Claims
- 1. A method of creating a self-checking software program, the method comprising:
(a) inserting multiple self-checking code sequences into the program, each self-checking code sequence being operable to calculate a function of a portion of the program; (b) inserting a plurality of correctors into the program; (c) assigning the self-checking code sequences to overlapping portions of the program, each portion containing at least one corrector; and (d) assigning values to the correctors, the value of the correctors being chosen such that the function calculated by the self-checking code sequence assigned to a given portion of the program results in a predefined value if the given portion has not been improperly modified.
- 2. A method as in claim 1, in which the multiple self-checking code sequences are inserted into the program's source code, the method further comprising:
(a)(1) compiling the program's source code to form object code; and (a)(2) rearranging basic blocks of the program's object code such that the self-checking code sequences are distributed in a relatively uniform fashion throughout the program's object code.
- 3. A method as in claim 2, in which the plurality of correctors are inserted between basic blocks of the program's object code.
- 4. A method as in claim 1, further comprising:
(c)(1) inserting watermark values into the program.
- 5. A method as in claim 1, in which the self-checking code sequences are assigned to overlapping portions of the program in a relatively random fashion.
- 6. A method as in claim 5, further comprising:
(c)(1) determining whether a graph representing the assignment of self-checking code sequences to overlapping portions of the program is strongly connected; and (c)(2) repeating step (c) if the graph is not strongly connected.
- 7. A method as in claim 1, in which the function that each self-checking code sequence is operable to calculate comprises a hash function.
- 8. A method as in claim 7, in which the hash function is invertible.
- 9. A method as in claim 8, in which the hash function is relatively lightweight.
- 10. A method as in claim 7, in which a first class of said multiple self-checking code sequences calculates a first hash function and a second class of said multiple self-checking code sequences calculates a second hash function that differs at least in part from the first hash function.
- 11. A method as in claim 10, in which a plurality of the first class of self-checking code sequences are customized, such that each of said plurality of customized self-checking code sequences differs, at least in part, from other self-checking code sequences in the first class.
- 12. A method as in claim 4, in which steps (a) through (c) are performed before the program is distributed to an end user, and steps (c)(1) and (d) are performed after the program is distributed to the end user.
- 13. A method as in claim 1, in which the self-checking code sequences are further operable to trigger a tamper response mechanism if an improper modification of the program is detected.
- 14. A method of creating a dynamic self-checking program, the method comprising: inserting self-checking code into the program, the self-checking code being operable to perform dynamic integrity checks on overlapping intervals of the program.
- 15. The method of claim 14, further comprising:
inserting corrector values into the program, the corrector values being chosen such that the dynamic integrity checks performed by the self-checking code result in a predefined value or values if the program has not been improperly modified.
- 16. A self-checking program comprising:
a first code sequence configured to perform a first integrity check on a first portion of the program while the program is running; a second code sequence configured to perform a second integrity check on a second portion of the program while the program is running; wherein the first portion of the program and the second portion of the program overlap at least in part, and wherein the integrity of the first code sequence is checked by at least one code sequence and the integrity of the second code sequence is checked by at least one code sequence.
- 17. A self-checking program as in claim 16, in which the first code sequence is further configured to trigger a first tamper response mechanism if the first integrity check indicates that the program has been improperly modified, and in which the second code sequence is further configured to trigger a second tamper response mechanism if the second integrity check indicates that the program has been improperly modified.
- 18. A self-checking program as in claim 17, in which the first tamper response mechanism and the second tamper response mechanism are the same.
- 19. A self-checking program as in claim 16, in which the first integrity check comprises computation of a first hash function of the first portion of the program, and in which the second integrity check comprises computation of a second hash function of the second portion of the program.
- 20. A self-checking program as in claim 19, further comprising:
a first corrector contained within the first portion of the program, the first corrector being assigned a value such that computation of the first hash function results in a first predefined value if the first portion of the program has not been improperly modified.
- 21. The self-checking program of claim 20, further comprising:
a second corrector contained within the second portion of the program, the second corrector being assigned a value such that computation of the second hash function results in a second predefined value if the second portion of the program has not been improperly modified.
- 22. The self-checking program of claim 21, wherein the first and second predefined values are the same.
- 23. The self-checking program of claim 22, wherein the first and second predefined values are different.
- 24. The self-checking program of claim 19, in which the first hash function is different from the second hash function.
- 25. The self-checking program of claim 19, in which the first hash function and the second hash function are relatively lightweight.
- 26. The self-checking program of claim 19, in which the first hash function and the second hash function are relatively easily invertible.
- 27. The self-checking program of claim 19, in which the first hash function and the second hash function are summarizable.
- 28. The self-checking program of claim 19, in which the first hash function and the second hash function comprise chained linear hash functions.
RELATED APPLICATIONS
[0001] This application claims priority from U.S. Provisional Patent Application Serial No. 60/297,451, entitled “Software Self-Checking Systems and Methods,” filed Jun. 13, 2001, which is hereby incorporated by reference.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60297451 |
Jun 2001 |
US |