US2014237622A1PendingUtilityA1

System and method for inserting security mechanisms into a software program

47
Assignee: ARXAN TECHNOLOGIES INCPriority: Mar 24, 2003Filed: Aug 12, 2013Published: Aug 21, 2014
Est. expiryMar 24, 2023(expired)· nominal 20-yr term from priority
G06F 21/604G06F 2221/2145G06F 21/54
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method for protecting a software program from unauthorized modification or exploitation. A software security mechanism according to the present invention is difficult for a hacker or cracker to detect and/or defeat, but does not impose excessive runtime overhead on the host software program. The present invention further comprises a system and method for automating the injection of a software security mechanism according to the present invention into a host software program.

Claims

exact text as granted — not AI-modified
We claim: 
     
         1 . A system for automating the installation of one or more software security mechanisms into a software program, the system comprising:
 a computer having a memory;   a first software program resident in the memory, the first software program having a predetermined functionality;   a second software program resident in the memory, the second software program creating a protected version of the first software program by injecting a plurality of guards into the first software program without disrupting the predetermined functionality of the first software program, the plurality of guards causing the protected version of the first software program to execute improperly when one of the plurality of guards detects tampering with the protected version of the first software program; and   a third software program resident in the memory, the third software program comprising program instructions, wherein the second software program injects the plurality of guards into the first software program in response to the program instructions of the third software program.   
     
     
         2 . The system of  claim 1 , wherein at least one of the plurality of guards takes a defensive action during execution of the protected version of the first software program when detecting unauthorized modification of the protected version of the first software program. 
     
     
         3 . The system of  claim 1 , wherein when creating the protected version of the first software program, the second software program iteratively applies at least one code obfuscation technique to the first software program until a predetermined level of code obfuscation is achieved. 
     
     
         4 . A method for increasing the tamper resistance of a host software program using a plurality of guards, the host software program having a predetermined functionality, each of the plurality of guards deterring tampering with the host software program, the method comprising:
 defining a guard schema comprising a syntax for a guard script language, the guard script language comprising a plurality of guard script commands;   defining a guard script comprising a self-protection scheme desired for the host software program, the guard script comprising at least one guard script command of the guard script language;   automatically building a document object model from the guard script using a guard script interpreter running on a computer having a processor; and   automatically traversing the document object model using a document object model parser running on the computer, the document object model parser building a command list for injecting the plurality of guards into the host software program without disrupting the predetermined functionality of the host software program, the host software program executing improperly when one of the plurality of guards detects tampering with the host software program.   
     
     
         5 . The method of  claim 4 , wherein defining a guard script comprises:
 inserting markers into a source code version of the host software program, the markers being arranged within the host software program according to the self-protection scheme desired for the host software program; and   utilizing the markers in defining the guard script, the guard script being defined consistent with the guard schema.   
     
     
         6 . The method of  claim 4 , wherein automatically building a document object model comprises:
 reading the guard script; and   parsing the guard script for consistency with the guard schema.   
     
     
         7 . The method of  claim 4 , wherein the document object model comprises a plurality of nodes, and wherein automatically traversing the document object model comprises:
 detecting at least one of the plurality of nodes of the document object model; and   building a command list representative of the detected nodes of the plurality of nodes.   
     
     
         8 . A method for increasing tamper resistance using of a plurality of guards, each of the plurality of guards being configured to deter tampering, the method comprising:
 loading a host software program having a predetermined functionality in a memory of a computer;   inserting markers into the host software program, the markers being arranged within the host software program according to a protection scheme desired for the host software program;   defining a threat model for the host software program, the threat model defining relative importance of defending against various threats to the host software program;   defining constraints on size and performance of the host software program; and   injecting the plurality of guards into the host software program in accordance with the markers, the threat model, and the constraints using a guard injection program running on the computer, the guard injection program injecting the plurality of guards without disrupting the predetermined functionality of the host software program, the host software program executing improperly when one of the plurality of guards detects tampering with the host software program.   
     
     
         9 . The method of  claim 8 , wherein injecting the plurality of guards into the host software program comprises:
 automatically defining a guard script using the computer by analyzing the markers, the threat model, and the constraints;   building a document object model using the guard script; and   building a command list for injecting the plurality of guards into the host software program by traversing the document object model.   
     
     
         10 . The method of  claim 9 , wherein building a document object model using the guard script comprises:
 reading the guard script; and   parsing the guard script for consistency with a guard schema.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.