System Providing Methodology for Securing Interfaces of Executable Files
First Claim
1. A method for securing a program comprised of a plurality of interoperable components, the method comprising:
- extracting information about a function of a first component of the program that is callable by at least one other component of the program;
securing the extracted information;
in response to an attempt by a second component of the program to invoke the function of the first component, validating authenticity of the second component; and
if the second component is validated, providing access to the function of the first component using the secured extracted information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system providing methodology for securing interfaces of executable files is described. In one embodiment, for example, a method is described for securing a program comprised of a plurality of interoperable components, the method comprises steps of: extracting information about a function of a first component of the program that is callable by at least one other component of the program; securing the extracted information; in response to an attempt by a second component of the program to invoke the function of the first component, validating authenticity of the second component; and if the second component is validated, providing access to the function of the first component using the secured extracted information.
72 Citations
60 Claims
-
1. A method for securing a program comprised of a plurality of interoperable components, the method comprising:
-
extracting information about a function of a first component of the program that is callable by at least one other component of the program;
securing the extracted information;
in response to an attempt by a second component of the program to invoke the function of the first component, validating authenticity of the second component; and
if the second component is validated, providing access to the function of the first component using the secured extracted information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for securing a program comprised of a plurality of modules, at least one of the modules having export information for allowing other modules to invoke its program code, the method comprising:
-
generating signatures for at least some of the program'"'"'s modules;
as the program is loaded, validating said signatures so as to verify authenticity of respective modules of the program;
for each module having program code that may be invoked by another module, removing that module'"'"'s export information;
securely storing any removed export information;
for each module having its export information removed, blocking any attempt from another module to invoke its program code if the other module cannot be authenticated; and
if the other module is authenticated, allowing the attempt to proceed using the securely stored export information. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system for securing a program comprised of a plurality of interoperable components, the system comprising:
-
a module for extracting information about a function of a first component of the program that is callable by at least one other component of the program;
a module for securing the extracted information;
a validation module for validating authenticity of a second component attempting to invoke the function of the first component; and
a security module for blocking the attempt to invoke the function of the first component if the second component cannot be authenticated. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A method for securing an exported function of a program, the method comprising:
-
extracting export information about the exported function of the program;
securing the extracted export information;
intercepting an attempt to access the exported function by an importer;
authenticating the importer for determining whether to permit access to the exported function; and
if the importer is authenticated, providing access to the exported function based on the secured extracted export information. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
Specification