System and method for verifying the integrity of read-only components in deployed mixed-mode applications

摘要

A method of ensuring the integrity of read-only components in deployed mixed-mode applications that includes generating a digital fingerprint prior to the deployment of a mixed-mode application is discussed. The digital fingerprint is based on a read-only component in the mixed-mode application and uniquely identifies the read-only component. The method also deploys the mixed-mode application and the digital fingerprint. Additionally, the method verifies, at execution time by using the digital fingerprint, that the read-only component in the mixed-mode deployed application that served as the basis for the digital fingerprint is identical to the same read-only component originally packaged with the mixed-mode application.

主权项

1. A method comprising:
generating at least one digital fingerprint, prior to deploying a mixed-mode application, based on a read-only component of the mixed-mode application,
the read-only component being in a non-encrypted format, andgenerating the least one digital fingerprint being performed by a device; encrypting the at least one digital fingerprint by using a public key of a recipient execution environment,
encrypting the at least one digital fingerprint being performed by the device; encrypting pseudo-code of the mixed-mode application separately from encrypting the at least one digital fingerprint, by using another key,
the other key being different from the public key,andencrypting the pseudo-code being performed by the device; and deploying, for execution by the recipient execution environment, the mixed-mode application by deploying the read-only code component, the encrypted at least one digital fingerprint, and the encrypted pseudo-code to the recipient execution environment,
deploying the mixed-mode application being performed by the device,the encrypted pseudo-code being loaded by a virtual machine, andthe pseudo-code being executed by the virtual machine.