Method of protecting the integrity of a computer program

US 7,228,434 B2
Filed: 06/19/2002
Issued: 06/05/2007
Est. Priority Date: 03/26/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of protecting the integrity of a computer program running on a computer device, comprising the steps of:

starting execution of the program, detecting whether or not an unauthorized modification of the address space of the program has occurred, terminating program execution if an unauthorized modification is detected and continuing program execution if no such modification has been detected; and

wherein the detecting step further comprises detecting unauthorized modification of program modules of the program and run-time libraries used by program.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of protecting the integrity of a computer program running on a computer device includes a procedure of detecting whether or not an unauthorized modification of the address space of the program has occurred and terminating program execution if an authorized modification is detected and continuing program execution if no such modification has been detected. A communication method between at least two communication parties of a computing device includes the step of generating at each of the communication parties for every communication sequence at runtime a private key and a public key for a digital signature, making available the public key to the other communication parties and performing the communication between the communication parties using a digital signature based on the private and public keys. Both methods provide improved protection against possible violations of integrity and authenticity by malicious programs on a local computer system.

Citations

29 Claims

1. A method of protecting the integrity of a computer program running on a computer device, comprising the steps of:
- starting execution of the program, detecting whether or not an unauthorized modification of the address space of the program has occurred, terminating program execution if an unauthorized modification is detected and continuing program execution if no such modification has been detected; and
  
  wherein the detecting step further comprises detecting unauthorized modification of program modules of the program and run-time libraries used by program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 22, 29)
- - 2. The method of claim 1, wherein an error message is issued if an unauthorized modification of the address space of the program is detected.
  - 3. The method of claim 1, wherein the detection step comprises a comparison between a hash-function of the program address space with a reference hash-value.
  - 4. The method of claim 3, wherein a cryptographically strong hash-function having a length of at least 100 bits, preferably at least 160 bits, is used.
  - 5. The method of claim 3 or 4, comprising a program installation procedure including the steps of, computing a hash-function h (M) of the program modules, and computing a hash-function h (L) of the run-time libraries.
  - 6. The method of claim 5, wherein the installation procedure comprises computing the hash-function h (M) of modules provided by the author of the program and of external modules provided by the operating environment.
  - 7. The method of claim 5 or 6, wherein the installation procedure is repeated if a program update is installed.
  - 8. The method of claim 5, 6 or 7, wherein h (M) and h (L) are stored in a modification-protected storage area (54;
    - 121) of the computing device.
  - 9. The method of claim 8, wherein the detection step comprises computing the hash-function h* (M) of the program modules and h* (L) of the run-time libraries upon starting program execution, and comparing h* (M) and h* (L) with the hash-functions h (M) and h (L) stored in the modification-protected storage area.
  - 10. The method of claim 3 to 9, comprising using an asm-function to obtain the names of the program modules and the names of the run-time libraries of the address space of the program.
  - 11. The method of one of claims 8 to 10, wherein the modification protection of the modification-protected storage area is realized by the operating environment via access controls and/or user accounts.
  - 12. The method of one of claims 8 to 11, wherein the program itself is granted temporary access to the modification-protected storage area during the installation procedure.
  - 13. The method of one of claims 3 to 12, wherein the detection step comprises identifying missing, added or modified program modules.
  - 14. The method of one of claims 1 to 13, wherein the protected program is a security-sensitive program like a digital signature program, financial transaction program or the like.
  - 15. Computing device, comprising a processor unit (51), at least one storage device (53), input/output units (52), being programmed to perform a method of one claims 1 to 14.
  - 16. A computer program comprising program code for performing a method of one of claims 1 to 14.
  - 17. A storage medium having stored thereon a computer program comprising program code for performing a method of one of claims 1 to 15.
  - 22. The method of one of claims 18 to 21, comprising an integrity-protection procedure according to one of claims 1 to 14 when operation of the communication party starts.
  - 29. The method of one of claim 5 or 6, wherein the installation procedure is repeated if a program update is installed.

18. A communication method between at least two communication parties (A, B) of a computing device, comprising the steps of:
- starting a communication sequence between the at least two communication parties, generating at each of the communication parties for every communication sequence a private key and a public key for a digital signature, making the public key of one communication party available to the other communication party, and exchanging encrypted messages between the communication parties with attached digital signatures using the respective private and public keys.
- View Dependent Claims (19, 20, 21, 23, 24, 25)
- - 19. The method of claim 18, comprising the steps of writing the public key of each communication party in a predefined fixed address in a modification-protected storage area.
  - 20. The meted of claim 18 or 19, comprising the step of invalidating the public key of each communication party upon terminating a communication sequence.
  - 21. The method claim 19 or 20, comprising an installation procedure for each communication party, which comprises the steps of:
    - defining a modification-protected storage area, hard-code into the modification-protected storage area a fixed address for the public key of the communication party, and hardcode into the modification-protected storage area the fixed addresses of the public keys of all other communication parties, to which secure communication should be enabled.
  - 23. The method of one of claims 18 to 22, wherein the communication parties are local modules of a computer system.
  - 24. A computer program comprising program code for performing the method of one of claims 18 to 23 when executed on a computer.
  - 25. A storage medium having stored thereon a computer program of claim 24.

26. A computing device comprising a plurality of functional modules (A, B, C, D), which communicate with each other, comprising:
- a key generating unit (212) for generating a private key and a corresponding public key, a signature attaching unit (211) for providing a message with attached digital signature using the private key, a modification-protected memory area (214) having a fixed address for storing the public key, and further fixed addresses of the public keys of the other modules to which secure communication should be enabled, and a signature verifying unit (210) for verifying received messages from the other modules using the respective public keys of the sender modules.
- View Dependent Claims (27, 28)
- - 27. The computing device of claim 26, wherein the competing device is a personal computer.
  - 28. The computing device of claim 26, wherein the computing device is a mobile device like a laptop, a personal digital assistant or a mobile phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Soteres GmbH
Original Assignee
Soteres GmbH
Inventors
Zisowski, Frank
Primary Examiner(s)
PEESO, THOMAS R

Application Number

US10/175,343
Publication Number

US 20030188174A1
Time in Patent Office

1,812 Days
Field of Search

713187-189, 713/193, 713/194, 713/200, 713/201
US Class Current

713/187
CPC Class Codes

G06F 21/52 during program execution, e...

Method of protecting the integrity of a computer program

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method of protecting the integrity of a computer program

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links