses to functions.
  - 24. The system of claim 19, wherein the program module comprises a player application program to play digital content.
  - 25. The system of claim 19, wherein the securely loaded function stored in the signed binary description file is encrypted and the secure loader decrypts the encrypted function prior to loading.
  - 26. The system of claim 19, wherein the agent performs a hash of a code image of the program module after the address is updated for use in continuous integrity verification of the program module after loading of the function.
  - 27. The system of claim 19, wherein the signed binary description file comprises a plurality of target relocation offsets, a plurality of object code relocation offsets, and object code for the securely loaded function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Rothrock, Lewis V., Maliszewski, Richard L.
Primary Examiner(s)
Moise; Emmanuel L.
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US10/096,685
Publication Number

US 20030177371A1
Time in Patent Office

1,806 Days
Field of Search

705/57, 705/58, 713/1, 713/2, 713/175, 713/176, 713/187, 713/190, 713/191, 713/193, 713/194, 726/22, 726/26, 726/30
US Class Current

713/1
CPC Class Codes

G06F 21/51 at application loading time...

H04L 9/3247 involving digital signatures

Method of secure function loading

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method of secure function loading

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links