WO2004066071A3 - Run time code integrity checks - Google Patents

Run time code integrity checks Download PDF

Info

Publication number
WO2004066071A3
WO2004066071A3 PCT/US2004/001050 US2004001050W WO2004066071A3 WO 2004066071 A3 WO2004066071 A3 WO 2004066071A3 US 2004001050 W US2004001050 W US 2004001050W WO 2004066071 A3 WO2004066071 A3 WO 2004066071A3
Authority
WO
WIPO (PCT)
Prior art keywords
fingerprint
run time
time code
integrity checks
program unit
Prior art date
Application number
PCT/US2004/001050
Other languages
French (fr)
Other versions
WO2004066071A2 (en
Inventor
Jong Eduard K De
Original Assignee
Sun Microsystems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Microsystems Inc filed Critical Sun Microsystems Inc
Priority to EP04702236A priority Critical patent/EP1584017A2/en
Publication of WO2004066071A2 publication Critical patent/WO2004066071A2/en
Publication of WO2004066071A3 publication Critical patent/WO2004066071A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/77Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

A method for detecting tampered program data comprising at least one program unit includes receiving a request for use of the at least one program unit, computing a first fingerprint over stored data associated with the at least one program unit and determining whether the stored data is valid based at least in part on whether the first fingerprint matches a second fingerprint. The second fingerprint is computed over the stored data prior to receiving the request for use of the at least one program unit.
PCT/US2004/001050 2003-01-16 2004-01-14 Run time code integrity checks WO2004066071A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP04702236A EP1584017A2 (en) 2003-01-16 2004-01-14 Run time code integrity checks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/346,243 2003-01-16
US10/346,243 US20040143739A1 (en) 2003-01-16 2003-01-16 Run time code integrity checks

Publications (2)

Publication Number Publication Date
WO2004066071A2 WO2004066071A2 (en) 2004-08-05
WO2004066071A3 true WO2004066071A3 (en) 2005-08-04

Family

ID=32712097

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2004/001050 WO2004066071A2 (en) 2003-01-16 2004-01-14 Run time code integrity checks

Country Status (3)

Country Link
US (1) US20040143739A1 (en)
EP (1) EP1584017A2 (en)
WO (1) WO2004066071A2 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060047955A1 (en) * 2004-08-30 2006-03-02 Axalto Inc. Application code integrity check during virtual machine runtime
GB0601849D0 (en) * 2006-01-30 2006-03-08 Ttp Communications Ltd Method of maintaining software integrity
US7526530B2 (en) * 2006-05-05 2009-04-28 Adobe Systems Incorporated System and method for cacheing web files
US7979685B1 (en) * 2007-11-27 2011-07-12 Oracle America, Inc. Multiple instruction execution mode resource-constrained device
WO2009152511A2 (en) * 2008-06-13 2009-12-17 Board Of Regents, The University Of Texas System Control flow deviation detection for software security
KR101685633B1 (en) * 2009-01-05 2016-12-12 삼성전자주식회사 Memory system
US8966635B2 (en) * 2012-02-24 2015-02-24 Hewlett-Packard Development Company, L.P. Software module object analysis
EP2735992B1 (en) * 2012-11-22 2018-03-28 Nxp B.V. Software identification
EP2782006B1 (en) * 2013-03-19 2018-06-13 Nxp B.V. Process and system for verifying computer program on a smart card
CN103544037B (en) * 2013-10-29 2016-08-17 飞天诚信科技股份有限公司 The implementation method that a kind of software and hardware supporting OpenSC drives
JP7195796B2 (en) * 2018-07-23 2022-12-26 キヤノン株式会社 Information processing device, control method for information processing device, and program

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6092147A (en) * 1997-04-15 2000-07-18 Sun Microsystems, Inc. Virtual machine with securely distributed bytecode verification
WO2001050230A2 (en) * 2000-01-04 2001-07-12 Sigma Game, Inc. Electronic security technique for gaming software
US6367012B1 (en) * 1996-12-06 2002-04-02 Microsoft Corporation Embedding certifications in executable files for network transmission
US20020165961A1 (en) * 2001-04-19 2002-11-07 Everdell Peter B. Network device including dedicated resources control plane

Family Cites Families (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5421016A (en) * 1991-12-12 1995-05-30 International Business Machines Corporation System and method for dynamically invoking object methods from an application designed for static method invocation
US6131159A (en) * 1992-05-08 2000-10-10 Paradyne Corporation System for downloading programs
DE69402955T2 (en) * 1994-02-08 1997-08-14 Belle Gate Invest Bv Data exchange system with portable data processing units
US6006033A (en) * 1994-08-15 1999-12-21 International Business Machines Corporation Method and system for reordering the instructions of a computer program to optimize its execution
US5748964A (en) * 1994-12-20 1998-05-05 Sun Microsystems, Inc. Bytecode program interpreter apparatus and method with pre-verification of data type restrictions
US6948070B1 (en) * 1995-02-13 2005-09-20 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
JP2986059B2 (en) * 1995-03-08 1999-12-06 インターナショナル・ビジネス・マシーンズ・コーポレイション Battery charger
ES2153455T3 (en) * 1995-08-04 2001-03-01 Belle Gate Invest B V DATA EXCHANGE SYSTEM THAT INCLUDES PORTABLE DATA PROCESSING UNITS.
US5812662A (en) * 1995-12-18 1998-09-22 United Microelectronics Corporation Method and apparatus to protect computer software
US5930509A (en) * 1996-01-29 1999-07-27 Digital Equipment Corporation Method and apparatus for performing binary translation
US5889999A (en) * 1996-05-15 1999-03-30 Motorola, Inc. Method and apparatus for sequencing computer instruction execution in a data processing system
US5781723A (en) * 1996-06-03 1998-07-14 Microsoft Corporation System and method for self-identifying a portable information device to a computing unit
US5761513A (en) * 1996-07-01 1998-06-02 Sun Microsystems, Inc. System and method for exception handling in dynamically linked programs
US6463581B1 (en) * 1996-10-03 2002-10-08 International Business Machines Corporation Method for determining reachable methods in object-oriented applications that use class libraries
MY126363A (en) * 1996-10-25 2006-09-29 Gemalto Sa Using a high level programming language with a microcontroller
US6141681A (en) * 1997-03-07 2000-10-31 Advanced Micro Devices, Inc. Method of and apparatus for transferring and interpreting a data package
US5950009A (en) * 1997-03-10 1999-09-07 International Business Machines Coporation Method and apparatus for profile-based reordering of program portions in a computer program
ATE281680T1 (en) * 1997-03-24 2004-11-15 Visa Int Service Ass SYSTEM AND METHOD FOR A MULTIPURPOSE CHIP CARD WHICH ALLOWS SUBSEQUENT STORAGE OF AN APPLICATION ON THIS CARD
US6314562B1 (en) * 1997-09-12 2001-11-06 Microsoft Corporation Method and system for anticipatory optimization of computer programs
US6233733B1 (en) * 1997-09-30 2001-05-15 Sun Microsystems, Inc. Method for generating a Java bytecode data flow graph
US5991774A (en) * 1997-12-22 1999-11-23 Schneider Automation Inc. Method for identifying the validity of an executable file description by appending the checksum and the version ID of the file to an end thereof
US5999732A (en) * 1998-03-23 1999-12-07 Sun Microsystems, Inc. Techniques for reducing the cost of dynamic class initialization checks in compiled code
US6205465B1 (en) * 1998-07-22 2001-03-20 Cisco Technology, Inc. Component extensible parallel execution of multiple threads assembled from program components specified with partial inter-component sequence information
GB2341249A (en) * 1998-08-17 2000-03-08 Connected Place Limited A method of generating a difference file defining differences between an updated file and a base file
US6223340B1 (en) * 1998-10-09 2001-04-24 Sun Microsystems, Inc. Method for directly inlining virtual calls without on-stack replacement
CA2347684A1 (en) * 1998-10-27 2000-05-04 Visa International Service Association Delegated management of smart card applications
EP1129417A4 (en) * 1998-12-04 2004-06-30 Technology Enabling Company Ll Systems and methods for organizing data
US6272674B1 (en) * 1998-12-14 2001-08-07 Nortel Networks Limited Method and apparatus for loading a Java application program
US6526571B1 (en) * 1999-03-16 2003-02-25 International Business Machines Corporation Method for identifying calls in java packages whose targets are guaranteed to belong to the same package
US7430670B1 (en) * 1999-07-29 2008-09-30 Intertrust Technologies Corp. Software self-defense systems and methods
US6981212B1 (en) * 1999-09-30 2005-12-27 International Business Machines Corporation Extensible markup language (XML) server pages having custom document object model (DOM) tags
US6792536B1 (en) * 1999-10-20 2004-09-14 Timecertain Llc Smart card system and methods for proving dates in digital files
US6427088B1 (en) * 2000-01-21 2002-07-30 Medtronic Minimed, Inc. Ambulatory medical apparatus and method using telemetry system with predefined reception listening periods
FR2805059A1 (en) * 2000-02-10 2001-08-17 Bull Cp8 METHOD FOR LOADING A SOFTWARE PART IN A CHIP CARD, PARTICULARLY OF THE TYPE SAID "APPLET"
FR2809200B1 (en) * 2000-05-17 2003-01-24 Bull Cp8 METHOD FOR SECURING A LANGUAGE OF THE TYPE TYPE, IN PARTICULAR IN AN ON-BOARD SYSTEM AND ON-BOARD SYSTEM FOR IMPLEMENTING THE METHOD
US6880086B2 (en) * 2000-05-20 2005-04-12 Ciena Corporation Signatures for facilitating hot upgrades of modular software components
US20030028811A1 (en) * 2000-07-12 2003-02-06 Walker John David Method, apparatus and system for authenticating fingerprints, and communicating and processing commands and information based on the fingerprint authentication
JP3707727B2 (en) * 2000-10-30 2005-10-19 インターナショナル・ビジネス・マシーンズ・コーポレーション Program optimization method and compiler using the same
US20020147918A1 (en) * 2001-04-05 2002-10-10 Osthoff Harro R. System and method for securing information in memory
US6828960B2 (en) * 2001-09-28 2004-12-07 Hewlett-Packard Development Company, L.P. Electronic writing instrument with fingerprint scanner
US20030095690A1 (en) * 2001-11-16 2003-05-22 Acer Inc. Wireless fingerprint identity apparatus and method
US20040083469A1 (en) * 2002-10-23 2004-04-29 Ping-Sheng Chen Method for updating firmware of optical disk system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6367012B1 (en) * 1996-12-06 2002-04-02 Microsoft Corporation Embedding certifications in executable files for network transmission
US6092147A (en) * 1997-04-15 2000-07-18 Sun Microsystems, Inc. Virtual machine with securely distributed bytecode verification
WO2001050230A2 (en) * 2000-01-04 2001-07-12 Sigma Game, Inc. Electronic security technique for gaming software
US20020165961A1 (en) * 2001-04-19 2002-11-07 Everdell Peter B. Network device including dedicated resources control plane

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MARK RUSSINOVICH: "Inside On-Access Virus Scanners", WINDOWS IT PRO, September 1997 (1997-09-01), XP002298829, Retrieved from the Internet <URL:<http://www.winntmag.com/Articles/print.cfm?ArticleID=300> [retrieved on 20041001] *

Also Published As

Publication number Publication date
EP1584017A2 (en) 2005-10-12
US20040143739A1 (en) 2004-07-22
WO2004066071A2 (en) 2004-08-05

Similar Documents

Publication Publication Date Title
WO2003090050A3 (en) System and method for detecting malicicous code
MX2007007561A (en) Self-adaptive multimodal biometric authentication system and method.
GB0003920D0 (en) Computer system
WO2002033525A3 (en) A method and system for detecting rogue software
CA2321017A1 (en) Method and system for transparent time-based selective software rejuvenation
WO2004066071A3 (en) Run time code integrity checks
WO2003019459A3 (en) Method and apparatus for article authentication
EP1353291A3 (en) Fingerprint authenticating system using a small fingerprint sensor
WO2003091880A3 (en) Enhancements to data integrity verification mechanism
WO2005029369A3 (en) Data profiling
WO2007110142A8 (en) A method for making a secure personal card and its working process
WO2004086171A3 (en) Methods and apparatus for facilitating a transaction
WO2008042220A3 (en) User interface and identification in a medical device system and method
WO2006017774A3 (en) Method for preventing virus infection in a computer
WO2005045550A3 (en) Password recovery system and method
WO2006047566A3 (en) Enhanced contextual user assistance
WO2007071606A3 (en) Cache injection using semi-synchronous memory copy operation
EP1605709A3 (en) Method and system for validating configuration data in a private branch exchange switch
WO2003098398A3 (en) Methods and apparatus for a title transaction network
WO2004114075A3 (en) Method, system, and apparatus for identification number authentication
EP1562152A3 (en) Credit-points managing apparatus, vehicle, credit-points calculating method, and a computer product
WO2005017664A3 (en) Methods and systems for providing benchmark information under controlled access
WO2006058313A3 (en) Method to control access between network endpoints based on trust scores calculated from information system component analysis
WO2005017663A3 (en) Methods and systems for providing benchmark information under controlled access
TW200745899A (en) Digital rights management engine systems and methods

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 2004702236

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2004702236

Country of ref document: EP