| 发明名称 |
System and method of interlocking to protect software-mediated program and device behaviours |
| 摘要 |
Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed. |
| 申请公布号 |
US8752032(B2) |
申请公布日期 |
2014.06.10 |
| 申请号 |
US20070709654 |
申请日期 |
2007.02.23 |
| 申请人 |
Irdeto Canada Corporation |
发明人 |
Johnson Harold Joseph;Gu Yuan Xiang;Zhou Yongxin |
| 分类号 |
G06F9/45;G06F12/14 |
主分类号 |
G06F9/45 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for thwarting tampering with software, the method comprising a processor executing:
a) receiving source code of said software; b) converting said source code into an intermediate form defining basic blocks and dominating relationships among said basic blocks, wherein said intermediate form is represented as a control flow graph; c) selecting a computation of at least one first basic block and a computation of at least one second basic block, where said at least one second basic block is dominated by said at least one first basic block; d) encoding said computation of said at least one first basic block and said computation of said at least one second basic block using data encodings with an obfuscated function; e) setting coefficients of said data encodings in said at least one second basic block to be dependent on outputs from said at least one first basic block, wherein tampering with said at least one first basic block causes computations in the at least one second basic block to malfunction due to incorrect data encodings; and (f) randomly selecting from automatically generated mixed- Boolean-arithmetic (MBA) identities and performing substitutions according to the selected MBA identities in said data encodings in said at least one first basic block and said at least one second basic block, wherein said MBA identities are generated by means of a generator based on at least one of converting bitwise expressions to linear MBA identities and deriving MBA identities from linearly-dependent truth tables.
|
| 地址 |
Ottawa CA |
