PROTECTION OF STATE DATA IN COMPUTER SYSTEM CODE

摘要

A method, system, and computer program product are provided for protecting state data of computer system code. The computer system code may be operating system code, subsystem code or application code and the item of state data is not expected to change within the execution of the computer system code. The method includes: creating or modifying an item of state data having a field value and being stored in memory for access by computer system code; registering an item of state data for protection; preserving the field value of the item of state data in a form inaccessible to third party software; validating the field value of the item of state data by comparing a current field value with the preserved field value to determine if the field value has been modified; and, if the field value has been modified, taking appropriate action.

主权项

1. A computer-implemented method for protecting state data of computer system code, the method comprising:
registering an item of state data for protection, wherein registering the item of state data for protection is carried out at system runtime when an item of state data is modified; preserving a field value of the item of state data in a form inaccessible to third party software by taking a snapshot of the item of the state data and storing it in an encrypted form; determining the field value of the item of state data has been altered greater than an acceptable deviation by comparing a current field value with the preserved field value, wherein validating the field value is carried out at specified times; and in response to the field value being altered greater than an acceptable deviation, initiating an action.