US20140223426A1 - Method of generating, from an initial package file comprising an application to be secured and an initial configuration file, a package file for securing the application, and associated computer program product and computing device - Google Patents

Method of generating, from an initial package file comprising an application to be secured and an initial configuration file, a package file for securing the application, and associated computer program product and computing device Download PDF

Info

Publication number
US20140223426A1
US20140223426A1 US14/245,923 US201414245923A US2014223426A1 US 20140223426 A1 US20140223426 A1 US 20140223426A1 US 201414245923 A US201414245923 A US 201414245923A US 2014223426 A1 US2014223426 A1 US 2014223426A1
Authority
US
United States
Prior art keywords
application
secured
configuration file
file
package
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US14/245,923
Other languages
English (en)
Inventor
Ben Youcef ECH-CHERGUI
Adrien Bioteau
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales SA
Original Assignee
Thales SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thales SA filed Critical Thales SA
Assigned to THALES reassignment THALES ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: Bioteau, Adrien, ECH-CHERGUI, BEN YOUCEF
Publication of US20140223426A1 publication Critical patent/US20140223426A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs

Definitions

  • the present invention relates to a method for generating, from an initial package file comprising an application to be secured and an initial configuration file, at least one package file for securing the application, the generating method being implemented by a computing device comprising an information processing unit and a memory.
  • Embodiments also relate to a computer program product including software instructions which, when implemented by an information processing unit integrated into a computing device, implement such a method for generating package files.
  • Embodiments also relate to a computing device comprising an information processing unit and a memory associated with the information processing unit.
  • a computing apparatus such as a mobile terminal, managed by an Android platform hosting applications.
  • the Android platform includes a Linux kernel, a set of function libraries in the C or C++ language, and a Dalvik virtual machine capable of executing applications hosted by the Android platform.
  • One data securing solution then consists of modifying the source or binary code of each of the applications to be secured so as to cause them to call specialized libraries including appropriate security functions.
  • WO 2012/109196 A1 describes a method for modifying a source or binary code of each of the applications to be secured, then recompiling the modified source or binary code, so that the applications thus modified call specialized libraries including appropriate security functions.
  • One aim of the embodiments described herein is to propose a method for using an initial package file including an application to be secured and an initial configuration file to generate a package file, the generating method making it possible to secure the application during the execution of the package while limiting the modifications to the code of the operating system, the application environment or the application to be secured.
  • the method for generating package files can include the following steps, carried out by an application for generating package files, the application being stored in the memory of the computing device: extracting, from the initial package file, the application to be secured and the initial configuration file, creating a first configuration file from the initial configuration file, creating an application for dynamically creating an execution environment for the application to be secured, the application for the dynamic creation of the execution environment being suitable for implementing the loading of a security library, the substitution, from a function call or function calls associated with the application to be secured, of at least one call to an unsecured function with a call to a corresponding function of the security library, and launching the application to be secured after the substitution, and encapsulating the first configuration file and the application to be secured in a first package file, file the application for the dynamic creation of the execution environment being encapsulated in the first package file or in a second package file, the second package file including the application for the dynamic creation of the execution environment and a second configuration file.
  • the method comprises one or more of the following features, considered alone or according to any technically possible combinations: during the step for creating the first configuration file, the first configuration file is created by modifying the initial configuration file so that the application for creating the execution environment is launched in place of the application to be secured during the execution of the corresponding package file; the first package file includes the first configuration file and the application to be secured, the second package file includes the second configuration file and the application for creating the execution environment, each application among the application to be secured and the application for creating the execution environment comprises at least one component, each configuration file containing one or more component declarations, and the method comprises the creation of the second configuration file, the second configuration file containing the same component declarations as the initial configuration file; at least one declared component in each configuration file is a content provider, and the content provider is declared in the second configuration file with a higher priority than that of the content provider declared in the first configuration file, so that the content provider of the application for creating the execution environment is launched before the content provider of the application to be secured; the first package file includes the first configuration file
  • An aspect also relates to a computer program product including software instructions which, when implemented by an information processing unit integrated into a computer device, implements a method as defined above.
  • Another aspect also relates to a computing device comprising an information processing unit and a memory that is associated with the information processing unit, in which the memory includes an application for generating, from an initial package file including an application to be secured and an initial configuration file, at least one package file for securing the application, the application for generating package file(s) including: a component for extracting the application to be secured and the initial configuration file from the initial package file, a component for creating a first configuration file from the initial configuration file, a component for creating an application for the dynamic creation of an execution environment for the application to be secured, the application for the dynamic creation of the execution environment being suitable for implementing the loading of a security library, substituting, from among one or more function call(s) associated with an application to be secured, at least one call to an unsecured function with a call to a corresponding function of the security library, and launching the application to be secured after the substitution step, and a component for encapsulating the first configuration file and the application to be secured in a first package file, the application for the dynamic creation
  • FIG. 1 is a diagrammatic view of a computing device according to an embodiment, the computing device being capable of generating at least one package file designed to be executed by a computing apparatus, such as a mobile terminal.
  • FIG. 2 is a diagrammatic illustration of a memory of a computing apparatus of FIG. 1 .
  • FIG. 3 is a flowchart of a method for generating package file(s), according to an embodiment.
  • FIG. 4 is a flowchart of a method for preparing an environment for executing an application to be secured.
  • FIG. 5 is a dynamic illustration of the preparation of the execution environment for the application to be secured and the execution of the application.
  • FIG. 6 is a view similar to that of FIG. 3 , according to another embodiment.
  • a computing apparatus 10 such as a mobile terminal, comprises an information processing unit 12 , a first memory 14 associated with the information processing unit, and a screen 15 .
  • the computing apparatus 10 is a mobile telephone and further comprises a wireless antenna 16 and a wireless transceiver 17 that are connected to the first information processing unit.
  • a computing device 18 comprises a second information processing unit 19 A and a second memory 19 B associated with the second information processing unit 19 A.
  • the first information processing unit 12 for example includes a data processor.
  • the first memory 14 includes an operating system 20 and multiple package files 21 , also called non-sensitive package files, and package files 22 A, 22 B, also called sensitive package files, namely a first package file 22 A and a second package file 22 B.
  • the first memory 14 includes a secondary package file 23 .
  • the first memory 14 also includes a security library 24 for example capable of securing the data storage and/or data exchange with another computing apparatus.
  • the wireless transceiver 17 includes a component for transmitting and receiving wireless signals via the wireless antenna 16 .
  • the wireless transceiver 17 can operate according to the GPRS (General Packet Radio Service) communication standard or the UMTS (Universal Mobile Telecommunication System) standard.
  • GPRS General Packet Radio Service
  • UMTS Universal Mobile Telecommunication System
  • the wireless antenna 16 and the wireless transceiver 17 are capable of allowing the establishment of a wireless link between the computing apparatus 10 and another computing apparatus including a wireless antenna and transceiver using the same communication standard.
  • the second information processing unit 19 A for example includes a data processor.
  • the second memory 19 B includes an application 25 for generating at least one sensitive package file 22 A, 22 B from an initial package file, not shown.
  • the operating system 20 includes a kernel 26 , a set 27 of function libraries, a virtual machine 28 and an application framework 30 .
  • Each non-sensitive package file 21 includes a non-sensitive application 31 in the form of a binary file and an associated configuration file 32 , the non-sensitive application 31 not needing to be secured.
  • the first sensitive package file 22 A includes a first configuration file 33 and an application to be secured 34 in the form of a binary file.
  • the second sensitive package file 22 B includes a second configuration file 35 and an application 36 for the dynamic creation of an execution environment for the application to be secured, the application for creating the execution environment 36 being in the form of a binary file.
  • the secondary package file 23 includes an application, not shown, for authenticating the user and recovering a key for unlocking the security library.
  • the secondary package file 23 includes a third configuration file, not shown, associated with the application for authenticating the user and recovering the unlocking key.
  • the authentication of the user is done, for example, using a chip card included in the apparatus 10 , or a near field communication card outside the apparatus, also called NFC card.
  • the application is also capable of verifying the permissions associated with a third-party application to control access to that third party-application by the user.
  • the security library 24 includes a function 37 A for securing the data storage, a function 37 B for securing data exchanges with another computing apparatus, and a function 37 C for eliminating debugging events, as shown in FIG. 2 .
  • the security library 24 is a specific library separate from the native libraries included in the operating system 20 .
  • the security library 24 is a native library included in the set of libraries 27 of the operating system delivered by the provider of the operating system.
  • the application for generating package files 25 includes a component 40 for extracting the application to be secured 34 and an initial configuration file, not shown, from the initial package file, and a component 42 for creating the first configuration file 33 and the second configuration file 35 , each from the initial configuration file.
  • the application for generating package files 25 includes a component 44 for creating the application for the dynamic creation of the execution environment 36 , the application for the dynamic creation of the execution environment 36 being adapted to implement the loading of the security library 24 ; substitute, from among one or more functions associated with the application to be secured 34 , at least one call to an unsecured function with a call to a corresponding function 37 A, 37 B, 37 C from the security library 24 ; and launch the application to be secured 34 after the substitution.
  • the application for generating package files 25 includes encapsulation component 46 , on the one hand, for the first configuration file 33 and the application to be secured 34 in the first package file 22 A, and on the other hand, the second configuration file 35 and the application for the dynamic creation of the execution environment 36 in the second package file 22 B.
  • the application for generating package files 25 includes a component 47 for cryptographic protection of the first and second package files previously generated.
  • the kernel 26 forms a layer of abstraction between a hardware part in particular including the first information processing unit 12 , the first memory 14 and the wireless transceiver 17 on the one hand, and the rest of the operating system 20 , in particular the set of libraries 27 , on the other hand.
  • the kernel 26 is suitable for managing essential services such as the security of the operating system, memory management, or process management.
  • the set of libraries 27 comprises an unsecure function library 48 .
  • the virtual machine 28 is known by one skilled in the art, and is capable of running each binary file contained in the respective package files 21 , 22 , 23 .
  • the application host structure 30 includes services 49 A, 49 B available to the application 31 , 34 , 36 , such as an activity management service 49 A, a management service 49 B for the package files associated with the application.
  • Each application 31 , 34 , 36 is in the form of a binary file including a binary code, also referred to as bytecode, designed to be executed by the virtual machine 28 .
  • the execution of the application 31 , 34 , 36 by the virtual machine 28 is an interpretation of the bytecode of the application.
  • Each application 31 , 34 , 36 comprises one or more components A, B, #A, #B, as shown in FIG. 4 , the components having different types, such as an activity, a service, a content provider, or a broadcast receiver.
  • Each component A, B, #A, #B plays a different role in the behavior of the application, and can be activated individually, even by other applications.
  • the operating system 20 is the Android® application system by Google.
  • the kernel 26 is then based on a Linux kernel, more specifically on version 2.6 of the Linux kernel.
  • the set of libraries 27 is written in the C/C++ computer language.
  • the virtual machine 28 is the Dalvik virtual machine.
  • the applications 31 , 34 , 36 are written in the Java language and are in the form of a binary code that is executable by the Dalvik virtual machine 28 .
  • any operating system of the same type as the Android® operating system apply to any operating system of the same type as the Android® operating system.
  • some embodiment apply to an operating system including a kernel, a virtual machine designed to run the applications, and a set of function libraries accessible by the kernel and the virtual machine.
  • Each configuration file 32 , 33 , 35 includes information for naming and indicating the version of the application, the declarations of each of the components of the application, the message filters allowing the application to identify, in a predefined manner, certain messages among those received from the operating system 20 or other applications, and potentially metadata.
  • each configuration file 32 , 33 , 35 is also called Manifest file.
  • the component declarations are then referenced using the following expressions: ⁇ activity>, ⁇ service>, ⁇ provider> or ⁇ receiver>, depending on whether the components are of the activity, service, content provider, or broadcast receiver type.
  • the message filters also called message declarations, are also called Intent filters.
  • the metadata may provide an additional description of a component.
  • the non-sensitive configuration file 32 is known by one skilled in the art.
  • the first configuration file 33 includes information for naming and indicating the version of the application to be secured 34 , and contains the declarations of the components of the application to be secured 34 .
  • the first configuration file 33 is created from the initial configuration file and by modifying the initial configuration file so that the application for creating the execution environment 36 is launched in place of the application to be secured 34 during execution of the first and second package files 22 A, 22 B.
  • the manner of creating the first configuration file 33 from the initial configuration file will be described in more detail hereinafter using the flowchart for the method for generating package files of FIG. 3 .
  • the application to be secured 34 is designed to call at least one function of the unsecure function library 48 during its execution.
  • the second configuration file 35 includes information for naming and indicating the version of the application for creating the execution environment 36 , and contains the declarations of the components of the application for creating the execution environment 36 .
  • the manner of creating the second configuration file 35 will be described in more detail below using the flowchart for the method for generating the package files of FIG. 3 .
  • the application for the dynamic creation of the environment 36 includes a component 50 for loading the security library, a component 52 for substituting, among the function call(s) associated with the application to be secured 34 , at least one call to an unsecured function with a call to a corresponding function from the security library 24 .
  • the application for creating the execution environment 36 includes a component 54 for authenticating the user of the computing apparatus and recovering an unlocking key for the security library, and a component 56 for intercepting and filtering messages transmitted or received by the application to be secured 34 .
  • the application for creating the execution environment 36 includes a component 58 for launching the application to be secured following the substitution of the call for the unsecure function by the call for the security function.
  • the application for creating the execution environment 36 is an application dedicated to the application(s) to be secured 34 , and is distinct from the operating system 20 .
  • the function for securing the data storage 37 A is capable of protecting sensitive data stored in a memory area of the first memory 14 , for example via cryptographic protection of the stored data.
  • the protection is a confidentiality protection order to prohibit access to that data by an unauthorized person, and also integrity protection in order to prevent any modification of the content of that data.
  • the function for securing data exchanges 37 B is capable of protecting data exchanges between the application to be secured 34 and the other computing apparatus, not shown.
  • the function for deleting debugging events 37 C is capable of deleting the debugging events before they are recorded in the first memory 14 , the debugging events being generated during the execution of tags contained in the code of the application to be secured 34 .
  • These debugging events which are used to determine the code of the application before the code is finalized, are sometimes kept in the application code, and are then capable of causing a security breach.
  • the unsecure function library 48 is known by one skilled in the art. In the embodiments of an Android® operating system, the unsecure function library 48 is a library of function(s) written in the C/C++ computer language.
  • the authentication and recovery component 54 is a component for calling the authentication application for the user and recovering the unlocking key encapsulated in the secondary package file 23 .
  • the authentication and recovery component 54 includes only one point of entry toward the application for authenticating the user and recovering the key.
  • the first memory 14 does not include the secondary package file
  • the authentication and recovery component 54 of each application for creating the execution environment comprises the functionalities of the user authentication and unlocking key recovery application, and is capable of authenticating the user of the computing apparatus 10 , then, in case of successful authentication, recovering the unlocking key from the security library 24 .
  • the application to be secured 34 and the initial configuration file are extracted from the initial package file.
  • the initial configuration file thus extracted is next used during the following step 75 to create the first configuration file 33 on the one hand and the second configuration file 35 on the other hand.
  • the first configuration file 33 is created by modifying the initial configuration file so that the application for creating the execution environment 36 is launched in place of the application to be secured 34 during the execution of the package files 22 A, 22 B.
  • the message filters also called Intent filters, for the activities declared in the initial configuration file are for example deleted in the first configuration file 33 .
  • the name of the process declared in the first configuration file 33 is a predetermined name, and that process name will be the same in the second configuration file 35 in order to guarantee that the application to be secured 34 and the application for creating the execution environment 36 will be executed in the same process.
  • the second configuration file 35 is also created from the initial configuration file.
  • the second configuration file 35 for example contains the same component declarations as those contained in the initial configuration file.
  • the components declared in the second configuration file 35 for example reiterate the same message filters as those specified in the initial configuration file for the corresponding components.
  • At least one component declared in the first configuration file 33 and the second configuration file 35 is a content provider, and the content provider is declared in the second configuration file 35 with a higher priority than that of the content provider declared in the first configuration file 33 .
  • This higher priority order of the declaration of the content provider in the second configuration file 35 than the corresponding one in the first configuration file 33 makes it possible for the content provider of the application for creating the execution environment 36 to be launched before the content provider for the application to be secured 34 .
  • the name of the process declared in the second configuration file 35 is a predetermined name and is identical to that of the process declared in the first configuration file 33 , in order to guarantee that the application to be secured 34 and the application for creating the execution environment 36 will be executed in the same process.
  • the binary file for the application for the dynamic creation of the execution environment 36 is created during the following step 80 .
  • the binary file created is such that the application for the dynamic creation of the execution environment 36 is suitable for implementing the loading of the security library 24 , substituting, among one or more call function(s) associated with the application to be secured 34 , at least one call to an unsecured function with a call to a corresponding function from the security library 24 , and launching the application to be secured 34 after the substitution.
  • the application for the dynamic creation of the execution environment 36 is adapted to lock the security library 24 previously loaded and the call function substitution(s) done.
  • the application for creating the execution environment 36 is adapted to request authentication of the user of the computing apparatus 10 , then in case of successful authentication, to recover a key to unlock the security library 24 .
  • the application for creating the execution environment 36 is suitable for intercepting and processing messages exchanged between the operating system and the application to be secured 34 , the messages being processed by the security library 24 .
  • the intercepted messages in particular relate to the standby, the waking up of the application to be secured 34 , the storage of data in the first memory 14 and the exchange of data with another computing apparatus.
  • step 80 the binary file of the application for the dynamic creation of the execution environment 36 thus created is next encapsulated with the second configuration file 35 , previously created during step 75 , in the second package file 22 B.
  • step 85 the first configuration file 33 and the binary file of the application to be secured 34 are encapsulated in the first package file 22 A.
  • the binary file of the application to be secured 34 is not modified during the generation of the package files 22 A, 22 B using the generating method.
  • the application for generating package files 25 also adds the security library 24 in the second package file 22 B.
  • each package file 22 A, 22 B generated is cryptographically protected with one or more cryptographic keys and using cryptographic protection component 47 .
  • the cryptographic key(s) used are different from the cryptographic key that may have been used to protect the initial package file.
  • the cryptographic protection of the first package file 22 A and the cryptographic protection of the second package file 22 B are for example done using the same cryptographic key, which makes it possible to ensure that any other application seeking to pass itself off as the application to be secured 34 cannot be installed on the operating system 20 .
  • This other application not having been cryptographically protected with the same key, may not be executed in the same process as the application for creating the execution environment 36 .
  • FIGS. 4 and 5 The operation of the computing apparatus 10 will henceforth be explained using FIGS. 4 and 5 .
  • each package file 22 A, 22 B is created using the application for generating package files 25 as previously described.
  • FIG. 4 illustrates a method for the dynamic creation of an environment for running the application to be secured 34 implemented by the application for creating the execution environment 36 .
  • the security library 24 is loaded so that the security functions 37 A, 37 B, 37 C contained in the security library 24 are available for the virtual machine 28 during the subsequent launch of the application to be secured 34 .
  • the application for creating the execution environment 36 next substitutes, during step 110 , at least one call to an unsecure function, among the call(s) to functions associated with the application to be secured 34 , with a call to a corresponding application 37 A, 37 B, 37 C from the security library 24 previously loaded.
  • the substitution step 110 for example includes the deletion of the dynamic link between the application to be secured 34 and the unsecured function, and the creation of a dynamic substitution link between the application to be secured 34 and the corresponding function 37 A, 37 B, 37 C of the security library 24 .
  • all of the calls to a data storage function among the function calls associated with the application to be secured 34 are substituted with calls to the security function for data storage 37 A.
  • step 115 locks the security library 24 loaded during step 100 and performs the function call substitution(s) done during the preceding step 110 .
  • the substitution step 110 is carried out via the introduction of a substitution function into the application to be secured itself or into the virtual machine 28 via a dynamic link
  • the substitution function coming from the application for creating the execution environment 36 the locking step for example consists of replacing the reference of the substitution function with a reference to a new substitution function.
  • This new substitution function performs filtering on the substitution requests, refusing to substitute the function calls processed in step 110 , and allowing the substitution of the other function calls.
  • step 120 the application for creating the execution environment 36 next requests the authentication of the user of the computing apparatus 10 , and in case of successful authentication, recovers a key for unlocking the security library 24 .
  • the application for creating the execution environment 36 intercepts and processes the messages exchanged between the operating system and the application to be secured, the messages being processed by the security library 24 .
  • the intercepted messages in particular relate to the placement in standby, the waking up of the application to be secured 34 , the storage of data in the first memory 14 and the exchange of data with another computing apparatus.
  • the application for creating the execution environment 36 lastly, during step 140 , launches the application to be secured 34 .
  • the corresponding call(s) generated by the application to be secured 34 or for the application to be secured are first sent to the security library 24 , and if the latter authorizes it, if needed to the unsecure library 48 .
  • the creation of the environment for running the application to be secured 34 is dynamic because it is carried out each time the application is executed and following the reception by the operating system 20 of an order to run the application.
  • FIG. 5 is an illustration of the dynamic creation of the environment for executing the application to be secured 34 and the execution of the application.
  • the operating system Following reception by the operating system 20 of an order to execute the second package file 22 B, the operating system begins by launching the component #A of the application for creating the execution environment 36 using the activity management service 49 A (arrow F1), according to the information contained in the first and second configuration files 33 , 35 , so that the application for creating the execution environment 36 is launched in place of the application to be secured 34 .
  • the application for creating the execution environment 36 downloads the security library 24 (arrow F2), according to the initial step 100 of the method for creating an execution environment.
  • the security functions 37 A, 37 B, 37 C contained in the security library are thus available for the subsequent actions of the virtual machine 28 .
  • the dynamic links between the application to be secured 34 and certain unsecured functions are deleted, and the corresponding dynamic substitution links are created between the application to be secured 34 and corresponding function 37 A, 37 B, 37 C of the security library 24 , according to step 110 previously described (arrow F3).
  • the component #A next requests, from the operating system, the launch of the corresponding component A of the application to be secured 34 (arrow F4).
  • This request is intercepted by the security library 24 in order to request authentication of the user, then, in case of successful authentication, to recover the key to unlock the security library 24 .
  • the request is transmitted to the activity management service 49 A of the operating system (arrow F5).
  • the operating system 20 then launches the component A of the application to be secured 34 using the activity management system 49 A, according to step 140 previously described (arrow F6).
  • the launch is done in the same process as that of the application for creating the execution environment 36 according to the information contained in the first configuration file 33 .
  • the application A requests, from the operating system 20 , the launch of the component B, and the virtual machine 28 then directs that request to the security library 24 (arrow F7) through the preceding step for substituting dynamic links.
  • the request is then modified by the security library 24 so that the operating system 20 launches the component #B instead of the component B of the application to be secured 34 , then sent to the activity management service 49 A (arrow F8).
  • the operating system 20 then launches the component #B (arrow F9).
  • the component #B then requests, from the operating system, the launch of the corresponding component B of the application to be secured 34 (arrow F10). This request is intercepted by the security library 24 in order to perform the corresponding secure processing, then sent to the activity management service 49 A of the operating system (arrow F11).
  • the operating system 20 then launches the component B of the application to be secured 34 using the activity management service 49 A (arrow F12).
  • the component B next wishing to store a data file, to that end calls a storage function (arrow F13).
  • the security function for the data storage 37 A of the security library is then automatically called, and the data file is encrypted by the security function 37 A before being stored in the first memory 14 (arrow F14).
  • the different requests described are done in administrator mode and then pass through the kernel 26 .
  • One skilled in the art will understand that certain requests may alternatively be made in user mode without passing through the kernel 26 .
  • the computing apparatus 10 via the implementation of the method for dynamically creating the environment for executing the application to be secured 34 using the application for creating the execution environment 36 , therefore makes it possible to secure the operation of the application 34 , in particular regarding the launch of the components, the storage of data or the exchange of data with another computing apparatus, the latter being automatically encrypted via the appropriate functions of the security library 24 .
  • This securing of the application 34 only requires rewriting the configuration file of the application (called Manifest file in the case of Android®), adding the application for creating the execution environment 36 , the latter being encapsulated in the second package file 22 B, or alternatively with the application 34 in the first package file 22 A, as will be described below in the second embodiment, and adding the security library 24 , if the set of libraries 27 does not already include such a library.
  • Manifest file in the case of Android®
  • this securing does not require any modification of the source or binary code of the application to be secured 34 , or any modification of the operating system 20 .
  • FIG. 6 illustrates a second embodiment, for which the elements similar to the first embodiment, previously described, are identified by identical references, and are not described again.
  • At least one so-called sensitive package file is in the form of a single package file, namely the first package file 22 A.
  • the first package file 22 A then includes the first configuration file 33 , the application to be secured 34 and the application for the dynamic creation of the execution environment 36 .
  • the application to be secured 34 and the application for the dynamic creation of the execution environment 36 are for example in the form of binary files.
  • the application to be secured 34 and the initial configuration file are extracted from the initial package file using extraction component 40 .
  • the initial configuration file thus extracted is next used during the following step 175 to create the first configuration file 33 .
  • the first configuration file 33 is created by modifying the initial configuration file so that the application for creating the execution environment 36 is launched in place of the application to be secured 34 during the execution of the package file 22 A.
  • the first configuration file 33 for example contains the same component declarations as those contained in the initial configuration file.
  • the components declared in the first configuration file 33 for example reiterate the same message filters as those specified in the initial configuration file for the corresponding components.
  • the message filters also called Intent filters, for the activities declared in the initial configuration file are for example renamed in the first configuration file 33 , so as to prevent other applications from being able to modify those message filters.
  • the components are declared in the first configuration file 33 as not being exportable.
  • the name of the process declared in the first configuration file 33 is a predetermined name, in order to control how the computing apparatus 10 identifies the process.
  • the binary file of the application for the dynamic creation of the execution environment 36 is created during the following step 180 .
  • the binary file created is such that the application for the dynamic creation of the execution environment 36 is suitable for implementing the loading of the security library 24 , substituting, from among one or more function calls associated with the application to be secured 34 , at least one unsecured function call with a corresponding function call to the security library 24 , and launching the application to be secured 34 after the substitution.
  • the application for the dynamic creation of the execution environment 36 is suitable for locking the previously loaded security library 24 and the function call substitution(s) done.
  • the application for creating the execution environment 36 is suitable for requesting authentication of the user of the computing apparatus 10 , then, in case of successful authentication, recovering a key to unlock the security library 24 .
  • the application for creating the execution environment 36 is suitable for intercepting and processing messages exchanged between the operating system and the application to be secured 34 , the messages being processed by the security library 24 .
  • the intercepted messages in particular relate to the standby, waking up of the application to be secured 34 , the storage of data in the first memory 14 and the exchange of data with another computing apparatus.
  • step 185 the binary file of the application for the dynamic creation of the execution environment 36 thus created is next encapsulated with the first configuration file 33 , previously created during step 175 , and with the binary file of the application to be secured 34 in the first package file 22 A.
  • the binary file of the application to be secured 34 is not modified during the generation of the package file 22 A using the generation method.
  • the binary file of the application for the dynamic creation of the execution environment 36 is stored in the default location provided for a binary file in the package file.
  • the binary file of the application to be secured 34 is stored in a secondary location, which also makes it possible for the application to create the execution environment 36 to be launched in place of the application to be secured 34 during the execution of the package file 22 A.
  • the application for generating the package file(s) 25 also adds the security library 24 into the package file 22 A.
  • the package file 22 A generated is cryptographically protected with a protection key and using cryptographic component 47 .
  • the operation of the computing apparatus 10 according to this second embodiment is identical to that described for the first embodiment in light of FIGS. 4 and 5 .
  • the advantages of the second embodiment are similar to those of the first embodiment previously described, and are not described again.
  • the generating method according to this second embodiment further has the advantage of generating a single package file 22 A to secure the application to be secured 34 . This then makes it possible to simplify the installation procedure at the operating system 20 , and more generally to simplify the deployment of this securing solution for the application to be secured 34 .
  • the generating method according to at least one embodiment makes it possible to secure the application 34 during the execution of the package file while limiting the modifications of the code of the operating system, the application environment and the application to be secured 34 .
  • At least one embodiment relates to a method for the dynamic creation of an execution environment for the application to be secured 34 to secure the application 34 , the method being implemented by the computing apparatus 10 comprising the information processing unit 12 and the memory 14 , the memory 14 being associated with the information processing unit 12 and including the operating system 20 , the application to be secured 34 and the security library 24 including at least one security function 37 A, 37 B, 37 C, the operating system 20 including the set 27 of function libraries comprising the unsecured function library 48 , the application to be secured 34 being, during its execution, designed to call a function of the unsecured function library 48 .
  • the method for the dynamic creation of the execution environment comprises the following steps, implemented through the application of the dynamic creation of the execution environment 36 stored in the memory 14 : loading 100 the security library 24 , substituting 110 , among the function call(s) associated with the application to be secured 34 , at least one call to an unsecured function with a call to a corresponding function 37 A, 37 B, 37 C of the security library 24 , and launching 140 the application to be secured 34 after the substitution step 110 .
  • the substitution step 110 includes the deletion of a dynamic link between the application to be secured 34 and the unsecured function, and the creation of the dynamic substitution link between the application to be secured 34 and the corresponding function 37 A, 37 B, 37 C of the security library 24 .
  • the method for the dynamic creation of the execution environment further comprises, for the step for launching the application 140 , the step 115 for locking the security library 24 loaded during the loading step 100 and the function call substitution(s) done during the substitution step 110 .
  • the method for the dynamic creation of the execution environment further comprises, for the step for launching the application 140 , the step 120 for authenticating the user of the computing apparatus 10 and recovering the key to unlock the security library 24 .
  • the method for the dynamic creation of the execution environment further comprises, for the step for launching the application 140 , the step 130 for intercepting a message exchange between the operating system 20 and the application to be secured 34 , and processing the message using the corresponding function of the security library 24 .
  • the application for creating the execution environment 36 is preferably an application dedicated to the application(s) to be secured 34 , and is distinct from the operating system 20 .
  • At least one embodiment also relates to a computer program product including software instructions which, when implemented by the information processing unit 12 integrated into the computing apparatus 10 , implements the method for the dynamic creation of the execution environment as defined above.
  • At least one embodiment also relates to the computing apparatus 10 comprising the information processing unit 12 , and the memory 14 including the operating system 20 , at least one application to be secured 34 and the security library 24 including at least one security function 37 A, 37 B, 37 C, the memory 14 being associated with the information processing unit 12 .
  • the operating system 20 including the set 27 of function libraries comprising the unsecured function library 48 , the application to be secured 34 being designed to call a function of the unsecured function library 48 .
  • the memory 14 further includes the application 36 for the dynamic creation of the execution environment for the application to be secured 34 , the application for the creation of the execution environment 36 including the component 50 for loading the security library 24 , the component 52 for substituting, among the function call(s) associated with an application to be secured 34 , at least one call to an unsecured function with a call to a corresponding function 37 A, 37 B, 37 C of the security library 24 , and component 58 for launching the application to be secured 34 after the substitution of the unsecured function call by the call to the security function 37 A, 37 B, 37 C.
US14/245,923 2011-10-06 2014-04-04 Method of generating, from an initial package file comprising an application to be secured and an initial configuration file, a package file for securing the application, and associated computer program product and computing device Abandoned US20140223426A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR1103046A FR2981174B1 (fr) 2011-10-06 2011-10-06 Procede de creation dynamique d'un environnement d'execution d'une application pour securiser ladite application, produit programme d'ordinateur et appareil informatique associes
FR1103046 2011-10-06
PCT/EP2012/069876 WO2013050602A1 (fr) 2011-10-06 2012-10-08 Procede de generation, a partir d'un fichier initial de paquetage comportant une application a securiser et un fichier initial de configuration, d'un fichier de paquetage pour la securisation de l'application, produit programme d'ordinateur et dispositif informatique associes

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/069876 Continuation WO2013050602A1 (fr) 2011-10-06 2012-10-08 Procede de generation, a partir d'un fichier initial de paquetage comportant une application a securiser et un fichier initial de configuration, d'un fichier de paquetage pour la securisation de l'application, produit programme d'ordinateur et dispositif informatique associes

Publications (1)

Publication Number Publication Date
US20140223426A1 true US20140223426A1 (en) 2014-08-07

Family

ID=46980981

Family Applications (2)

Application Number Title Priority Date Filing Date
US14/245,880 Expired - Fee Related US9405520B2 (en) 2011-10-06 2014-04-04 Method for the dynamic creation of an execution environment for an application to secure the application, associated computer program product and computing apparatus
US14/245,923 Abandoned US20140223426A1 (en) 2011-10-06 2014-04-04 Method of generating, from an initial package file comprising an application to be secured and an initial configuration file, a package file for securing the application, and associated computer program product and computing device

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US14/245,880 Expired - Fee Related US9405520B2 (en) 2011-10-06 2014-04-04 Method for the dynamic creation of an execution environment for an application to secure the application, associated computer program product and computing apparatus

Country Status (6)

Country Link
US (2) US9405520B2 (fr)
EP (2) EP2764462B1 (fr)
KR (2) KR20140077188A (fr)
CN (2) CN103975338A (fr)
FR (1) FR2981174B1 (fr)
WO (2) WO2013050602A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150113502A1 (en) * 2013-10-18 2015-04-23 Openpeak Inc. Method and system for encapsulation of application
US20150113506A1 (en) * 2013-10-18 2015-04-23 Openpeak Inc. Method and system for adaptive loading of application
WO2016024838A1 (fr) * 2014-08-13 2016-02-18 (주)잉카엔트웍스 Procédé et système de fourniture de service de sécurité d'application en nuage
US20180341465A1 (en) * 2016-11-03 2018-11-29 Palantir Technologies Inc. Approaches for amalgamating disparate software tools

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2981174B1 (fr) 2011-10-06 2013-12-20 Thales Sa Procede de creation dynamique d'un environnement d'execution d'une application pour securiser ladite application, produit programme d'ordinateur et appareil informatique associes
US8695060B2 (en) 2011-10-10 2014-04-08 Openpeak Inc. System and method for creating secure applications
DE102013003204A1 (de) * 2013-02-26 2014-08-28 Giesecke & Devrient Gmbh Verfahren und Vorrichtung zum Betreiben einer Ausführungsumgebung für Applikationen
CN104134034B (zh) * 2013-06-13 2015-10-21 腾讯科技(深圳)有限公司 控制应用运行的方法和装置
JP6462114B2 (ja) 2014-08-20 2019-01-30 クワーン チー インテリジェント フォトニック テクノロジー リミテッド オペレーティングシステムにおけるハードウェア・デバイス制御方法及びモジュール
US20160071040A1 (en) 2014-09-05 2016-03-10 Openpeak Inc. Method and system for enabling data usage accounting through a relay
US9350818B2 (en) 2014-09-05 2016-05-24 Openpeak Inc. Method and system for enabling data usage accounting for unreliable transport communication
US8938547B1 (en) 2014-09-05 2015-01-20 Openpeak Inc. Method and system for data usage accounting in a computing device
US9232013B1 (en) 2014-09-05 2016-01-05 Openpeak Inc. Method and system for enabling data usage accounting
CN104504324B (zh) * 2014-12-03 2017-09-29 深信服科技股份有限公司 移动应用认证加固方法和系统
US9232078B1 (en) 2015-03-16 2016-01-05 Openpeak Inc. Method and system for data usage accounting across multiple communication networks
CN104915266B (zh) * 2015-06-15 2019-05-28 上海海漾软件技术有限公司 一种应用程序保护方法及装置
FR3043474B1 (fr) * 2015-11-09 2017-12-22 Thales Sa Procede et systeme d'aide a la precision d'un pilote pour le pilotage d'un aeronef et produit programme d'ordinateur associe
CN106203085B (zh) * 2016-07-08 2019-03-01 东软集团股份有限公司 一种编译方法及装置
DE102017204218A1 (de) * 2017-03-14 2018-09-20 Robert Bosch Gmbh Verfahren und Vorrichtung zum Absichern eines Gerätes
CN107480513B (zh) * 2017-08-17 2020-09-11 深信服科技股份有限公司 一种认证实现方法及装置、计算机装置、可读存储介质
DE102017214591A1 (de) * 2017-08-22 2019-02-28 Robert Bosch Gmbh Verfahren und Vorrichtung zum Schützen eines Gerätes
CN110147227B (zh) * 2018-07-06 2023-07-18 杭州涂鸦信息技术有限公司 一种用于技能配置的程序安装包生成方法及系统

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6658571B1 (en) * 1999-02-09 2003-12-02 Secure Computing Corporation Security framework for dynamically wrapping software applications executing in a computing system
US20040172443A1 (en) * 2003-02-27 2004-09-02 Alcazar Mark A. Hosting an application in one of a plurality of execution environments
US20060259973A1 (en) * 2005-05-16 2006-11-16 S.P.I. Dynamics Incorporated Secure web application development environment
US20070112772A1 (en) * 2005-11-12 2007-05-17 Dennis Morgan Method and apparatus for securely accessing data
US20070226773A1 (en) * 2006-03-21 2007-09-27 Novell, Inc. System and method for using sandboxes in a managed shell
US7398532B1 (en) * 2000-03-02 2008-07-08 Hewlett-Packard Development Company, L.P. System and method for establishing a secure execution environment for a software process
US20110289294A1 (en) * 2009-12-14 2011-11-24 Manabu Maeda Information processing apparatus
US20120167124A1 (en) * 2010-12-23 2012-06-28 Nagravision S.A. System to identify a user of television services by using biometrics
US9684785B2 (en) * 2009-12-17 2017-06-20 Red Hat, Inc. Providing multiple isolated execution environments for securely accessing untrusted content

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6836888B1 (en) * 2000-03-17 2004-12-28 Lucent Technologies Inc. System for reverse sandboxing
US20020065776A1 (en) * 2000-11-29 2002-05-30 Brad Calder Method and process for virtualizing file system interfaces
US20020066021A1 (en) * 2000-11-29 2002-05-30 Chien Andrew A. Method and process for securing an application program to execute in a remote environment
US7260820B1 (en) * 2001-04-26 2007-08-21 Vm Ware, Inc. Undefeatable transformation for virtual machine I/O operations
US7725737B2 (en) * 2005-10-14 2010-05-25 Check Point Software Technologies, Inc. System and methodology providing secure workspace environment
CN101593257B (zh) * 2008-05-27 2011-02-16 北京飞天诚信科技有限公司 基于.Net虚拟机的软件保护系统和方法
US20120159567A1 (en) * 2010-12-21 2012-06-21 Enterproid Hk Ltd Contextual role awareness
US8549656B2 (en) 2011-02-11 2013-10-01 Mocana Corporation Securing and managing apps on a device
FR2981174B1 (fr) 2011-10-06 2013-12-20 Thales Sa Procede de creation dynamique d'un environnement d'execution d'une application pour securiser ladite application, produit programme d'ordinateur et appareil informatique associes

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6658571B1 (en) * 1999-02-09 2003-12-02 Secure Computing Corporation Security framework for dynamically wrapping software applications executing in a computing system
US7398532B1 (en) * 2000-03-02 2008-07-08 Hewlett-Packard Development Company, L.P. System and method for establishing a secure execution environment for a software process
US20040172443A1 (en) * 2003-02-27 2004-09-02 Alcazar Mark A. Hosting an application in one of a plurality of execution environments
US20060259973A1 (en) * 2005-05-16 2006-11-16 S.P.I. Dynamics Incorporated Secure web application development environment
US20070112772A1 (en) * 2005-11-12 2007-05-17 Dennis Morgan Method and apparatus for securely accessing data
US20070226773A1 (en) * 2006-03-21 2007-09-27 Novell, Inc. System and method for using sandboxes in a managed shell
US7725922B2 (en) * 2006-03-21 2010-05-25 Novell, Inc. System and method for using sandboxes in a managed shell
US20110289294A1 (en) * 2009-12-14 2011-11-24 Manabu Maeda Information processing apparatus
US9684785B2 (en) * 2009-12-17 2017-06-20 Red Hat, Inc. Providing multiple isolated execution environments for securely accessing untrusted content
US20120167124A1 (en) * 2010-12-23 2012-06-28 Nagravision S.A. System to identify a user of television services by using biometrics

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Liang et al."Isolated program execution: An application transparent approach for executing untrusted programs." Computer Security Applications Conference, 2003. Proceedings. 19th Annual. IEEE, 2003.Retrieved on [2017-11-1] Retrieved from the Internet: URL<http://ieeexplore.ieee.org/abstract/document/1254323/> *
Viega et al. "Trust (and mistrust) in secure applications." Communications of the ACM 44.2 (2001): 31-36. Retrieved on [2017-11-1] Retrieved from the Internet: URL<https://dl.acm.org/citation.cfm?id=359223> *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150113502A1 (en) * 2013-10-18 2015-04-23 Openpeak Inc. Method and system for encapsulation of application
US20150113506A1 (en) * 2013-10-18 2015-04-23 Openpeak Inc. Method and system for adaptive loading of application
WO2016024838A1 (fr) * 2014-08-13 2016-02-18 (주)잉카엔트웍스 Procédé et système de fourniture de service de sécurité d'application en nuage
US10296728B2 (en) 2014-08-13 2019-05-21 Inka Entworks, Inc. Method and system for providing cloud-based application security service
US20180341465A1 (en) * 2016-11-03 2018-11-29 Palantir Technologies Inc. Approaches for amalgamating disparate software tools
US10713017B2 (en) * 2016-11-03 2020-07-14 Palantir Technologies Inc. Approaches for amalgamating disparate software tools
US11256483B2 (en) * 2016-11-03 2022-02-22 Palantir Technologies Inc. Approaches for amalgamating disparate software tools

Also Published As

Publication number Publication date
EP2764462B1 (fr) 2019-03-13
US20140223545A1 (en) 2014-08-07
WO2013050602A1 (fr) 2013-04-11
CN103988206A (zh) 2014-08-13
CN103975338A (zh) 2014-08-06
EP2764463A1 (fr) 2014-08-13
FR2981174B1 (fr) 2013-12-20
KR20140077186A (ko) 2014-06-23
US9405520B2 (en) 2016-08-02
FR2981174A1 (fr) 2013-04-12
EP2764462A1 (fr) 2014-08-13
WO2013050600A1 (fr) 2013-04-11
KR20140077188A (ko) 2014-06-23

Similar Documents

Publication Publication Date Title
US20140223426A1 (en) Method of generating, from an initial package file comprising an application to be secured and an initial configuration file, a package file for securing the application, and associated computer program product and computing device
CN105427096B (zh) 支付安全沙箱实现方法及系统与应用程序监控方法及系统
KR102217501B1 (ko) 신뢰 실행 환경을 갖는 모바일 디바이스
CN107220083B (zh) 一种安卓系统中免安装运行应用程序的方法和系统
Vidas et al. All your droid are belong to us: A survey of current android attacks
US8769305B2 (en) Secure execution of unsecured apps on a device
US9396325B2 (en) Provisioning an app on a device and implementing a keystore
US8955142B2 (en) Secure execution of unsecured apps on a device
US8812868B2 (en) Secure execution of unsecured apps on a device
Li et al. Android malware forensics: Reconstruction of malicious events
US20140250511A1 (en) Secure single sign-on for a group of wrapped applications on a computing device and runtime credential sharing
AU2012214619A1 (en) Securing and managing apps on a device
You et al. Reference hijacking: Patching, protecting and analyzing on unmodified and non-rooted android devices
Sohr et al. Software security aspects of Java-based mobile phones
Choi et al. Large-scale analysis of remote code injection attacks in android apps
CN116050537A (zh) 联邦学习方法、装置、可读存储介质及电子设备
Nazar et al. Rooting Android–Extending the ADB by an auto-connecting WiFi-accessible service
Buddhdev et al. Android component vulnerabities: Proof of concepts and mitigation
Aron et al. Overview of security on mobile devices
Renard Practical iOS apps hacking
Lei et al. MeadDroid: Detecting monetary theft attacks in Android by DVM monitoring
Verma A security analysis of smartphones
Kim et al. Self-controllable mobile app protection scheme based on binary code splitting
Wang Analyzing Use of High Privileges on Android: An Empirical Case Study of Screenshot and Screen Recording Applications
Schwendemann ERNW NEWSLETTER 55/SEPTEMBER 2016

Legal Events

Date Code Title Description
AS Assignment

Owner name: THALES, FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ECH-CHERGUI, BEN YOUCEF;BIOTEAU, ADRIEN;REEL/FRAME:033001/0226

Effective date: 20140328

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE