EP3234843A1 - Method for providing a security-critical software application on a computer unit - Google Patents

Method for providing a security-critical software application on a computer unit

Info

Publication number
EP3234843A1
EP3234843A1 EP15816668.6A EP15816668A EP3234843A1 EP 3234843 A1 EP3234843 A1 EP 3234843A1 EP 15816668 A EP15816668 A EP 15816668A EP 3234843 A1 EP3234843 A1 EP 3234843A1
Authority
EP
European Patent Office
Prior art keywords
software application
computer unit
code
software
mobile terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP15816668.6A
Other languages
German (de)
French (fr)
Inventor
Daniel Albert
Frank Schäfer
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Build38 GmbH
Original Assignee
Giesecke and Devrient Mobile Security GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giesecke and Devrient Mobile Security GmbH filed Critical Giesecke and Devrient Mobile Security GmbH
Publication of EP3234843A1 publication Critical patent/EP3234843A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1015Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to users
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Definitions

  • the invention relates to a method for providing a safety-critical software application on a computer unit.
  • the invention relates to a method for providing a security-critical Java application on a mobile terminal. Background of the invention
  • Mobile terminals for example in the form of smartphones or tablet computers, are increasingly being used to carry out digital transactions, for example cashless payment at an NFC terminal or the purchase of a product or service from an online mail order company.
  • a software application implemented on the mobile terminal usually interacts with a terminal or server.
  • a cryptographic algorithm e.g. an encryption algorithm
  • part of the software application implemented on the mobile terminal which accesses security-critical data, e.g. PINs, passwords, keys, etc., accesses.
  • security-critical data has generally been deposited on an independent security element of the mobile terminal in the form of a removable SIM card from the mobile terminal in order to protect it against an attack by unauthorized persons.
  • An approach that can be advantageously used, in particular, when carrying out digital transactions with a mobile terminal that does not have an independent security element for securely storing security-critical data is based on the idea of security-critical software applications and data contained therein by means of software measures to protect from an attacker.
  • One of these software measures is to make a software application more resistant to attacks by obfuscating the software application's program code so that an attacker who has access to that program code can do virtually nothing with it.
  • the Java code obfuscator "ProGuard" may be mentioned here
  • a method for providing a software application on a computer unit comprises the following steps: performing an AOT compilation of the software application in the form of bytecode in order to generate assembler code from the bytecode of the software application; obfuscating the assembly code of the software application; setting the obfuscated assembler code of the software application in a software distribution platform; and downloading the obfuscated assembler code to the computer unit.
  • the software application is a Java application or one in the form of an interpreted language that is executed or interpreted in a virtual machine.
  • the software distribution platform is the Google Play Store.
  • the computer unit is operated with the operating system Android (version 4.4 or higher).
  • different assembly codes for different processor architectures are set in the software distribution platform.
  • the computer unit is a mobile terminal.
  • FIG. 1 shows a schematic representation of a communication system with a computer unit in the form of a mobile terminal, in which the present invention is advantageously used
  • FIG. 2 shows a conventional method for providing a safety-critical software application on the mobile terminal of FIG. 1, and a preferred embodiment of FIG Method for providing a safety-critical software application on the mobile terminal of FIG. 1.
  • FIG. 1 shows a schematic representation of an exemplary communication system 10, in which the invention can be used advantageously.
  • the communication system 10 comprises a computer unit 20 in the form of a mobile terminal, preferably in the form of a smartphone or a tablet computer.
  • the mobile terminal 20 is configured to communicate with a server or terminal 60 via a communication channel 50.
  • the communication channel 50 may, for example, be the Internet, a mobile radio network, an NFC channel or the like.
  • the server 60 could be a NFC terminal of a service provider, with which a software application, for example the software application 34, carries out transactions on the mobile terminal 20.
  • ren for example, a payment transaction in which the software application on the mobile terminal device 20 handles a payment process.
  • the mobile terminal 20 has a chip 22 with a central processing unit (CPU), for example, in the form of a microprocessor 24.
  • CPU central processing unit
  • the primary tasks of the processor 24 include performing arithmetic and logic functions and reading and writing data elements as defined by a software application running on the processor 24.
  • a preferred hardware and software architecture of the processor 24 in Figure 1 outside the mobile terminal 20 is shown again schematically in detail.
  • the processor 24 is in communication with a memory unit 26, which preferably comprises a volatile random access memory (RAM), for example for receiving the program code of a software application to be executed by the processor 24.
  • the memory unit 26 further comprises a non-volatile, preferably rewritable memory, for example, to receive the program code of a software application to be executed by the processor 24 in the de-energized state of the mobile terminal.
  • the nonvolatile, rewritable memory is preferably a flash memory (flash EEPROM). This may be, for example, a flash memory with a NAND or a NOR architecture.
  • the memory unit 26 may also comprise a read-only memory (ROM).
  • ROM read-only memory
  • a runtime environment 32 is implemented in the processor 24 at runtime, which depends on hardware-related functionality. can be accessed by an operating system 30.
  • the operating system 30 is the Android operating system and the runtime environment 32 is the runtime environment "Android Runtime (ART)".
  • the runtime environment 32 is implemented in such a way that at least one software application 34 can be executed therein.
  • the software application 34 is a Java application.
  • the program code of the operating system 30, the runtime environment 32 and / or the software application 34 may be stored in a non-volatile area of the memory unit 26.
  • FIG. 2 shows the sequence of a conventional method for providing the software application 34 on the mobile terminal 20, wherein the software application 34 is a Java application.
  • the Java application 34 is created, i. the program or source code of the Java application 34 is written.
  • step SDT2 of FIG. 2 obfuscation measures of the program or source code of the Java application 34 can now be undertaken. Due to the form in which the program code of the Java application 34 is present at this time, no strong obfuscation measures can be performed in step SDT2 of FIG.
  • the obfuscated program code of the Java application 34 is set in step SDT3 of Figure 2 in an accessible over the Internet software application distribution platform.
  • the software application distribution platform may, for example, be provided on an Internet server, such as the server 60 of FIG.
  • the software application distribution platform is the Google Play Store.
  • the program code of the Java application 34 can be downloaded to a mobile terminal, such as the mobile terminal 20 of FIG. 1, in step SDT4 of FIG.
  • a mobile terminal such as the mobile terminal 20 of FIG. 1
  • the Java application 34 can be executed by known in the execution on the mobile terminal 20, a JIT compilation ("just in time” compilation).
  • the program code of the Java application 34 takes place (see step SDT5 of FIG. 2).
  • FIG. 3 shows the sequence of a preferred embodiment of a method according to the invention for providing the software application 34 on the mobile terminal 20, wherein the software application 34 is preferably a Java application.
  • the Java application 34 is created, i. the program or source code of the Java application 34 is written.
  • an AOT compilation ("" ahead of time "compilation") of the program code of the Java application 34 already takes place in step S2 of FIG. 3.
  • the program code of the Java application 34 now in assembler, ie as assembler code (also called "native code").
  • the Java application 34 which is now present in assembler code, is obfuscated in step S3 of FIG.
  • step S3 of FIG. Byte code and assembler code significantly more effective obfuscation measures can be taken than is possible in step SDT2 of the method of Figure 2.
  • steps S 1 to S 3 of FIG. 3 can be carried out in a development environment, for example in the developer of the Java application 34.
  • the assembly code of the Java application 34 After the assembly code of the Java application 34 has been obfuscated in step S3 of FIG. 3, it can be set in step S4 of FIG. 3 into a software application distribution platform accessible via the Internet.
  • the software application distribution platform may, for example, be provided on an Internet server, such as the server 60 of FIG.
  • the software application distribution platform is the Google Play Store.
  • the assembly code of the Java application 34 can be downloaded in step S5 of Figure 3 to a mobile terminal, such as the mobile terminal 20 of Figure 1, down.
  • the Java application 34 can be executed by executing the assembly code of the Java application 34 (see step S6 of FIG. 3).
  • the person skilled in the art will recognize that the provision of the Java application 34 on the software application distribution platform in the form of assembly code can make it necessary for mobile terminals with different processor architectures and processor versions to have correspondingly different versions of the Java application 34 in the form must be held by assembler code.
  • the person skilled in the art will recognize that due to the differences between Java byte code and assembler code in the inventive method according to FIG. 3, significantly more effective obfuscation measures can advantageously be used than in the case of the conventional method according to FIG.

Abstract

A method for providing a software application on a computer unit is provided. In this case, the method comprises the following steps: performing AOT compilation of the software application available in the form of source code in order to generate assembly code from the source code of the software application; obfuscating the assembly code of the software application; uploading the obfuscated assembly code of the software application to a software distribution platform; and downloading the obfuscated assembly code to the computer unit. In addition, a corresponding computer unit is provided.

Description

Verfahren zum Bereitstellen einer sicherheitskritischen  Method for providing a safety-critical
Softwareapplikation auf einer Computereinheit  Software application on a computer unit
Gebiet der Erfindung Field of the invention
Die Erfindung betrifft ein Verfahren zum Bereitstellen einer sicherheitskritischen Softwareapplikation auf einer Computereinheit. Insbesondere betrifft die Erfindung ein Verfahren zum Bereitstellen einer sicherheitskritischen Java- Applikation auf einem mobilen Endgerät. Hintergrund der Erfindung The invention relates to a method for providing a safety-critical software application on a computer unit. In particular, the invention relates to a method for providing a security-critical Java application on a mobile terminal. Background of the invention
Mehr und mehr werden mobile Endgeräte, beispielsweise in Form von Smartphones oder Tablet-Computern, dazu verwendet, digitale Transaktionen durchzuführen, beispielsweise das bargeldlose Bezahlen an einem NFC- Terminal oder der Kauf einer Ware oder einer Dienstleistung bei einem On- line- Versandhändler. Bei der Durchführung einer solchen digitalen Transaktion interagiert in der Regel eine auf dem mobilen Endgerät implementierte Softwareapplikation (kurz " App" genannt) mit einem Terminal bzw. Server. Dabei ist häufig ein kryptographischer Algorithmus, z.B. ein Verschlüsselungsalgorithmus, Teil der auf dem mobilen Endgerät implementierten Softwareapplikation, die auf sicherheitskritische Daten, z.B. PINs, Passwörter, Schlüssel etc., zugreift. In der Vergangenheit sind sicherheitskritische Daten in der Regel auf einem eigenständigen Sicherheitselement des mobilen Endgeräts häufig in Form einer aus dem mobilen Endgerät herausnehmbaren SIM-Karte hinterlegt worden, um diese vor einem Angriff durch unbe- fugte Person zu schützen.  Mobile terminals, for example in the form of smartphones or tablet computers, are increasingly being used to carry out digital transactions, for example cashless payment at an NFC terminal or the purchase of a product or service from an online mail order company. In carrying out such a digital transaction, a software application implemented on the mobile terminal (called "app" for short) usually interacts with a terminal or server. Often, a cryptographic algorithm, e.g. an encryption algorithm, part of the software application implemented on the mobile terminal, which accesses security-critical data, e.g. PINs, passwords, keys, etc., accesses. In the past, security-critical data has generally been deposited on an independent security element of the mobile terminal in the form of a removable SIM card from the mobile terminal in order to protect it against an attack by unauthorized persons.
Ein Ansatz, der insbesondere bei der Durchführung von digitalen Transaktionen mit einem mobilen Endgerät vorteilhaft eingesetzt werden kann, das kein eigenständiges Sicherheitselement zum sicheren Speichern von sicher- heitskritischen Daten aufweist, basiert auf der Idee sicherheitskritische Softwareapplikationen und darin enthaltene Daten mittels Softwaremaßnahmen vor einem Angreifer zu schützen. Eine dieser Softwaremaßnahmen besteht darin, eine Softwareapplikation dadurch resistenter gegen Angriffe zu machen, dass der Programmcode der Softwareapplikation obfuskiert bzw. verschleiert wird, so dass ein Angreifer, der Zugriff auf diesen Programmcode hat, mit diesem praktisch nichts anfangen kann. Beispielhaft sei hier der Ja- va-Code-Obfuskator "ProGuard" genannt, der unter der Adresse An approach that can be advantageously used, in particular, when carrying out digital transactions with a mobile terminal that does not have an independent security element for securely storing security-critical data is based on the idea of security-critical software applications and data contained therein by means of software measures to protect from an attacker. One of these software measures is to make a software application more resistant to attacks by obfuscating the software application's program code so that an attacker who has access to that program code can do virtually nothing with it. As an example, the Java code obfuscator "ProGuard" may be mentioned here
http:/ / developer.android.com/tools/help/ proguard.html im WWW erhältlich ist. Es ist Aufgabe der vorliegenden Erfindung, ein Verfahren zum Bereitstellen einer sicherheitskritischen Softwareapplikation für eine Computereinheit, vorzugsweise ein mobiles Endgerät, bereitzustellen. http: / / developer.android.com/tools/help/ proguard.html is available on the WWW. It is an object of the present invention to provide a method for providing a safety-critical software application for a computer unit, preferably a mobile terminal.
Zusammenfassung der Erfindung Summary of the invention
Die vorstehende Aufgabe wird gemäß der vorliegenden Erfindung durch den jeweiligen Gegenstand der unabhängigen Ansprüche gelöst. Bevorzugte Ausgestaltungen der Erfindung werden in den abhängigen Ansprüchen definiert. Gemäß einem ersten Aspekt der Erfindung wird ein Verfahren zum Bereitstellen einer Softwareapplikation auf einer Computereinheit zur Verfügung gestellt. Dabei umfasst das Verfahren die folgenden Schritte: das Durchführen einer AOT-Kompilierung der in Form von Bytecode vorliegenden Softwareapplikation, um aus dem Bytecode der Softwareapplikation Assembler- code zu erzeugen; das Obfuskieren des Assemblercodes der Softwareapplikation; das Einstellen des obfuskierten Assemblercodes der Softwareapplikation in einer Softwareverteilerplattform; und das Herunterladen des obfuskierten Assemblercodes auf die Computereinheit. Vorzugsweise handelt es sich bei der Softwareapplikation um eine Java- Applikation oder eine in Form einer interpretierten Sprache die in einer Virtuellen Machine ausgeführt bzw. interpretiert wird. Gemäß bevorzugter Ausführungsformen der Erfindung handelt es sich bei der Softwareverteilerplattform um den Google Play Store. The above object is solved according to the present invention by the respective subject matter of the independent claims. Preferred embodiments of the invention are defined in the dependent claims. According to a first aspect of the invention, a method for providing a software application on a computer unit is provided. The method comprises the following steps: performing an AOT compilation of the software application in the form of bytecode in order to generate assembler code from the bytecode of the software application; obfuscating the assembly code of the software application; setting the obfuscated assembler code of the software application in a software distribution platform; and downloading the obfuscated assembler code to the computer unit. Preferably, the software application is a Java application or one in the form of an interpreted language that is executed or interpreted in a virtual machine. According to preferred embodiments of the invention, the software distribution platform is the Google Play Store.
Vorzugsweise wird die Computereinheit mit dem Betriebssystem Android (Version 4.4 oder höher) betrieben. Preferably, the computer unit is operated with the operating system Android (version 4.4 or higher).
Gemäß bevorzugter Ausführungsformen der Erfindung werden unterschiedliche Assemblercodes für unterschiedliche Prozessorarchitekturen in die Softwareverteilerplattform eingestellt. Gemäß einem zweiten Aspekt der Erfindung wird eine Computereinheit bereitgestellt, auf der einen Softwareapplikation nach einem Verfahren gemäß dem ersten Aspekt der Erfindung bereitgestellt worden ist. According to preferred embodiments of the invention, different assembly codes for different processor architectures are set in the software distribution platform. According to a second aspect of the invention, there is provided a computer unit on which a software application has been provided by a method according to the first aspect of the invention.
Gemäß bevorzugter Ausführungsformen der Erfindung handelt es sich bei der Computereinheit um ein mobiles Endgerät handelt. According to preferred embodiments of the invention, the computer unit is a mobile terminal.
Wie der Fachmann erkennt, lassen sich die vorstehend beschriebenen bevorzugten Ausgestaltungen sowohl im Rahmen des ersten Aspekts der Erfindung, d.h. im Rahmen des Verfahrens zum Bereitstellen einer Software- applikation auf einer Computereinheit, als auch im Rahmen des zweiten Aspekts der Erfindung, d.h. im Rahmen einer solchen Computereinheit, vorteilhaft implementieren. Weitere Merkmale, Vorteile und Aufgaben der Erfindung gehen aus der folgenden detaillierten Beschreibung mehrerer Ausführungsbeispiele und Ausführungsalternativen hervor. Es wird auf die Zeichnung verwiesen, in denen zeigen: As those skilled in the art will appreciate, the preferred embodiments described above can be both within the scope of the first aspect of the invention, ie in the context of the method for providing a software application on a computer unit, as well as in the context of the second aspect of the invention, ie Such a computer unit, implement advantageous. Other features, advantages and objects of the invention will be apparent from the following detailed description of several embodiments and alternative embodiments. Reference is made to the drawing, in which:
Fig. 1 eine schematische Darstellung eines Kommunikationssystems mit einer Computereinheit in Form eines mobilen Endgeräts, bei dem die vorliegende Erfindung vorteilhaft eingesetzt werden, Fig. 2 ein herkömmliches Verfahren zum Bereitstellen einer sicherheitskritischen Softwareapplikation auf dem mobilen Endgerät von Figur 1, und eine bevorzugte Ausführungsform eines Verfahrens zum Bereitstellen einer sicherheitskritischen Softwareapplikation auf dem mobilen Endgerät von Figur 1. 1 shows a schematic representation of a communication system with a computer unit in the form of a mobile terminal, in which the present invention is advantageously used, FIG. 2 shows a conventional method for providing a safety-critical software application on the mobile terminal of FIG. 1, and a preferred embodiment of FIG Method for providing a safety-critical software application on the mobile terminal of FIG. 1.
Figur 1 zeigt eine schematische Darstellung eines beispielhaften Kommunikationssystems 10, bei dem die Erfindung vorteilhaft zum Einsatz kommen kann. Das Kommunikationssystem 10 umfasst eine Computereinheit 20 in Form eines mobilen Endgeräts, vorzugsweise in Form eines Smartphones oder eines Tablet-Computers. Das mobile Endgerät 20 ist dazu ausgestaltet, über einen Kommunikationskanal 50 mit einem Server bzw. einem Terminal 60 zu kommunizieren. Bei dem Kommunikationskanal 50 kann es sich bei- spielsweise um das Internet, ein Mobilfunknetzwerk, einen NFC-Kanal oder dergleichen handeln. Der Server 60 könnte ein NFC-Terminal eines Service- Anbieters sein, mit dem eine Softwareapplikation, beispielsweise die Softwareapplikation 34, auf dem mobilen Endgerät 20 Transaktionen durchfüh- ren kann, z.B. eine Payment-Transaktion, bei dem die Softwareapplikation auf dem mobilen End gerät 20 einen Bezahlvorgang abwickelt. Figure 1 shows a schematic representation of an exemplary communication system 10, in which the invention can be used advantageously. The communication system 10 comprises a computer unit 20 in the form of a mobile terminal, preferably in the form of a smartphone or a tablet computer. The mobile terminal 20 is configured to communicate with a server or terminal 60 via a communication channel 50. The communication channel 50 may, for example, be the Internet, a mobile radio network, an NFC channel or the like. The server 60 could be a NFC terminal of a service provider, with which a software application, for example the software application 34, carries out transactions on the mobile terminal 20. ren, for example, a payment transaction in which the software application on the mobile terminal device 20 handles a payment process.
Das mobile Endgerät 20 verfügt über einen Chip 22 mit einer zentralen Ver- arbeitungseinheit ("central processing unit"; CPU) beispielsweise in Form eines Mikroprozessors 24. Bekanntermaßen gehören zu den primären Aufgaben des Prozessors 24 das Ausführen von arithmetischen und logischen Funktionen und das Lesen und Schreibe von Datenelementen, wie dies durch eine auf dem Prozessor 24 ablaufende Softwareapplikation definiert wird. Der Übersichtlichkeit halber ist eine bevorzugte Hardware- und Software-Architektur des Prozessors 24 in Figur 1 außerhalb des mobilen Endgeräts 20 noch einmal schema tisch im Detail dargestellt. The mobile terminal 20 has a chip 22 with a central processing unit (CPU), for example, in the form of a microprocessor 24. As is well known, the primary tasks of the processor 24 include performing arithmetic and logic functions and reading and writing data elements as defined by a software application running on the processor 24. For the sake of clarity, a preferred hardware and software architecture of the processor 24 in Figure 1 outside the mobile terminal 20 is shown again schematically in detail.
Der Prozessor 24 steht in Kommunikationsverbindung mit einer Speicher- einheit 26, die vorzugsweise einen flüchtigen Arbeitsspeicher (RAM) beispielsweise zur Aufnahme des Programmcodes einer von dem Prozessor 24 auszuführenden Softwareapplikation umfasst. Vorzugsweise umfasst die Speichereinheit 26 ferner einen nichtflüchtigen, vorzugsweise wieder beschreibbaren Speicher, um beispielsweise im unbestromten Zustand des mo- bilen Endgeräts den Programmcode einer von dem Prozessor 24 auszuführenden Softwareapplikation aufzunehmen. Vorzugsweise handelt es sich bei dem nichtflüchtigen, wieder beschreibbaren Speicher um einen Flash- Speicher (Flash-EEPROM). Dabei kann es sich beispielsweise um einen Flash-Speicher mit einer NAND- oder einer NOR- Architektur handeln. The processor 24 is in communication with a memory unit 26, which preferably comprises a volatile random access memory (RAM), for example for receiving the program code of a software application to be executed by the processor 24. Preferably, the memory unit 26 further comprises a non-volatile, preferably rewritable memory, for example, to receive the program code of a software application to be executed by the processor 24 in the de-energized state of the mobile terminal. The nonvolatile, rewritable memory is preferably a flash memory (flash EEPROM). This may be, for example, a flash memory with a NAND or a NOR architecture.
Selbstverständlich kann die Speichereinheit 26 auch einen Festwertspeicher ("read only memory"; ROM) umfassen. Of course, the memory unit 26 may also comprise a read-only memory (ROM).
Wie in Figur 1 schematisch dargestellt ist, ist in dem Prozessor 24 zur Laufzeit eine Laufzeitumgebung 32 implementiert, die auf hardwarenahe Funkti- onen zugreifen kann, die von einem Betriebssystem 30 bereitgestellt werden. Gemäß bevorzugter Ausführungsformen der Erfindung handelt es sich bei dem Betriebssystem 30 um das Android-Betriebssystem und bei der Laufzeitumgebung 32 um die Laufzeitumgebung "Android Runtime (ART)". Die Laufzeitumgebung 32 ist derart implementiert, dass in dieser wenigstens eine Softwareapplikation 34 ausgeführt werden kann. Vorzugsweise handelt es sich bei der Softwareapplikation 34 um eine Java- Applikation. Wie dies der Fachmann erkennt, kann der Programmcode des Betriebssystems 30, der Lauf zeitumgebung 32 und/ oder der Softwareapplikation 34 in einem nicht- flüchtigen Bereich der Speichereinheit 26 hinterlegt sein. As schematically illustrated in FIG. 1, a runtime environment 32 is implemented in the processor 24 at runtime, which depends on hardware-related functionality. can be accessed by an operating system 30. According to preferred embodiments of the invention, the operating system 30 is the Android operating system and the runtime environment 32 is the runtime environment "Android Runtime (ART)". The runtime environment 32 is implemented in such a way that at least one software application 34 can be executed therein. Preferably, the software application 34 is a Java application. As those skilled in the art will recognize, the program code of the operating system 30, the runtime environment 32 and / or the software application 34 may be stored in a non-volatile area of the memory unit 26.
Figur 2 zeigt den Ablauf eines herkömmlichen Verfahrens zum Bereitstellen der Softwareapplikation 34 auf dem mobilen Endgerät 20, wobei es sich bei der Softwareapplikation 34 um eine Java- Applikation handelt. Zunächst wird in einem ersten Schritt SDT1 von Figur 2 die Java- Applikation 34 erstellt, d.h. der Programm- bzw. Quellcode der Java- Applikation 34 geschrieben. Im Schritt SDT2 von Figur 2 können nun Obfuskierungsmaßnahmen des programm- bzw. Quellcodes der Java- Applikation 34 vorgenommen werden. Aufgrund der Form, in der der Programmcode der Java- Applikation 34 zu diesem Zeitpunkt vorliegt, können im Schritt SDT2 von Figur 2 keine starken Obfuskierungsmaßnahmen vorgenommen werden. FIG. 2 shows the sequence of a conventional method for providing the software application 34 on the mobile terminal 20, wherein the software application 34 is a Java application. First, in a first step SDT1 of Figure 2, the Java application 34 is created, i. the program or source code of the Java application 34 is written. In step SDT2 of FIG. 2, obfuscation measures of the program or source code of the Java application 34 can now be undertaken. Due to the form in which the program code of the Java application 34 is present at this time, no strong obfuscation measures can be performed in step SDT2 of FIG.
Nachdem der Programmcode der Java- Applikation 34 in Schritt SDT2 so gut wie möglich obfuskiert worden ist, wird der obfuskierte Programmcode der Java- Applikation 34 in Schritt SDT3 von Figur 2 in eine über das Internet zugängliche Softwareapplikationsverteilerplattform eingestellt. Die Soft- wareapplikationsverteilerplattform kann beispielsweise auf einem Internet- Server, wie dem Server 60 von Figur 1, bereitgestellt werden. Vorzugsweise handelt es sich bei der Softwareapplikationsverteilerplattform um den Google Play Store. After the program code of the Java application 34 has been obfuscated as well as possible in step SDT2, the obfuscated program code of the Java application 34 is set in step SDT3 of Figure 2 in an accessible over the Internet software application distribution platform. The software application distribution platform may, for example, be provided on an Internet server, such as the server 60 of FIG. Preferably For example, the software application distribution platform is the Google Play Store.
Von der Softwareapplikationsverteilerplattform kann der Programmcode der Java- Applikation 34 in Schritt SDT4 von Figur 2 auf ein mobiles Endgerät, wie beispielsweise das mobile Endgerät 20 von Figur 1, herunter geladen werden. Sobald der Programmcode der Java- Applikation 34 auf das mobile Endgerät 20 herunter geladen worden ist, kann die Java- Applikation 34 ausgeführt werden, indem bei der Ausführung auf dem mobilen Endgerät 20 bekanntermaßen eine JIT-Kompilierung ("Just in time"-Kompilierung) des Programmcodes der Java- Applikation 34 erfolgt (siehe Schritt SDT5 von Figur 2). From the software application distribution platform, the program code of the Java application 34 can be downloaded to a mobile terminal, such as the mobile terminal 20 of FIG. 1, in step SDT4 of FIG. Once the program code of the Java application 34 has been downloaded to the mobile terminal 20, the Java application 34 can be executed by known in the execution on the mobile terminal 20, a JIT compilation ("just in time" compilation). the program code of the Java application 34 takes place (see step SDT5 of FIG. 2).
Figur 3 zeigt den Ablauf einer bevorzugten Ausführungsform eines erfin- dungsgemäßen Verfahrens zum Bereitstellen der Softwareapplikation 34 auf dem mobilen Endgerät 20, wobei es sich bei der Softwareapplikation 34 vorzugsweise um eine Java-Applikation handelt. Zunächst wird im Schritt Sl von Figur 3 die Java- Applikation 34 erstellt, d.h. der Programm- bzw. Quellcode der Java- Applikation 34 geschrieben. Im Gegensatz zum herkömmli- chen Verfahren von Figur 2 erfolgt nun bereits in Schritt S2 von Figur 3 eine AOT-Kompilierung (""Ahead of time"-Kompilierung") des Programmcodes der Java- Applikation 34. Durch den Schritt der AOT-Kompilierung in Schritt S2 von Figur 3 liegt der Programmcode der Java- Applikation 34 nunmehr in Assembler, d.h. als Assemblercode (auch "native Code" genannt) vor. FIG. 3 shows the sequence of a preferred embodiment of a method according to the invention for providing the software application 34 on the mobile terminal 20, wherein the software application 34 is preferably a Java application. First, in step S1 of Figure 3, the Java application 34 is created, i. the program or source code of the Java application 34 is written. In contrast to the conventional method of FIG. 2, an AOT compilation ("" ahead of time "compilation") of the program code of the Java application 34 already takes place in step S2 of FIG. 3. By the step of the AOT compilation in FIG Step S2 of Figure 3 is the program code of the Java application 34 now in assembler, ie as assembler code (also called "native code").
Erfindungsgemäß wird in Schritt S3 von Figur 3 die nunmehr in Assemblercode vorliegende Java- Applikation 34 obfuksiert. Der Fachmann wird erkennen, dass, da die Java- Applikation 34 nunmehr in Assemblercode vorliegt, in Schritt S3 von Figur 3 aufgrund der Unterschiede zwischen Java- Bytecode und Assemblercode bedeutend wirksamerer Obfuskierungsmaß- nahmen ergriffen werden können, als dies in Schritt SDT2 des Verfahrens von Figur 2 möglich ist. Wie dies in Figur 3 angedeutet ist, können die Schritte Sl bis S3 von Figur 3 in einer Entwicklungsumgebung, beispielswei- se beim Entwickler der Java- Applikation 34, durchgeführt werden. According to the invention, the Java application 34, which is now present in assembler code, is obfuscated in step S3 of FIG. One skilled in the art will recognize that since the Java application 34 is now in assembler code, in step S3 of FIG. Byte code and assembler code significantly more effective obfuscation measures can be taken than is possible in step SDT2 of the method of Figure 2. As indicated in FIG. 3, the steps S 1 to S 3 of FIG. 3 can be carried out in a development environment, for example in the developer of the Java application 34.
Nachdem der Assemblercode der Java- Applikation 34 in Schritt S3 von Figur 3 obfuskiert worden ist, kann dieser in Schritt S4 von Figur 3 in eine über das Internet zugängliche Softwareapplikationsverteilerplattform eingestellt wer- den. Die Softwareapplikationsverteilerplattform kann beispielsweise auf einem Internet-Server, wie dem Server 60 von Figur 1, bereitgestellt werden. Vorzugsweise handelt es sich bei der Softwareapplikationsverteilerplattform um den Google Play Store. Von der Sof twareapplikationsverteilerplattf orm kann der Assemblercode der Java- Applikation 34 in Schritt S5 von Figur 3 auf ein mobiles Endgerät, wie beispielsweise das mobile Endgerät 20 von Figur 1, herunter geladen werden. Sobald der Assemblercode der Java- Applikation 34 auf das mobile End gerät 20 herunter geladen worden ist, kann die Java- Applikation 34 aus- geführt werden, indem der Assemblercode der Java- Applikation 34 abgearbeitet wird (siehe Schritt S6 von Figur 3). Dabei wird der Fachmann erkennen, dass das Vorhalten der Java- Applikation 34 auf der Softwareapplikati- onsverteilerplättf orm in Form von Assemblercode es erförderlich machen kann, dass für mobile Endgeräte mit unterschiedlichen Prozessorarchitektu- ren und Prozessorversionen entsprechend unterschiedliche Versionen der Java- Applikation 34 in Form von Assemblercode vorgehalten werden müssen. Wie vorstehend bereits beschrieben, wird der Fachmann erkennen, dass sich aufgrund der Unterschiede zwischen Java Byte Code und Assemblercode beim erfindungsgemäßen Verfahren gemäß Figur 3 vorteilhafterweise bedeutend wirksamere Obfuskierungsmaßnahmen als beim herkömmlichen Verfahren nach Figur 2 einsetzen lassen. After the assembly code of the Java application 34 has been obfuscated in step S3 of FIG. 3, it can be set in step S4 of FIG. 3 into a software application distribution platform accessible via the Internet. The software application distribution platform may, for example, be provided on an Internet server, such as the server 60 of FIG. Preferably, the software application distribution platform is the Google Play Store. From the Sof twareapplikationsverteilerplattf orm the assembly code of the Java application 34 can be downloaded in step S5 of Figure 3 to a mobile terminal, such as the mobile terminal 20 of Figure 1, down. As soon as the assembly code of the Java application 34 has been downloaded to the mobile terminal 20, the Java application 34 can be executed by executing the assembly code of the Java application 34 (see step S6 of FIG. 3). In this case, the person skilled in the art will recognize that the provision of the Java application 34 on the software application distribution platform in the form of assembly code can make it necessary for mobile terminals with different processor architectures and processor versions to have correspondingly different versions of the Java application 34 in the form must be held by assembler code. As already described above, the person skilled in the art will recognize that due to the differences between Java byte code and assembler code in the inventive method according to FIG. 3, significantly more effective obfuscation measures can advantageously be used than in the case of the conventional method according to FIG.

Claims

P a t e n t a n s p r ü c h e Patent claims
1. Verfahren zum Bereitstellen einer Softwareapplikation (34) auf einer Computereinheit (20), wobei das Verfahren die folgenden Schritte umfasst: das Durchführen einer AOT-Kompilierung der in Form von Quellcode vorliegenden Softwareapplikation (34), um aus dem Quellcode der Softwareapplikation (34) Assemblercode zu erzeugen; A method of providing a software application (34) on a computer unit (20), the method comprising the steps of: performing an AOT compilation of the software application (34) in the form of source code to extract from the source code of the software application (34 ) Generate assembly code;
das Obfuskieren des Assemblercodes der Softwareapplikation (34); das Einstellen des obfuskierten Assemblercodes der Softwareapplikation (34) in einer Softwareverteilerplattform; und  obfuscating the assembly code of the software application (34); setting the obfuscated assembler code of the software application (34) in a software distribution platform; and
das Herunterladen des obfuskierten Assemblercodes auf die Computereinheit (20).  downloading the obfuscated assembler code to the computer unit (20).
2. Verfahren nach Anspruch 1, wobei es sich bei der Softwareapplikation (34) um eine Java- Applikation handelt. 2. The method of claim 1, wherein the software application (34) is a Java application.
3. Verfahren nach Anspruch 1, wobei es sich bei der Softwareverteiler- plattform um den Google Play Store handelt. 3. The method of claim 1, wherein the software distribution platform is the Google Play Store.
4. Verfahren nach Anspruch 1, wobei die Computereinheit (20) mit dem Betriebssystem Android (Version 4.4 oder höher) betrieben wird. 4. The method of claim 1, wherein the computer unit (20) with the operating system Android (version 4.4 or higher) is operated.
5. Verfahren nach Anspruch 1, wobei unterschiedliche Assemblercodes für unterschiedliche Prozessorarchitekturen in die Softwareverteilerplattform eingestellt werden. 5. The method of claim 1, wherein different assembler codes for different processor architectures are set in the software distribution platform.
6. Computereinheit (20), auf der einen Softwareapplikation (34) gemäß einem Verfahren nach einem der vorhergehenden Ansprüche bereitgestellt worden ist. Ί . Computereinheit (20) nach Anspruch 6, wobei es sich bei der Computereinheit (20) um ein mobiles Endgerät handelt. 6. A computer unit (20) on which a software application (34) has been provided according to a method according to one of the preceding claims. Ί. The computer unit (20) of claim 6, wherein the computer unit (20) is a mobile terminal.
EP15816668.6A 2014-12-18 2015-12-17 Method for providing a security-critical software application on a computer unit Withdrawn EP3234843A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102014019090.0A DE102014019090A1 (en) 2014-12-18 2014-12-18 Method for providing a safety-critical software application on a computer unit
PCT/EP2015/002551 WO2016096139A1 (en) 2014-12-18 2015-12-17 Method for providing a security-critical software application on a computer unit

Publications (1)

Publication Number Publication Date
EP3234843A1 true EP3234843A1 (en) 2017-10-25

Family

ID=55024989

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15816668.6A Withdrawn EP3234843A1 (en) 2014-12-18 2015-12-17 Method for providing a security-critical software application on a computer unit

Country Status (4)

Country Link
US (2) US20180276373A1 (en)
EP (1) EP3234843A1 (en)
DE (1) DE102014019090A1 (en)
WO (1) WO2016096139A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102018004996A1 (en) * 2018-06-22 2019-12-24 Build38 Gmbh Checking location information
EP3745287B1 (en) 2019-05-28 2022-03-16 Giesecke+Devrient Mobile Security GmbH Protection of a software application
DE102019004398A1 (en) * 2019-06-21 2020-12-24 Giesecke+Devrient Mobile Security Gmbh Obfuscation of a software application

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8984299B1 (en) * 2013-08-14 2015-03-17 Soongsil University Research Consortium Techno-Park Apparatus for code obfuscation and method thereof

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7430670B1 (en) * 1999-07-29 2008-09-30 Intertrust Technologies Corp. Software self-defense systems and methods
WO2001086372A2 (en) * 2000-05-12 2001-11-15 Xtreamlok Pty. Ltd. Information security method and system
WO2009010338A1 (en) * 2007-07-13 2009-01-22 Siemens Aktiengesellschaft Method for the computer-assisted obfuscation of a software program and computer program product
EP2482184A1 (en) * 2011-02-01 2012-08-01 Irdeto B.V. Adaptive obfuscated virtual machine
US8261231B1 (en) * 2011-04-06 2012-09-04 Media Direct, Inc. Systems and methods for a mobile application development and development platform
CN103324481B (en) * 2013-06-26 2016-08-31 网宿科技股份有限公司 By Compilation Method and the system of implementation by assembly Code obfuscation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8984299B1 (en) * 2013-08-14 2015-03-17 Soongsil University Research Consortium Techno-Park Apparatus for code obfuscation and method thereof

Also Published As

Publication number Publication date
US20180276373A1 (en) 2018-09-27
DE102014019090A1 (en) 2016-06-23
WO2016096139A1 (en) 2016-06-23
US20200074077A1 (en) 2020-03-05

Similar Documents

Publication Publication Date Title
DE102016205289A1 (en) Method, processor and device for checking the integrity of user data
EP3234843A1 (en) Method for providing a security-critical software application on a computer unit
EP3435270B1 (en) Device and method for cryptographically protected operation of a virtual machine
EP2885907B1 (en) Method for installing of security relevant applications in a security element of a terminal
DE102016204684A1 (en) Method and device for providing a cryptographic security function for the operation of a device
WO2016096118A1 (en) Method for operating a computer unit, and such a computer unit
EP2987078B1 (en) Method for providing an application on a security module, and such a security module
DE102005046696B4 (en) A method for generating protected program code and method for executing program code of a protected computer program and computer program product
DE602004007368T2 (en) METHOD OF MANAGING AN EXPORTABLE CODE DOWNLOADED IN A RECOMMITABLE ONBOARD SYSTEM
EP3248136B1 (en) Method for operating a computer unit with a secure runtime environment, and such a computer unit
EP3745287B1 (en) Protection of a software application
EP3159821B1 (en) Processor system with applet security settings
EP3243154B1 (en) Method for secure operation of a computer unit, software application and computer unit
EP2569726B1 (en) Method for checking whether program instructions have been executed by a portable terminal
DE102012022874A1 (en) application installation
AT508649A2 (en) CHIP CARD WITH MONITORING OF INTEGRITY ON SOFTWARE BASIS
DE102014113441A1 (en) Protection against software components by means of encryption
DE102007041873A1 (en) Patch installing method for e.g. object oriented programming language card in mobile phone, involves forming class hierarchy using classes in program package, and including patch in class hierarchy as subclass of one of classes
DE102004047191A1 (en) Tamper-proof microprocessor system and operating method therefor
DE102020002055A1 (en) Data processing device for provisioning a hardware processor system
EP1720096B1 (en) Method for adding functionality to an executable module of a program package
DE102015207004A1 (en) Method for protected access to security functions of a security module of a host system
EP4044051A1 (en) Randomization of a binary program code
EP4312140A1 (en) Method for programming a programmable controller using an executable control program and programmable controller
DE102013001143A1 (en) Method for executing a program via a microprocessor on a security module

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20170718

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: BUILD38 GMBH

17Q First examination report despatched

Effective date: 20200107

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20200717