摘要 |
There is described a method of protecting an item of software. The method comprises (a) identifying an invariant which holds true at a specified point in the item of software; and (b) generating a protected item of software by inserting code at the specified point in the item of software. The code, when executed by a processor, is arranged to check whether the invariant holds true and, in response to the invariant not holding true, is arranged to invoke a security incident procedure. There is further described an apparatus arranged to carry out the method of protecting an item of software. There is also described a computer program which, when executed by a processor, causes the processor to carry out the method of protecting an item of software. There is additionally described a computer-readable medium storing the aforementioned computer program. Moreover, there is described an item of software comprising code at a first location, wherein the code, when executed by a processor, is arranged to check whether an invariant holds true at the first location and, in response to the invariant not holding true, is arranged to invoke a security incident procedure. |