WO2004061622A2 - Procede pour la securisation des systemes informatiques incorporant un module d'interpretation de code. - Google Patents
Procede pour la securisation des systemes informatiques incorporant un module d'interpretation de code. Download PDFInfo
- Publication number
- WO2004061622A2 WO2004061622A2 PCT/FR2003/003805 FR0303805W WO2004061622A2 WO 2004061622 A2 WO2004061622 A2 WO 2004061622A2 FR 0303805 W FR0303805 W FR 0303805W WO 2004061622 A2 WO2004061622 A2 WO 2004061622A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- code
- derivation
- codes
- implementations
- physical
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
- G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
Definitions
- the present invention relates to securing computer systems comprising at least one code interpretation module and memory storage capacities for the code to be interpreted.
- code interpretation module a code being defined as a structured set of instructions
- interpreter hardware interpreter: microcontroller, microprocessor or software: virtual machine
- memory storage capacities of the code to be interpreted or "interpreted code”
- Said code can be written directly by a programmer, be obtained automatically (what will be called “code generation”) from a "source code” in a language which is generally of a higher level or even result a combination of automatic production and manual intervention.
- the invention therefore more particularly aims to eliminate these drawbacks.
- this method essentially involves two types of variants in the execution times of the interpreted codes, in the following manner:
- this method will make the apparently executed code different on each execution, and will therefore make it more difficult to discover the actual code of the application.
- This process may involve: • for the first variant:
- the first mode of introducing "derivation codes” consists of introducing a specific instruction (s), called “derivation” (s) in certain particular places of the code.
- This introduction can be done either manually or automatically during code generation.
- the code generator can be guided, to produce these instructions, by annotations inserted by the programmer in the source code and making it possible to designate sensitive portions of code (for example, and in a nonlimiting manner, procedures of encryption or verification of access rights).
- the execution of a derivation instruction by the interpreter causes a connection to an associated derivation code.
- This first method can also be improved by attaching different levels of security to the bypass instructions and by associating them with bypass codes that are all the more complex (or defensive against security attacks described above) as their level of security is high.
- the second mode of introducing "derivation codes” consists in introducing the derivation code into the implementation of the interpreter itself: between the execution of two consecutive instructions of the code, the interpreter executes the derivation code, either systematically, selectively or randomly. It can for example execute this code only when calling certain sensitive methods (typically from libraries, called API "Application Program Interface").
- the advantage of the first mode is that it makes it possible to selectively introduce derivative code executions, which leads to less penalty in terms of execution time if the number of such derivations is small. It also allows the implementation of so-called “discretionary" security policies, that is to say at the discretion of the applications.
- the second mode will be more advantageous if the number of derivations desired is significant since the implementation of the method in the interpreter itself can then be optimized. Furthermore, it allows the implementation of security policies called "proxies" where controls are imposed uniformly on all applications.
- the two preceding methods of introduction require the introduction of a derivation code.
- the invention provides four modes for achieving these bypass codes so that they introduce variations in execution times and measurable physical footprints.
- the first embodiment of "derivation codes" with physical footprint and variable duration consists in performing a so-called “superfluous” calculation depending on data known at runtime (which can therefore differ on each runtime). This superfluous calculation must have no effect on the final result of the execution of the interpreter.
- a simple example of such a calculation is a parity test of dynamic data (known at runtime) which can lead either to an empty action, or to the addition of an element from a stack followed by its immediate removal .
- the number of possible actions is not necessarily limited to two. A large number of possible actions will lead to significant variability in the execution time and the physical footprint of the derivation code.
- the second embodiment of "derivation codes” improves the first mode by providing it with a random drawing of additional data during the execution of the superfluous calculation, said additional data being used in the calculation carried out by the code of derivation (for example in a test of said code).
- This random draw adds a new variable element and makes the execution time and the physical footprint of the derivation code even less predictable.
- the third embodiment of "derivation codes” improves the efficiency of the two previous ones by replacing the test allowing the decision of the next action by a connection in a so-called indirection table, that is to say containing the addresses of possible actions, to an index calculated from variable elements (dynamic data and / or result of a random draw).
- the fourth embodiment of "derivation codes” improves the first mode (and therefore the other three) by considering a superfluous calculation which, while remaining without effect on the final result, presents the external characteristics (physical imprint) of a particular sensitive calculation (for example encryption or decryption) unrelated to the actual code of the application.
- a superfluous calculation makes it possible to deceive an attacker who would try to deduce secrets by measuring the physical effect of the execution of the application.
- Such a process can be qualified as "software decoy” since its purpose is to mislead attackers by making them believe in the presence of said sensitive calculation in the effective code of the application. This mode can be carried out simply by implementing the sensitive calculation in question without retaining its result.
- the first mode of introducing "multiple implementations" of certain instructions consists in enriching all of the instructions recognized by the interpreter with a plurality of implementations for a given instruction. These implementations will be carried out so as to have different physical fingerprints and execution times while producing an identical result. Any of these implementations can be used interchangeably in the code. This use can be done either manually, by programming, or automatically during code generation. In the latter case, the code generator can be guided, to produce these instructions, by annotations inserted by the programmer in the source code and making it possible to designate sensitive portions of code (for example, and without limitation, procedures encryption or verification of access rights).
- This first mode can also be improved by attaching different levels of security to the implementations of instructions and by associating them with implementations which are all the more complex (or defensive with respect to security attacks) as their level of security. is high.
- the second method of introducing "multiple implementations" of certain instructions consists in including in the implementation the instruction itself implements a connection to a portion of alternative code which will dynamically determine the implementation to be executed.
- the advantage of the first mode is to minimize the additional cost in terms of execution time since the choice of the implementation of the instruction to be applied is determined before execution. It also allows the implementation of so-called “discretionary" security policies, that is to say at the discretion of the applications.
- the advantage of the second mode is to further complicate attacks requiring synchronization with the code since two consecutive executions of the same instruction (at the same location in the code) will be likely to take different execution times and offer fingerprints different physical. Furthermore, this second mode allows the implementation of security policies called "proxies" where controls are imposed uniformly on all applications.
- an implementation can include a multiplicity of implementations for a given instruction, some of them (or all) being implemented by connecting to a portion of alternative code dynamically determining the implementation to execute.
- the above second mode of the second variant requires the introduction of an alternative code associated with an instruction.
- the invention proposes three modes for producing this alternative code so that it introduces different implementations into the execution times and the physical footprint measured.
- the first embodiment of "alternative codes" with physical footprint and variable duration consists in proposing a plurality of different implementations of the instruction and in conditioning the choice of the version executed in a dynamic test, that is to say dependent on data known at runtime.
- a simple example of such a calculation is a parity test of dynamic data (known at runtime).
- a large number of implementations will lead to significant variability in the execution time and in the physical footprint of the alternative code.
- the second embodiment of "alternative codes" improves the first mode by providing it with a random drawing of a data item which is then used for carrying out the test leading to the dynamic choice of the version executed. This random draw adds a new variable element and makes the execution time and the physical footprint of the alternative code even less predictable.
- the third embodiment of "alternative codes” improves the efficiency of the two preceding ones by replacing the test making it possible to decide on the version chosen by a connection in an indirection table (containing the addresses of the versions available) to an index calculated at from variable elements (dynamic data and / or result of a random draw).
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Devices For Executing Special Programs (AREA)
- Compression, Expansion, Code Conversion, And Decoders (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2003299355A AU2003299355A1 (en) | 2002-12-24 | 2003-12-18 | Method of securing computer systems comprising a code interpretation module |
EP03799637A EP1576443A2 (fr) | 2002-12-24 | 2003-12-18 | Procede pour la securisation des systemes informatiques incorporant un module d interpretation de code |
US10/540,501 US20060048230A1 (en) | 2002-12-24 | 2003-12-18 | Method for securing computer systems incorporating a code interpretation module |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR02/16932 | 2002-12-24 | ||
FR0216932A FR2849232B1 (fr) | 2002-12-24 | 2002-12-24 | Procede pour la securisation des systemes informatiques incorporant un module d'interpretation de code |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2004061622A2 true WO2004061622A2 (fr) | 2004-07-22 |
WO2004061622A3 WO2004061622A3 (fr) | 2004-11-11 |
Family
ID=32406555
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2003/003805 WO2004061622A2 (fr) | 2002-12-24 | 2003-12-18 | Procede pour la securisation des systemes informatiques incorporant un module d'interpretation de code. |
Country Status (5)
Country | Link |
---|---|
US (1) | US20060048230A1 (fr) |
EP (1) | EP1576443A2 (fr) |
AU (1) | AU2003299355A1 (fr) |
FR (1) | FR2849232B1 (fr) |
WO (1) | WO2004061622A2 (fr) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2327911A1 (fr) * | 2000-12-08 | 2002-06-08 | Cloakware Corporation | Fonctions logicielles d'obscurcissement |
US20070226795A1 (en) * | 2006-02-09 | 2007-09-27 | Texas Instruments Incorporated | Virtual cores and hardware-supported hypervisor integrated circuits, systems, methods and processes of manufacture |
US20080091975A1 (en) * | 2006-10-17 | 2008-04-17 | Konstantin Kladko | Method and system for side-channel testing a computing device and for improving resistance of a computing device to side-channel attacks |
EP2071483A1 (fr) * | 2007-12-07 | 2009-06-17 | Gemplus | Procédé de sécurisation de l'éxécution d'un code par masquage itératifs |
FR2935823B1 (fr) * | 2008-09-11 | 2010-10-01 | Oberthur Technologies | Procede et dispositif de protection d'un microcircuit contre les attaques. |
ITTO20111229A1 (it) * | 2011-12-29 | 2013-06-30 | Milano Politecnico | Procedimento e sistema per proteggere dispositivi elettronici, relativo prodotto informatico |
US10063569B2 (en) * | 2015-03-24 | 2018-08-28 | Intel Corporation | Custom protection against side channel attacks |
US11550943B2 (en) | 2020-02-18 | 2023-01-10 | BluBracket, Inc. | Monitoring code provenance |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0448262A2 (fr) * | 1990-03-20 | 1991-09-25 | General Instrument Corporation Of Delaware | Evitement de la détermination du temps d'exécution d'une routine prédéterminée en relation avec l'occurrence d'un événement externe observable au préalable |
WO1999001815A1 (fr) * | 1997-06-09 | 1999-01-14 | Intertrust, Incorporated | Techniques d'obscurcissement pour augmenter la securite de logiciels |
WO1999064973A1 (fr) * | 1998-06-10 | 1999-12-16 | Auckland Uniservices Limited | Techniques de marquage de logiciel avec un filigrane |
US6334189B1 (en) * | 1997-12-05 | 2001-12-25 | Jamama, Llc | Use of pseudocode to protect software from unauthorized use |
WO2002001334A2 (fr) * | 2000-06-27 | 2002-01-03 | Microsoft Corporation | Système et procédé pour interfacer une configuration logicielle destinée à sécuriser des organes d'archivage |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5249294A (en) * | 1990-03-20 | 1993-09-28 | General Instrument Corporation | Determination of time of execution of predetermined data processing routing in relation to occurrence of prior externally observable event |
US7587044B2 (en) * | 1998-01-02 | 2009-09-08 | Cryptography Research, Inc. | Differential power analysis method and apparatus |
FR2785422B1 (fr) * | 1998-10-29 | 2000-12-15 | Schlumberger Ind Sa | Dispositif et procede pour la securisation d'un circuit integre |
US7092523B2 (en) * | 1999-01-11 | 2006-08-15 | Certicom Corp. | Method and apparatus for minimizing differential power attacks on processors |
GB2365153A (en) * | 2000-01-28 | 2002-02-13 | Simon William Moore | Microprocessor resistant to power analysis with an alarm state |
US6625737B1 (en) * | 2000-09-20 | 2003-09-23 | Mips Technologies Inc. | System for prediction and control of power consumption in digital system |
GB0023699D0 (en) * | 2000-09-27 | 2000-11-08 | Univ Bristol | Executing a combined instruction |
DE10101956A1 (de) * | 2001-01-17 | 2002-07-25 | Infineon Technologies Ag | Verfahren zur Erhöhung der Sicherheit einer CPU |
US7194633B2 (en) * | 2001-11-14 | 2007-03-20 | International Business Machines Corporation | Device and method with reduced information leakage |
FR2832824A1 (fr) * | 2001-11-28 | 2003-05-30 | St Microelectronics Sa | Blocage du fonctionnement d'un circuit integre |
US7124445B2 (en) * | 2002-06-21 | 2006-10-17 | Pace Anti-Piracy, Inc. | Protecting software from unauthorized use by converting source code modules to byte codes |
US7150003B2 (en) * | 2002-11-25 | 2006-12-12 | Matsushita Electric Industrial Co., Ltd. | Class coalescence for obfuscation of object-oriented software |
-
2002
- 2002-12-24 FR FR0216932A patent/FR2849232B1/fr not_active Expired - Fee Related
-
2003
- 2003-12-18 US US10/540,501 patent/US20060048230A1/en not_active Abandoned
- 2003-12-18 WO PCT/FR2003/003805 patent/WO2004061622A2/fr not_active Application Discontinuation
- 2003-12-18 AU AU2003299355A patent/AU2003299355A1/en not_active Abandoned
- 2003-12-18 EP EP03799637A patent/EP1576443A2/fr not_active Withdrawn
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0448262A2 (fr) * | 1990-03-20 | 1991-09-25 | General Instrument Corporation Of Delaware | Evitement de la détermination du temps d'exécution d'une routine prédéterminée en relation avec l'occurrence d'un événement externe observable au préalable |
WO1999001815A1 (fr) * | 1997-06-09 | 1999-01-14 | Intertrust, Incorporated | Techniques d'obscurcissement pour augmenter la securite de logiciels |
US6334189B1 (en) * | 1997-12-05 | 2001-12-25 | Jamama, Llc | Use of pseudocode to protect software from unauthorized use |
WO1999064973A1 (fr) * | 1998-06-10 | 1999-12-16 | Auckland Uniservices Limited | Techniques de marquage de logiciel avec un filigrane |
WO2002001334A2 (fr) * | 2000-06-27 | 2002-01-03 | Microsoft Corporation | Système et procédé pour interfacer une configuration logicielle destinée à sécuriser des organes d'archivage |
Non-Patent Citations (1)
Title |
---|
See also references of EP1576443A2 * |
Also Published As
Publication number | Publication date |
---|---|
WO2004061622A3 (fr) | 2004-11-11 |
US20060048230A1 (en) | 2006-03-02 |
AU2003299355A1 (en) | 2004-07-29 |
EP1576443A2 (fr) | 2005-09-21 |
FR2849232A1 (fr) | 2004-06-25 |
FR2849232B1 (fr) | 2005-02-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1596283B1 (fr) | Protection d'un branchement dans un programme | |
EP2614458B1 (fr) | Procede d'authentification pour l'acces a un site web | |
FR2849230A1 (fr) | Procede et dispositif de verification de l'integrite d'une application logicielle sans cle de chiffrement/dechiffrement | |
WO2003003169A2 (fr) | Procede et systeme de verification biometrique fiables | |
WO2009092903A2 (fr) | Procede et dispositifs de protection d'un microcircuit contre des attaques visant a decouvrir une donnee secrete | |
FR2885709A1 (fr) | Controle d'integrite d'une memoire externe a un processeur | |
EP1774484A1 (fr) | Enregistrement d'une cle dans un circuit integre | |
EP3033857B1 (fr) | Authentification de code binaire | |
US8566609B2 (en) | Integrity of ciphered data | |
EP1983436B1 (fr) | Contrôle d'intégrité d'une mémoire externe à un processeur | |
FR2969787A1 (fr) | Protection des applets contre les analyses par canaux caches | |
WO2004061622A2 (fr) | Procede pour la securisation des systemes informatiques incorporant un module d'interpretation de code. | |
FR3055444A1 (fr) | Dispositif et procedes de commande de dispositif de cryptage sur courbe elliptique securises | |
EP1449067B1 (fr) | Securisation d'un generateur pseudo-aleatoire | |
FR2974207A1 (fr) | Procede et systeme de securisation d'un logiciel | |
EP2336931B1 (fr) | Procédé de vérification de signature | |
EP1436792B1 (fr) | Protocole d'authentification a verification d'integrite de memoire | |
EP1591866B1 (fr) | Contrôle de l'exécution d'un algorithme par un circuit intégré | |
FR2867929A1 (fr) | Procede d'authentification dynamique de programmes par un objet portable electronique | |
EP1470663B1 (fr) | Procede de generation et de verification de signatures electroniques | |
EP4057169B1 (fr) | Procédé d'exécution d'un code binaire d'un programme d'ordinateur par un microprocesseur | |
FR3137988A1 (fr) | Procédé et circuit pour la vérification de l’intégrité d’un logiciel | |
FR2831739A1 (fr) | Procede de mise en oeuvre securisee d'un module fonctionnel, dans un composant electronique et composant correspondant | |
FR3020888A1 (fr) | Chiffrement d'une cle de protection de secrets protegeant au moins un element sensible d'une application | |
FR2976697A1 (fr) | Transfert securise entre memoire non-volatile et memoire volatile |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2003799637 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2006048230 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10540501 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2823/DELNP/2005 Country of ref document: IN |
|
WWP | Wipo information: published in national office |
Ref document number: 2003799637 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 10540501 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: JP |