JP5945313B2 - 構造体を生成する方法および対応する構造体 - Google Patents
構造体を生成する方法および対応する構造体 Download PDFInfo
- Publication number
- JP5945313B2 JP5945313B2 JP2014232087A JP2014232087A JP5945313B2 JP 5945313 B2 JP5945313 B2 JP 5945313B2 JP 2014232087 A JP2014232087 A JP 2014232087A JP 2014232087 A JP2014232087 A JP 2014232087A JP 5945313 B2 JP5945313 B2 JP 5945313B2
- Authority
- JP
- Japan
- Prior art keywords
- ovm
- processor
- specific
- source code
- identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims description 32
- 238000012545 processing Methods 0.000 claims description 5
- 230000006870 function Effects 0.000 description 7
- 101100064323 Arabidopsis thaliana DTX47 gene Proteins 0.000 description 3
- 101150026676 SID1 gene Proteins 0.000 description 3
- 238000003860 storage Methods 0.000 description 3
- 230000003044 adaptive effect Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 101000840469 Arabidopsis thaliana Isochorismate synthase 1, chloroplastic Proteins 0.000 description 1
- 101000609957 Homo sapiens PTB-containing, cubilin and LRP1-interacting protein Proteins 0.000 description 1
- 101150109471 PID2 gene Proteins 0.000 description 1
- 102100039157 PTB-containing, cubilin and LRP1-interacting protein Human genes 0.000 description 1
- 238000010367 cloning Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/51—Source to source
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/76—Adapting program code to run in a different environment; Porting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Business, Economics & Management (AREA)
- Computer Networks & Wireless Communication (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Description
OVMxy=コンパイル[PIDx、VMSy、マップ(PIDx、SIDx)]
この関数において、PIDxは、その秘密識別子が現在のOVMをコンパイルするために使用されるOVMのパブリック識別子を表し、VMSyは現在のOVMのソースコードを表し、SIDxは秘密識別子を表す。
OVMxy=コンパイル[PIDx、VMSy、PIN、マップ(PIDx、SIDx)]
OVMxy=コンパイル[PIDx、VMSy、FPT、マップ(PIDx、SIDx)]
CID プロセッサ識別子
OVM0 難読化仮想マシン
OVM01 難読化仮想マシン
OVM02 難読化仮想マシン
OVM011 難読化仮想マシン
OVM012 難読化仮想マシン
OVM021 難読化仮想マシン
OVM01x 難読化仮想マシン
OVM02x 難読化仮想マシン
PID0 パブリック識別子
PID1 パブリック識別子
PID2 パブリック識別子
SID0 秘密識別子
SID1 秘密識別子
SID2 秘密識別子
FLASH 不揮発性メモリ
ROM 読み取り専用メモリ
RAM ランダムアクセスメモリ
PIN 個人識別番号
OS1 オペレーティングシステム
OS2 オペレーティングシステム
SE セキュア素子
Claims (14)
- コンピューティングデバイスにより少なくとも一つの仮想マシンを含む構造体を生成する方法であって、
第1仮想マシンソースコードを難読化して、第1OVM(難読化仮想マシン)ソースコードを生成するステップと、
プロセッサ識別子を前記第1OVMソースコードと関連付けて、プロセッサ固有の第1OVMソースコードを生成するステップと、
前記プロセッサ固有の第1OVMソースコードをコンパイルして、プロセッサ固有の第1OVMを生成するステップと
第2仮想マシンソースコードを難読化して、第2OVMソースコードを生成するステップと、
前記プロセッサ固有の第1OVMの秘密識別子を前記第2OVMソースコードと関連付けて、プロセッサ固有の第2OVMソースコードを生成するステップと、
前記プロセッサ固有の第2OVMソースコードをコンパイルして、プロセッサ固有の第2OVMを生成するステップと
を含む方法。 - 前記プロセッサ固有の第1OVMソースコードをコンパイルする際に、前記秘密識別子を乱数発生器によって生成する、請求項1に記載の方法。
- 前記秘密識別子をデータベースのエントリに格納し、該エントリに、前記秘密識別子の検索を容易にするために、前記プロセッサ固有の第1OVMのパブリック識別子も格納する、請求項2に記載の方法。
- 前記プロセッサ固有の第1OVMの秘密識別子を前記第2OVMソースコードと関連付けるステップに加え、ユーザ識別子を前記第2OVMソースコードと関連付けて、プロセッサおよびユーザ固有の第2OVMソースコードを生成するステップと、
前記プロセッサおよびユーザ固有の第2OVMソースコードをコンパイルして、プロセッサおよびユーザ固有の第2OVMを生成するステップと
をさらに含む、請求項1乃至請求項3のいずれか一項に記載の方法。 - 前記ユーザ識別子は個人識別番号を含む、請求項4に記載の方法。
- 前記ユーザ識別子は前記ユーザの生体特徴を含む、請求項4または請求項5に記載の方法。
- オペレーティングシステムコンポーネントを前記第2OVMに組み込むステップをさらに含む、請求項1乃至請求項6のいずれか一項に記載の方法。
- 生成される各々のOVMに、プロセッサ固有のOVMのツリーを構築するステップと、
プロセッサ固有の既存のOVMの秘密識別子を、生成される次のOVMのOVMソースコードに関連付け、プロセッサ固有の次のOVMソースコードを生成するステップであって、前記プロセッサ固有の既存のOVMは、前記ツリー内において次の生成OVMよりも1レベル高い、ステップと、
前記プロセッサ固有の次のOVMソースコードをコンパイルして、プロセッサ固有の次のOVMを生成するステップと
をさらに含む、請求項1乃至請求項7のいずれか一項に記載の方法。 - モノトニックカウンタを構造体に組み込むステップをさらに含む、請求項1乃至請求項8のいずれか一項に記載の方法。
- 前記プロセッサ識別子は、前記コンピューティングデバイスに含まれる読み取り専用メモリマスクまたは前記コンピューティングデバイスに含まれるワンタイムプログラマブルビットから検索され、前記コンピューティングデバイスは前記プロセッサ識別子によって識別されるプロセッサを含む、請求項1乃至請求項9のいずれか一項に記載の方法。
- 請求項1乃至請求項10のいずれか一項に記載の方法によって生成される構造体。
- 少なくとも一つの仮想マシンがセキュア素子に割り当てられる、請求項11に記載の構造体。
- 請求項11または請求項12に記載の構造体を含む、支払い処理をサポートするコンピューティングデバイス、特にモバイルデバイス。
- 前記プロセッサ固有の第1OVMの格納された読み取り専用メモリを含む、請求項13に記載のコンピューティングデバイス。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP13290290.9 | 2013-11-21 | ||
EP13290290.9A EP2876593B1 (en) | 2013-11-21 | 2013-11-21 | Method of generating a structure and corresponding structure |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2015103253A JP2015103253A (ja) | 2015-06-04 |
JP5945313B2 true JP5945313B2 (ja) | 2016-07-05 |
Family
ID=49841612
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2014232087A Expired - Fee Related JP5945313B2 (ja) | 2013-11-21 | 2014-11-14 | 構造体を生成する方法および対応する構造体 |
Country Status (4)
Country | Link |
---|---|
US (1) | US9563754B2 (ja) |
EP (1) | EP2876593B1 (ja) |
JP (1) | JP5945313B2 (ja) |
CN (1) | CN104657636B (ja) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9116712B2 (en) * | 2013-02-28 | 2015-08-25 | Microsoft Technology Licensing, Llc | Compile based obfuscation |
US20160379131A1 (en) * | 2015-06-26 | 2016-12-29 | Nxp B.V. | Fuzzy opaque predicates |
US10503576B2 (en) * | 2016-02-19 | 2019-12-10 | International Business Machines Corporation | Maintaining core dump privacy during application fault handling |
US10671758B2 (en) * | 2017-08-30 | 2020-06-02 | Micro Focus Llc | Redacting core dumps by identifying modifiable parameters |
CN109858265B (zh) * | 2018-11-22 | 2022-01-28 | 海光信息技术股份有限公司 | 一种加密方法、装置及相关设备 |
CN110135133B (zh) * | 2019-04-19 | 2021-08-17 | 佛山市微风科技有限公司 | 一种面向微控制器的压缩整合式源代码混淆方法及系统 |
US11354267B1 (en) * | 2021-01-11 | 2022-06-07 | Lilac Cloud, Inc. | Compiler for a command-aware hardware architecture |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH02138622A (ja) * | 1988-08-03 | 1990-05-28 | Nec Corp | マイクロプロセッサ |
US6598166B1 (en) * | 1999-08-18 | 2003-07-22 | Sun Microsystems, Inc. | Microprocessor in which logic changes during execution |
US7539875B1 (en) * | 2000-06-27 | 2009-05-26 | Microsoft Corporation | Secure repository with layers of tamper resistance and system and method for providing same |
US7178027B2 (en) * | 2001-03-30 | 2007-02-13 | Capital One-Financial Corp. | System and method for securely copying a cryptographic key |
US6694435B2 (en) * | 2001-07-25 | 2004-02-17 | Apple Computer, Inc. | Method of obfuscating computer instruction streams |
WO2004023313A1 (en) * | 2002-09-04 | 2004-03-18 | Fraunhofer Crcg, Inc. | Protecting mobile code against malicious hosts cross references to related applications |
US20050071438A1 (en) * | 2003-09-30 | 2005-03-31 | Shih-Wei Liao | Methods and apparatuses for compiler-creating helper threads for multi-threading |
US8694802B2 (en) * | 2004-04-30 | 2014-04-08 | Apple Inc. | System and method for creating tamper-resistant code |
US8949826B2 (en) * | 2006-10-17 | 2015-02-03 | Managelq, Inc. | Control and management of virtual systems |
US9124650B2 (en) | 2006-12-13 | 2015-09-01 | Quickplay Media Inc. | Digital rights management in a mobile environment |
US8171453B2 (en) * | 2007-05-21 | 2012-05-01 | Microsoft Corporation | Explicit delimitation of semantic scope |
WO2009013673A2 (en) * | 2007-07-20 | 2009-01-29 | Nxp B.V. | Device with a secure virtual machine |
JP2009223638A (ja) * | 2008-03-17 | 2009-10-01 | Hitachi Software Eng Co Ltd | Webアプリケーション向け生体認証システム及び方法 |
WO2010001324A2 (en) | 2008-06-30 | 2010-01-07 | Mominis Ltd | Method of generating and distributing a computer application |
US8434059B2 (en) * | 2009-05-01 | 2013-04-30 | Apple Inc. | Systems, methods, and computer-readable media for fertilizing machine-executable code |
US8677329B2 (en) * | 2009-06-03 | 2014-03-18 | Apple Inc. | Methods and apparatuses for a compiler server |
US20130232198A1 (en) * | 2009-12-21 | 2013-09-05 | Arbitron Inc. | System and Method for Peer-to-Peer Distribution of Media Exposure Data |
JP2011204105A (ja) * | 2010-03-26 | 2011-10-13 | Kddi R & D Laboratories Inc | スクリプト起動プログラム、スクリプト起動プログラムの生成プログラム、およびプログラムセット |
US8443365B2 (en) * | 2010-11-03 | 2013-05-14 | Hewlett-Packard Development Company, L.P. | Methods and systems to clone a virtual machine instance |
EP2482184A1 (en) * | 2011-02-01 | 2012-08-01 | Irdeto B.V. | Adaptive obfuscated virtual machine |
US9513884B2 (en) * | 2011-08-16 | 2016-12-06 | International Business Machines Corporation | Thermal-aware source code compilation |
BR112014016536A8 (pt) * | 2012-01-09 | 2017-07-04 | Koninklijke Philips Nv | dispositivo de máquina virtual; sistema de execução distribuído; método de máquina virtual; e programa de computador |
US9953310B2 (en) * | 2012-05-10 | 2018-04-24 | Mastercard International Incorporated | Systems and method for providing multiple virtual secure elements in a single physical secure element of a mobile device |
US8984542B2 (en) * | 2012-11-30 | 2015-03-17 | Facebook, Inc. | Method and system for binding objects in dynamic programming languages using caching techniques |
-
2013
- 2013-11-21 EP EP13290290.9A patent/EP2876593B1/en active Active
-
2014
- 2014-11-12 CN CN201410645795.1A patent/CN104657636B/zh active Active
- 2014-11-14 JP JP2014232087A patent/JP5945313B2/ja not_active Expired - Fee Related
- 2014-11-20 US US14/549,502 patent/US9563754B2/en active Active
Also Published As
Publication number | Publication date |
---|---|
US9563754B2 (en) | 2017-02-07 |
EP2876593B1 (en) | 2018-09-26 |
CN104657636B (zh) | 2019-01-11 |
EP2876593A1 (en) | 2015-05-27 |
JP2015103253A (ja) | 2015-06-04 |
CN104657636A (zh) | 2015-05-27 |
US20150143533A1 (en) | 2015-05-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5945313B2 (ja) | 構造体を生成する方法および対応する構造体 | |
Zhao et al. | Providing root of trust for ARM TrustZone using on-chip SRAM | |
US10089470B2 (en) | Event-based apparatus and method for securing BIOS in a trusted computing system during execution | |
US11829479B2 (en) | Firmware security verification method and device | |
US8893275B2 (en) | JCVM bytecode execution protection against fault attacks | |
US10084604B2 (en) | Method of programming a smart card, computer program product and programmable smart card | |
US9129113B2 (en) | Partition-based apparatus and method for securing bios in a trusted computing system during execution | |
US9507942B2 (en) | Secure BIOS mechanism in a trusted computing system | |
US9367689B2 (en) | Apparatus and method for securing BIOS in a trusted computing system | |
US20110271350A1 (en) | method for protecting software | |
JP2022009556A (ja) | ソフトウェアコードをセキュアにするための方法 | |
US20220108018A1 (en) | Identity and Root Keys Derivation Scheme for Embedded Devices | |
Gupta et al. | Marlin: Mitigating code reuse attacks using code randomization | |
US11829464B2 (en) | Apparatus and method for authentication of software | |
Cyr et al. | Low-cost and secure firmware obfuscation method for protecting electronic systems from cloning | |
US10523418B2 (en) | Providing access to a hardware resource based on a canary value | |
US10049217B2 (en) | Event-based apparatus and method for securing bios in a trusted computing system during execution | |
US8010773B2 (en) | Hardware constrained software execution | |
US20240086081A1 (en) | External memory data integrity validation | |
CN115422554B (zh) | 请求处理方法、编译方法和可信计算系统 | |
CN111209572A (zh) | 一种基于加解密的Linux系统安全启动方法及系统 | |
Abadi et al. | On layout randomization for arrays and functions | |
US10055588B2 (en) | Event-based apparatus and method for securing BIOS in a trusted computing system during execution | |
Yadav | SECURE BOOTLOADER IN EMBEDDED SYSTEM USING MISRA-C | |
US10095868B2 (en) | Event-based apparatus and method for securing bios in a trusted computing system during execution |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20151116 |
|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20151124 |
|
A521 | Written amendment |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20160126 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20160517 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20160527 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 5945313 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |