| 摘要 |
Software manufacturers examine their module and determine a range of addresses in memory which the module occupies. A protected range of addresses in memory is predefined to not allow changes, such as patching by hackers. Each manufacturer delivers the range of addresses describing the protected area and a known good version of their module to other manufacturers that they want to interoperate with. The other manufacturers return digital signatures on the protected area, and these digital signatures are stored in the first manufacturer's module. Correspondingly, the other manufacturers do the same with their own modules. Then, in order to effect a secure communication channel between two modules the modules first pass each other the signatures previously produced. Then, to ensure that communication is being effected with an authentic authorized module, through the use of the signature and the address ranges in the protected area, each module checks that the other module has not been patched. They each further verify that all the entry points in the other module they intend to call are in fact within the protected area. In the event that both modules are verified as being trustworthy, the modules now call each other freely. However, each module, when it is called must verify that it was called from within the protected area of the other module.
|
