Tamper response mechanism
First Claim
Patent Images
1. A method comprising:
- identifying, by one or more computing devices configured to respond to detected program tampering, global pointers associated with a program;
selecting, by the one or more computing devices, a particular global pointer to intentionally corrupt;
determining, by the one or more computing devices, a time to corrupt the selected global pointer; and
intentionally corrupting, by the one or more computing devices, the selected global pointer in response to detecting tampering with the program, wherein the corrupting includes setting a value of the selected global pointer to NULL or to a value outside of program address space.
2 Assignments
0 Petitions
Accused Products
Abstract
A tamper response mechanism introduces a delayed failure into a program in response to detected tampering with the program. The mechanism determines a manner of responding to the detected tampering. The manner of responding may include corrupting a global pointer or using other techniques. The mechanism also determines when to respond to the tampering and implements the response at the determined time.
21 Citations
18 Claims
-
1. A method comprising:
-
identifying, by one or more computing devices configured to respond to detected program tampering, global pointers associated with a program; selecting, by the one or more computing devices, a particular global pointer to intentionally corrupt; determining, by the one or more computing devices, a time to corrupt the selected global pointer; and intentionally corrupting, by the one or more computing devices, the selected global pointer in response to detecting tampering with the program, wherein the corrupting includes setting a value of the selected global pointer to NULL or to a value outside of program address space. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
determining, by one or more computing devices configured to detect program tampering, a manner of responding to detected tampering with a program, wherein the manner of responding causes-the program to terminate normal operation; determining, by the one or more computing devices, when to respond to the detected tampering, wherein the response occurs at a future time; and upon detection of tampering with the program, implementing, by the one or more computing devices, the response at the determined time, wherein the manner of responding includes setting an array index to fall beyond the array'"'"'s limits. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A method of responding to detection of tampering with a program, the method comprising:
-
detecting, by one or more computing devices configured to detect program tampering, locations where global variables are used in the program; generating, by the one or more computing devices, a global call graph associated with the program; generating, by the one or more computing devices, a dynamic trace associated with the program, wherein the dynamic trace identifies entering and exiting functions in the program; selecting, by the one or more computing devices, global variables and corruption sites based on the global variables, the global call graph, and the dynamic trace; and corrupting, by the one or more computing devices, the selected global variables at the corruption sites by adding random offsets to the global variables. - View Dependent Claims (18)
-
Specification