Defense-in-depth security for bytecode executables

US 8,694,548 B2
Filed: 12/22/2011
Issued: 04/08/2014
Est. Priority Date: 01/02/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

assembling a plurality of files to include a file natively executable on a processor to perform a defense-in-depth process and a non-native executable file executable on the processor only through an interpretation process, wherein the interpretation process provides an environment in which to execute the non-native executable file;

executing the defense-in-depth process on the processor to perform a prescribed sequence of security tasks, with the launching and performance of a subsequent security task relying upon completion of a preceding security task, and failure to complete any one of which prohibits allocation of processor resources to the interpretation process; and

providing the non-native executable file to the interpretation process for execution, contingent upon completion of specific security tasks in the prescribed sequence of security tasks, to execute a target process on the processor upon which the processor resources are being allocated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Defense-in Depth security defines a set of graduated security tasks, each of which performs a task that must complete before another task can complete. Only when these tasks complete successfully and in the order prescribed by Defense-in-Depth security criteria is a final process allowed to execute. Through such Defense-in-Depth security measures, vulnerable software, such as bytecode, can be verified as unaltered and executed in a secure environment that prohibits unsecured access to the underlying code.

37 Citations

21 Claims

1. A method comprising:
- assembling a plurality of files to include a file natively executable on a processor to perform a defense-in-depth process and a non-native executable file executable on the processor only through an interpretation process, wherein the interpretation process provides an environment in which to execute the non-native executable file;
  
  executing the defense-in-depth process on the processor to perform a prescribed sequence of security tasks, with the launching and performance of a subsequent security task relying upon completion of a preceding security task, and failure to complete any one of which prohibits allocation of processor resources to the interpretation process; and
  
  providing the non-native executable file to the interpretation process for execution, contingent upon completion of specific security tasks in the prescribed sequence of security tasks, to execute a target process on the processor upon which the processor resources are being allocated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein assembling the files includes:
    - computing a hash key for each of a set of the files; and
      
      storing the hash key for each of the files in the natively executable file.
  - 3. The method of claim 2, wherein executing the defense-in-depth process includes:
    - performing as one of the tasks;
      
      computing the hash key for each of the files at a destination processor on which the defense-in-depth process executes; and
      
      comparing the hash key computed at the destination with the corresponding hash key stored in the natively executable file; and
      
      terminating the defense-in-depth process upon the comparison revealing a mismatch of any hash key.
  - 4. The method of claim 3, wherein assembling the files includes:
    - including natively executable processor instructions in the set of the files that, when executed by the destination processor, executes a virtual machine as the interpretation process;
      
      and wherein executing the defense-in-depth process includes;
      
      instantiating the virtual machine upon the comparison revealing a match of all hash keys.
  - 5. The method of claim 4, wherein assembling the files includes:
    - encrypting the non-native executable file with an encryption key; and
      
      storing the encryption key in the natively executable file.
  - 6. The method of claim 5, wherein executing the defense-in-depth process includes:
    - providing the encryption key to a decryption process executing in the virtual machine; and
      
      decrypting the non-native executable file in the virtual machine.
  - 7. The method of claim 6, wherein providing the non-native executable file includes:
    - executing instructions in the non-native executable file in the virtual machine subsequent to the decryption thereof.
  - 8. The method of claim 7, wherein assembling the files includes:
    - generating text compliant with a computer programming language descriptive of the hash key for each of the set of files and the encryption key;
      
      storing the generated text in a source code file with other text defining the defense-in-depth process; and
      
      compiling the source code into the natively executable file.
  - 9. The method of claim 8, wherein assembling the files includes:
    - establishing a predetermined file structure for the files;
      
      generating additional text compliant with the computer programming language descriptive of the file structure;
      
      storing the additional text in the source code file; and
      
      compiling the source code into the natively executable file.

10. An apparatus comprising:
- a source memory to store a plurality of files;
  
  a destination memory to store the files as assembled and delivered in a data package; and
  
  a processor communicatively coupled to the destination memory and configured to;
  
  accept the data package and store a set of the files therefrom in the destination memory;
  
  execute a set of processor instructions of a defense-in-depth process to perform a prescribed sequence of security tasks, with the launching and performance of a subsequent security task relying upon completion of a preceding security task, and failure to complete any one of which prohibits allocation of processor resources to an interpretation process; and
  
  provide a bytecode file to the interpretation process for execution, contingent upon completion of specific security tasks in the prescribed sequence of security tasks by the defense-in-depth process, to execute a target process on the processor upon which the processor resources are being allocated.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The apparatus of claim 10, further comprising a source processor communicatively coupled to the source memory and configured to:
    - compute a hash key for each of a set of the files; and
      
      store the hash key for each of the files in a natively executable file containing the processor instructions of the defense-in-depth process.
  - 12. The apparatus of claim 11, wherein the processor is further configured to:
    - compute the hash key values for each of the files;
      
      compare the computed hash key value with the corresponding hash key stored in the natively executable file; and
      
      terminate the defense-in-depth process upon the comparison revealing a mismatch of any hash key.
  - 13. The apparatus of claim 12, wherein the source processor is further configured to:
    - including processor instructions in the set of the files that, when executed by the processor, executes a virtual machine as the interpretation process; and
      
      instantiating the virtual machine upon the comparison revealing a match of all hash keys.
  - 14. The apparatus of claim 13, wherein the source processor is further configured to:
    - encrypt the byte code file with an encryption key; and
      
      store the encryption key in the natively executable file.
  - 15. The apparatus of claim 14, wherein the processor is further configured to:
    - provide the encryption key to a decryption process executing in the virtual machine; and
      
      decrypt the bytecode file in the virtual machine.
  - 16. The apparatus of claim 15, wherein the processor is further configured to:
    - execute instructions in the bytecode file in the virtual machine subsequent to the decryption thereof.
  - 17. The apparatus of claim 16, wherein the source processor is further configured to:
    - generate text compliant with a computer programming language descriptive of the hash key for each of the set of files and the encryption key;
      
      store the generated text in a source code file with other text defining the defense-in-depth process; and
      
      compile the source code into the natively executable file.

18. A non-transitory computer readable medium having instructions encoded thereon that, when executed by a processor, are operable to cause the processor to:
- accept a data package and store a set of files therefrom in a destination memory;
  
  execute a defense-in-depth process to perform a prescribed sequence of security tasks, with the launching and performance of a subsequent security task relying upon completion of a preceding security task, and failure to complete any one of which prohibits allocation of processor resources to an interpretation process; and
  
  provide a bytecode file to the interpretation process for execution, contingent upon completion of specific security tasks in the prescribed sequence of security tasks by the defense-in-depth process, to execute a target process on the processor upon which the processor resources are being allocated.
- View Dependent Claims (19, 20, 21)
- - 19. The non-transitory computer readable medium of claim 18, and further comprising instructions operable to:
    - retrieve a natively executable file and an encrypted bytecode file from the set of files;
      
      retrieve from the natively executable file an encryption key;
      
      launch a virtual machine as the interpretation process; and
      
      decrypt the encrypted bytecode file within the virtual machine.
  - 20. The non-transitory computer readable medium of claim 18, further comprising instructions operable to store the data package.
  - 21. The non-transitory computer readable medium of claim 18, further comprising instructions operable to:
    - compute a hash key for each of a set of the files from the data package;
      
      encrypt the bytecode file with an encryption key;
      
      generate text compliant with a computer programming language descriptive of the hash key for each of the set of the files and the encryption key;
      
      store the generated text in a source code file with other text defining the defense-in-depth process; and
      
      compile the source code into a natively executable file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Devalla, Sreenivas, Kothe, Sridhararao V., Kumar, Nakka Siva Kishore, Raju, Satyanarayana D V
Primary Examiner(s)
Beausoliel, Jr., Robert
Assistant Examiner(s)
ALLEN, NICHOLAS E

Application Number

US13/334,587
Publication Number

US 20120173497A1
Time in Patent Office

838 Days
Field of Search

707/698, 726/2, 726/19
US Class Current

707/798
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/2149   Restricted operating enviro...

Defense-in-depth security for bytecode executables

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

37 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Defense-in-depth security for bytecode executables

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links