Software self-checking systems and methods

US 9,953,159 B2
Filed: 09/02/2015
Issued: 04/24/2018
Est. Priority Date: 06/13/2001
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable storage medium, the computer-readable storage medium storing programming instructions that, if executed by a processor of a computer system, are operable to cause the computer system to perform a method comprising:

loading a memory address obfuscating value;

calculating an address locator value at least in part based on said memory address obfuscating value;

reading a first portion of memory beginning at an address determined by said calculated address locator value, said first portion of memory at least in part used to store instructions associated with a currently executing program;

calculating a first integrity check value based on the contents of said first portion of memory;

comparing said first calculated integrity check value to a first expected check value; and

initiating one or more response actions at least in part based on the results of said step of comparing said first calculated check value.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

101 Citations

View as Search Results

66 Claims

1. A non-transitory computer-readable storage medium, the computer-readable storage medium storing programming instructions that, if executed by a processor of a computer system, are operable to cause the computer system to perform a method comprising:
- loading a memory address obfuscating value;
  
  calculating an address locator value at least in part based on said memory address obfuscating value;
  
  reading a first portion of memory beginning at an address determined by said calculated address locator value, said first portion of memory at least in part used to store instructions associated with a currently executing program;
  
  calculating a first integrity check value based on the contents of said first portion of memory;
  
  comparing said first calculated integrity check value to a first expected check value; and
  
  initiating one or more response actions at least in part based on the results of said step of comparing said first calculated check value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 2. The non-transitory computer readable storage medium of claim 1, wherein the instructions further cause the computer to perform the operation of:
    - calculating a second address locator value at least in part based on a memory address obfuscating value;
      
      reading a second portion of memory beginning at an address determined by said second calculated address locator value, said second portion of memory at least in part used to store instructions associated with said currently executing program;
      
      calculating a second integrity check value based on the contents of said second portion of memory;
      
      comparing said second calculated integrity check value to a second expected check value; and
      
      initiating one or more response actions at least based on the results of said step of comparing said second calculated integrity check value.
  - 3. The non-transitory computer readable storage medium of claim 2, wherein said memory address obfuscating value used to calculate the second address locator is equal to the memory address obfuscating value used to calculate the first address locator value.
  - 4. The non-transitory computer readable storage medium of claim 2, wherein said initiating steps comprise initiating the at least one or more response actions via different access paths.
  - 5. The non-transitory computer readable storage medium of claim 2, wherein said obfuscating memory value used to calculate the second address locator value is the same obfuscating memory value used to calculate the first address locator value.
  - 6. The non-transitory computer readable storage medium of claim 2, said second portion of memory at least in part different from said first portion.
  - 7. The non-transitory computer readable storage medium of claim 2, said second portion of memory at least including a portion of said first portion of memory.
  - 8. The non-transitory computer readable storage medium of claim 2, wherein said second expected check value is equal to the first expected check value.
  - 9. The non-transitory computer readable storage medium of claim 2, wherein said first expected check value is equal to zero.
  - 10. The non-transitory computer readable storage medium of claim 9, wherein the second expected check value is equal to the first expected check value.
  - 11. The non-transitory computer readable storage medium of claim 2, wherein the step of calculating an integrity check value based on said first portion of memory is performed by instructions contained within the second portion of memory.
  - 12. The non-transitory computer readable storage medium of claim 11, wherein the step of calculating an integrity check value based on said second portion of memory is performed by instructions contained within the first portion of memory.
  - 13. The non-transitory computer readable storage medium of claim 12, wherein the instructions are configured such that no code section addresses appear in general-purpose registers during the execution of the program.
  - 14. The non-transitory computer readable storage medium of claim 2, wherein one or more of the triggering steps includes a delay before initiating the one or more response actions.
  - 15. The non-transitory computer readable storage medium of claim 2, wherein the running time to initiate the one or more response actions is configured to be of variable duration.
  - 16. The non-transitory computer readable storage medium of claim 2, wherein the instructions are configured to at repeat each of the reading steps, the calculating an integrity check value steps, and the comparing steps a plurality of times during the execution of said program.
  - 17. The non-transitory computer readable storage medium of claim 2, wherein the second portion of memory includes at least a portion of the instructions for performing said steps of reading a first portion of memory, calculating an integrity check value based on said first portion of memory, and comparing said calculated integrity check value to a first expected check value.
  - 18. The non-transitory computer readable storage medium of claim 2, wherein the second portion of memory includes all of the instructions for performing said steps of reading a first portion of memory, calculating an integrity check value based on said first portion of memory, and comparing said calculated integrity check value to a first expected check value.
  - 19. The non-transitory computer readable storage medium of claim 2, wherein said first integrity check value is calculated using a first coding of a first integrity verification algorithm and said second integrity check value is calculated using a second coding of said first integrity verification algorithm, said first coding and second coding being different but functionally equivalent implementations of said first integrity verification algorithm.
  - 20. The non-transitory computer readable storage medium of claim 19, wherein said first integrity verification algorithm is a chained hash function.
  - 21. The non-transitory computer readable storage medium of claim 2, wherein said first integrity check value is calculated using a first integrity verification algorithm and said second integrity check value is calculated using a second integrity verification algorithm.
  - 22. The non-transitory computer readable storage medium of claim 21, wherein said first integrity verification algorithm is a chained hash function.
  - 23. The non-transitory computer readable storage medium of claim 1, wherein said memory address obfuscating value is a randomly-generated or pseudorandomly-generated value.
  - 24. The non-transitory computer readable storage medium of claim 1, wherein said memory address obfuscating value was randomly-generated or pseudorandomly-generated prior to execution of the said currently executing program.
  - 25. The non-transitory computer readable storage medium of claim 1, wherein the memory address obfuscating value was determined at time of installation of said program.
  - 26. The non-transitory computer readable storage medium of claim 1, wherein said one or more response actions includes halting execution of the program.
  - 27. The non-transitory computer readable storage medium of claim 1, wherein said one or more response actions includes restricting execution of a portion of the program.
  - 28. The non-transitory computer readable storage medium of claim 1, wherein said one or more response actions includes denying access to one or or more functions of the program.
  - 29. The non-transitory computer readable storage medium of claim 1, wherein said one or more response actions includes erasing or denying the use of data.
  - 30. The non-transitory computer readable storage medium of claim 1, wherein the initiating step comprises initiating the at least one or more response actions via one of a plurality of alternative access paths.
  - 31. The non-transitory computer readable storage medium of claim 1, wherein the running time to initiate the one or more response actions is configured to be of variable duration.
  - 32. The non-transitory computer readable storage medium of claim 1, wherein the instructions are configured to at repeat each of the reading step, the calculating an integrity check value step, and the comparing step a plurality of times during the execution of said program.
  - 33. The non-transitory computer readable storage medium of claim 32, wherein the first portion of memory includes at least a portion of the instructions for performing said steps of reading a second portion of memory, calculating an integrity check value based on said second portion of memory, and comparing said calculated integrity check value to a second expected check value.

34. A method comprising:
- calculating an address locator value at least in part based on said memory address obfuscating value;
  
  reading a first portion of memory beginning at an address determined by said calculated address locator value, said first portion of memory at least in part used to store instructions associated with a currently executing program;
  
  calculating a first integrity check value based on the contents of said first portion of memory;
  
  comparing said first calculated integrity check value to a first expected check value; and
  
  initiating one or more response actions at least in part based on the results of said step of comparing said first calculated check value.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 35. The method of claim 34, wherein the instructions further cause the computer to perform the operation of:
    - calculating a second address locator value at least in part based on a memory address obfuscating value;
      
      reading a second portion of memory beginning at an address determined by said second calculated address locator value, said second portion of memory at least in part used to store instructions associated with said currently executing program;
      
      calculating a second integrity check value based on the contents of said second portion of memory;
      
      comparing said second calculated integrity check value to a second expected check value; and
      
      initiating one or more response actions at least based on the results of said step of comparing said second calculated integrity check value.
  - 36. The method of claim 35, wherein said memory address obfuscating value used to calculate the second address locator is equal to the memory address obfuscating value used to calculate the first address locator value.
  - 37. The method of claim 35, wherein said initiating steps comprise initiating the at least one or more response actions via different access paths.
  - 38. The method of claim 35, wherein said obfuscating memory value used to calculate the second address locator value is the same obfuscating memory value used to calculate the first address locator value.
  - 39. The method of claim 35, said second portion of memory at least in part different from said first portion.
  - 40. The method of claim 35, said second portion of memory at least including a portion of said first portion of memory.
  - 41. The method of claim 35, wherein said second expected check value is equal to the first expected check value.
  - 42. The method of claim 35, wherein said first expected check value is equal to zero.
  - 43. The method of claim 42, wherein the second expected check value is equal to the first expected check value.
  - 44. The method of claim 35, wherein the step of calculating an integrity check value based on said first portion of memory is performed by instructions contained within the second portion of memory.
  - 45. The method of claim 44, wherein the step of calculating an integrity check value based on said second portion of memory is performed by instructions contained within the first portion of memory.
  - 46. The method of claim 45, wherein the instructions are configured such that no code section addresses appear in general-purpose registers during the execution of the program.
  - 47. The method of claim 35, wherein one or more of the triggering steps includes a delay before initiating the one or more response actions.
  - 48. The method of claim 35, wherein the running time to initiate the one or more response actions is configured to be of variable duration.
  - 49. The method of claim 35, wherein the instructions are configured to at repeat each of the reading steps, the calculating an integrity check value steps, and the comparing steps a plurality of times during the execution of said program.
  - 50. The method of claim 35, wherein the second portion of memory includes at least a portion of the instructions for performing said steps of reading a first portion of memory, calculating an integrity check value based on said first portion of memory, and comparing said calculated integrity check value to a first expected check value.
  - 51. The method of claim 35, wherein the second portion of memory includes all of the instructions for performing said steps of reading a first portion of memory, calculating an integrity check value based on said first portion of memory, and comparing said calculated integrity check value to a first expected check value.
  - 52. The method of claim 35, wherein said first integrity check value is calculated using a first coding of a first integrity verification algorithm and said second integrity check value is calculated using a second coding of said first integrity verification algorithm, said first coding and second coding being different but functionally equivalent implementations of said first integrity verification algorithm.
  - 53. The method of claim 52, wherein said first integrity verification algorithm is a chained hash function.
  - 54. The method of claim 35,wherein said first integrity check value is calculated using a first integrity verification algorithm and said second integrity check value is calculated using a second integrity verification algorithm.
  - 55. The method of claim 54, wherein said first integrity verification algorithm is a chained hash function.
  - 56. The method of claim 34, wherein said memory address obfuscating value is a randomly-generated or pseudorandomly-generated value.
  - 57. The method of claim 34, wherein said memory address obfuscating value was randomly-generated or pseudorandomly-generated prior to execution of the said currently executing program.
  - 58. The method of claim 34, wherein the memory address obfuscating value was determined at time of installation of said program.
  - 59. The method of claim 34, wherein said one or more response actions includes halting execution of the program.
  - 60. The method of claim 34, wherein said one or more response actions includes restricting execution of a portion of the program.
  - 61. The method of claim 34, wherein said one or more response actions includes denying access to one or or more functions of the program.
  - 62. The method of claim 34, wherein said one or more response actions includes erasing or denying the use of data.
  - 63. The method of claim 34, wherein the initiating step comprises initiating the at least one or more response actions via one of a plurality of alternative access paths.
  - 64. The method of claim 34, wherein the running time to initiate the one or more response actions is configured to be of variable duration.
  - 65. The method of claim 34, wherein the instructions are configured to at repeat each of the reading step, the calculating an integrity check value step, and the comparing step a plurality of times during the execution of said program.
  - 66. The method of claim 65, wherein the first portion of memory includes at least a portion of the instructions for performing said steps of reading a second portion of memory, calculating an integrity check value based on said second portion of memory, and comparing said calculated integrity check value to a second expected check value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Horne, William G., Matheson, Lesley R., Sheehan, Casey, Tarjan, Robert E.
Primary Examiner(s)
Song, Hosuk

Application Number

US14/843,256
Publication Number

US 20170076090A1
Time in Patent Office

965 Days
Field of Search

713176, 713181, 713187, 726 22- 2, 726 26, 726 27, 714 37
US Class Current
CPC Class Codes

G06F 11/3624   by performing operations on...

G06F 21/52   during program execution, e...

G06F 21/54   by adding security routines...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 2221/2149   Restricted operating enviro...

G06F 3/0623   in relation to content

G06F 3/064   Management of blocks

G06F 3/0659   Command handling arrangemen...

G06F 3/0673   Single storage device

Software self-checking systems and methods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

66 Claims

Specification

Solutions

Use Cases

Quick Links

Software self-checking systems and methods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

66 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links