Software self-checking systems and methods

US 7,581,103 B2
Filed: 06/13/2002
Issued: 08/25/2009
Est. Priority Date: 06/13/2001
Status: Active Grant

First Claim

Patent Images

1. A method of creating a self-checking software program, the program being embodied on a computer-readable medium, the method comprising:

(a) inserting multiple self-checking code sequences into the program'"'"'s source code;

(a)(1) compiling the program'"'"'s source code to form object code;

(a)(2) rearranging basic blocks of the program'"'"'s object code such that the distribution of the multiple self-checking code sequences is changed;

(b) inserting a plurality of correctors into the rearranged object code;

(c) assigning the self-checking code sequences to overlapping portions of the program, each of said portions containing at least one corrector, and at least some of said portions containing at least part of one or more of said self-checking code sequences, wherein each self-checking code sequence is operable to calculate a function of at least one of said portions; and

(d) assigning values to the correctors, the value of each corrector being chosen such that the function calculated by a self-checking code sequence assigned to a given portion of the program containing a given corrector results in a predefined value when the given portion has not been improperly modified.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

157 Citations

View as Search Results

26 Claims

1. A method of creating a self-checking software program, the program being embodied on a computer-readable medium, the method comprising:
- (a) inserting multiple self-checking code sequences into the program'"'"'s source code;
  
  (a)(1) compiling the program'"'"'s source code to form object code;
  
  (a)(2) rearranging basic blocks of the program'"'"'s object code such that the distribution of the multiple self-checking code sequences is changed;
  
  (b) inserting a plurality of correctors into the rearranged object code;
  
  (c) assigning the self-checking code sequences to overlapping portions of the program, each of said portions containing at least one corrector, and at least some of said portions containing at least part of one or more of said self-checking code sequences, wherein each self-checking code sequence is operable to calculate a function of at least one of said portions; and
  
  (d) assigning values to the correctors, the value of each corrector being chosen such that the function calculated by a self-checking code sequence assigned to a given portion of the program containing a given corrector results in a predefined value when the given portion has not been improperly modified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, in which the self-checking code sequences are distributed in a relatively uniform fashion throughout the program'"'"'s object code.
  - 3. The method of claim 2, in which the plurality of correctors are inserted between basic blocks of the program'"'"'s object code.
  - 4. The method of claim 1, further comprising:
    - (c)(1) inserting watermark values into the program.
  - 5. The method of claim 1, in which the self-checking code sequences are assigned to overlapping portions of the program in a relatively random fashion.
  - 6. The method of claim 5, further comprising:
    - (c)(1) determining whether a graph representing the assignment of self-checking code sequences to overlapping portions of the program is strongly connected; and
      
      (c)(2) repeating step (c) if the graph is not strongly connected.
  - 7. The method of claim 1, in which the function that each self-checking code sequence is operable to calculate comprises a hash function.
  - 8. The method of claim 7, in which the hash function is invertible.
  - 9. The method of claim 8, in which the hash function is relatively lightweight.
  - 10. The method of claim 7, in which a first class of said multipleself-checking code sequences calculates a first hash function and a second class of said multiple self-checking code sequences calculates a second hash function that differs at least in part from the first hash function.
  - 11. The method of claim 10, in which a plurality of the first class ofself-checking code sequences are customized, such that each of said plurality of customized self-checking code sequences differs, at least in part, from other self-checking code sequences in the first class.
  - 12. The method of claim 4, in which steps (a) through (c) are performed before the program is distributed to an end user, and steps (c)(1) and (d) are performed after the program is distributed to the end user.
  - 13. The method of claim 1, in which the self-checking code sequences are further operable to trigger a tamper response mechanism when an improper modification of the program is detected.

14. A method of creating a dynamic self-checking program, the program being embodied on a computer-readable medium, the method comprising:
- inserting self-checking code into the program'"'"'s source code, the self-checking code being operable to perform dynamic integrity checks on overlapping intervals of the program, at least some of the overlapping intervals including portions of the self-checking code;
  
  compiling the program'"'"'s source code to form object code;
  
  rearranging basic blocks of the program'"'"'s object code such that the distribution of the multiple self-checking code sequences is changedinserting a plurality of corrector values into the rearranged object code, the inserted corrector values being chosen such that the dynamic integrity checks performed by the self-checking code result in a predefined value or values when the program has not been improperly modified.

15. A self-checking program stored in a non-volatile memory, the program comprising:
- a first code sequence configured to perform a first integrity check on a first portion of the program while the program is running;
  
  a first corrector contained within the first portion of the program, the first corrector being assigned a value such that computation of a first hash function results in a first predefined value when the first portion of the program has not been improperly modified;
  
  a second code sequence configured to perform a second integrity check on a second portion of the program while the program is running;
  
  wherein the first portion of the program and the second portion of the program overlap at least in part, and wherein the integrity of the first code sequence is checked by at least one code sequence and the integrity of the second code sequence is checked by at least one code sequence.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The self-checking program of claim 15, in which the first code sequence is further configured to trigger a first tamper response mechanism when the first integrity check indicates that the program has been improperly modified, and in which the second code sequence is further configured to trigger a second tamper response mechanism when the second integrity check indicates that the program has been improperly modified.
  - 17. The self-checking program of claim 16, in which the first tamper response mechanism and the second tamper response mechanism are the same.
  - 18. The self-checking program of claim 15, in which the first integrity check comprises computation of the first hash function of the first portion of the program, and in which the second integrity check comprises computation of a second hash function of the second portion of the program.
  - 19. The self-checking program of claim 18, further comprising:
    - a second corrector contained within the second portion of the program, the second corrector being assigned a value such that computation of the second hash function results in a second predefined value when the second portion of the program has not been improperly modified.
  - 20. The self-checking program of claim 19, wherein the first and second predefined values are the same.
  - 21. The self-checking program of claim 20, wherein the first and second predefined values are different.
  - 22. The self-checking program of claim 18, in which the first hash function is different from the second hash function.
  - 23. The self-checking program of claim 18, in which the first hash function and the second hash function are relatively lightweight.
  - 24. The self-checking program of claim 18, in which the first hash function and the second hash function are relatively easily invertible.
  - 25. The self-checking program of claim 18, in which the first hash function and the second hash function are summarizable.
  - 26. The self-checking program of claim 18, in which the first hash function and the second hash function comprise chained linear hash functions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Matheson, Lesley R., Tarjan, Robert E., Home, William G., Sheehan, Casey
Primary Examiner(s)
Song; Hosuk

Application Number

US10/172,682
Publication Number

US 20030023856A1
Time in Patent Office

2,630 Days
Field of Search

713/187, 713/176, 713/181, 714/37, 726 26- 27, 726/22
US Class Current

713/176
CPC Class Codes

G06F 11/3624   by performing operations on...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2149   Restricted operating enviro...

G06F 3/0623   in relation to content

G06F 3/064   Management of blocks

G06F 3/0659   Command handling arrangemen...

G06F 3/0673   Single storage device

Software self-checking systems and methods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

157 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Software self-checking systems and methods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others