System providing methodology for securing interfaces of executable files
First Claim
1. A method for securing a program comprised of a plurality of interoperable components, the method comprising:
- extracting export information about a function of a first component of the program that is callable by at least one other component of the program, wherein said extracting step includes removing the export information from an export table of the first component;
securing the extracted export information;
in response to an attempt by a second component to invoke the function of the first component, validating authenticity of the second component;
if the authenticity of the second component is validated, providing access to the function of the first component using the secured extracted export information; and
otherwise, blocking the attempt by the second component to invoke the function.
1 Assignment
0 Petitions
Accused Products
Abstract
A system providing methodology for securing interfaces of executable files is described. In one embodiment, for example, a method is described for securing a program comprised of a plurality of interoperable components, the method comprises steps of: extracting information about a function of a first component of the program that is callable by at least one other component of the program; securing the extracted information; in response to an attempt by a second component of the program to invoke the function of the first component, validating authenticity of the second component; and if the second component is validated, providing access to the function of the first component using the secured extracted information.
84 Citations
55 Claims
-
1. A method for securing a program comprised of a plurality of interoperable components, the method comprising:
-
extracting export information about a function of a first component of the program that is callable by at least one other component of the program, wherein said extracting step includes removing the export information from an export table of the first component; securing the extracted export information; in response to an attempt by a second component to invoke the function of the first component, validating authenticity of the second component; if the authenticity of the second component is validated, providing access to the function of the first component using the secured extracted export information; and otherwise, blocking the attempt by the second component to invoke the function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for securing a program comprised of a plurality of modules, at least one of the modules having export information for allowing other modules to invoke its program code, the method comprising:
-
generating signatures for at least some of the program'"'"'s modules; as the program is loaded, validating said signatures so as to verify authenticity of respective modules of the program; for each module having program code that may be invoked by another module, removing that modules export information, wherein said removing step includes removing information from an export table; securely storing any removed export information; for each module having its export information removed, blocking any attempt from another module to invoke its program code if the other module cannot be authenticated; and if the other module is authenticated, allowing the attempt to proceed using the securely stored export information. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for securing a program comprised of a plurality of interoperable components, the system comprising:
-
a module for extracting export information about a function of a first component of the program that is callable by at least one other component of the program wherein the module for extracting removes an export table entry for the function of the first component; a module for securing the extracted export information; a validation module for validating authenticity of a second component attempting to obtain export information to invoke the function of the first component, validating authenticity of the second component; and a security module for blocking the attempt to invoke the function of the first component if the second component cannot be authenticated. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
-
42. A method for securing an exported function of a program, the method comprising:
-
extracting export information about the exported function of the program, wherein said extracting step includes removing an export table entry for the exported function; securing the extracted export information; intercepting an attempt to access the exported function by an importer; authenticating the importer for determining whether to permit access to the exported function; if the importer is authenticated, providing access to the exported function based on the secured extracted export information; and otherwise, blocking access to the exported function. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
Specification