Software self-defense systems and methods
First Claim
1. A method for resisting attempts to tamper with the structure or function of a computer program, the computer program running on a first computer system and being designed to carry out one or more specified tasks, the method including:
- detecting an attempt to tamper with the structure or function of the computer program, including;
sending a message stamped with time-stamp information to a second computer system, the time-stamp information including a time offset, wherein the second computer system periodically receives the time-stamp information from the first computer system, and determines a difference between the time stamp information and a local time at the second computer system, and wherein a difference between the time stamp information and the local time at the second computer system greater than a predetermined amount is treated as an indication of an attempt to tamper with the structure or function of the first computer system;
receiving, at the first computer system, from the second computer system, an indication of attempted tampering;
delaying an additional response to detected tampering by at least a first predefined period of time following detection of attempted tampering;
responding to detected tampering by using one or more countermeasures.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program'"'"'s local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program'"'"'s operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program'"'"'s source code, object code, or executable image.
207 Citations
11 Claims
-
1. A method for resisting attempts to tamper with the structure or function of a computer program, the computer program running on a first computer system and being designed to carry out one or more specified tasks, the method including:
-
detecting an attempt to tamper with the structure or function of the computer program, including; sending a message stamped with time-stamp information to a second computer system, the time-stamp information including a time offset, wherein the second computer system periodically receives the time-stamp information from the first computer system, and determines a difference between the time stamp information and a local time at the second computer system, and wherein a difference between the time stamp information and the local time at the second computer system greater than a predetermined amount is treated as an indication of an attempt to tamper with the structure or function of the first computer system; receiving, at the first computer system, from the second computer system, an indication of attempted tampering; delaying an additional response to detected tampering by at least a first predefined period of time following detection of attempted tampering; responding to detected tampering by using one or more countermeasures. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for resisting attempts to tamper with the structure or function of a computer program, the computer program being designed to carry out one or more specified tasks, the method including:
-
detecting an attempt to tamper with the structure or function of the computer program including; transmitting, to an external agent, a message stamped with time-stamp information, the time-stamp information including a time offset wherein the external agent periodically receives the time-stamp information including the time offset from a computer system on which the computer program is running, and determines a difference between the time-stamp information and a local time at the external agent, wherein a difference between the time-stamp information and the local time at the external agent greater than a predetermined amount is treated as an indication of a attempt to tamper with the structure or function of the computer program; receiving from the external agent, an indication that an attempt to tamper with the structure or function of the computer program was detected; waiting at least a predefined period of time to respond to the attempt to tamper with the structure or function of the computer program; and
responding to the attempt to tamper with the structure or function of the computer program.
-
-
11. A system for resisting attempts to tamper with the structure or function of a computer program, the system including:
-
means for detecting attempts to tamper with the structure or function of the computer program, including; means for transmitting to an external agent a message stamped with time-stamp information, the time-stamp information including a time offset wherein the external agent periodically receives the time-stamp information including the time offset from the system, and determines a difference between the time stamp information and a local time at the external agent, wherein a difference between the time stamp information and the local time at the external agent greater than a predetermined amount is treated as an indication of an attempt to tamper with the structure or function of the computer program; means for receiving an indication that an attempt to tamper with the structure or function of the computer program was detected; and means for delaying transmission of the indication for a predefined period of time.
-
Specification