摘要 |
<p>An integrity verification process and associated apparatus to detect tampering or other alterations to computer code (software) or other computer files, and especially useful to detect tampering with code by hackers who might try to plant their own malicious code in the software. To make the verification process more robust versus hackers, each e.g., object code file to be protected is first selected using some sort of rule, then partitioned into variable length blocks or portions, the lengths varying in an unpredictable manner. Each portion has its checksum or hash value computed. An accompanying verification file is created which includes a vector for each portion including the portion's start address in memory, length, and the computed checksum or hash value. When the code is later to be run (executed) the verification file is conventionally read and each portion is verified by computing its checksum or hash value using the same algorithm as before, and comparing that to the value in the associated verification file vector. Lack of a match in the two values indicates tampering, so execution of the code can be halted.</p> |