WO2006063876A1 - Procede et dispositif pour coder et executer une bibliotheque logicielle - Google Patents

Procede et dispositif pour coder et executer une bibliotheque logicielle Download PDF

Info

Publication number
WO2006063876A1
WO2006063876A1 PCT/EP2005/054909 EP2005054909W WO2006063876A1 WO 2006063876 A1 WO2006063876 A1 WO 2006063876A1 EP 2005054909 W EP2005054909 W EP 2005054909W WO 2006063876 A1 WO2006063876 A1 WO 2006063876A1
Authority
WO
WIPO (PCT)
Prior art keywords
software library
library
java
computer
software
Prior art date
Application number
PCT/EP2005/054909
Other languages
German (de)
English (en)
Inventor
Stefan Berndt
Thomas Hanna
Thorsten Laux
Original Assignee
Siemens Aktiengesellschaft
Scheering, Christian
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft, Scheering, Christian filed Critical Siemens Aktiengesellschaft
Publication of WO2006063876A1 publication Critical patent/WO2006063876A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software

Definitions

  • the invention relates to a method for encrypting and executing a software library according to the preamble of patent claim 1 and to a computer program product for use in such a method according to the preamble of patent claim 12.
  • source code "source code”
  • object code "byte code”
  • DLLs Computer programs (applications) are often created and delivered as a collection of libraries, which are often referred to as “DLLs” (DLL) in the environment of the operating system "Windows” and in the environment of
  • JAR files Programming language JAVA are usually available in so-called JAR files. These software libraries are usually in a compiled form, but can be restored (almost) completely to source codes using so-called decompilers.
  • the JAVA programming language is a completely object-oriented programming language from the manufacturer SUN Microsystems, which, because of its platform independence, is often used for programming across operating systems
  • the computer programs for decompiling make use of the fact that in the byte code, ie in the compiled computer program, a lot of information is available in "plain text", for example function names, variables, line numbers, debug information, etc .. Such information is often referred to as “symbolic information”. Ultimately, they ensure that the source code recovered by a decompiler can be easily traced (analyzed) and changed by a knowledgeable programmer.
  • the Nach- Part of the byte-code obfuscation lies in the fact that "debugging" of the bytecode processed in this way is practically no longer possible.Furthermore, with the JAVA programming language, a special means of speech, the so-called JAVA reflection API, can not be used.
  • the JAVA Reflection API is a means of language in which, during runtime of a computer program, computer program properties are analyzed by the computer program and used to alter the program flow or even to change the computer program itself. Since such an analysis inter alia analyzes function names and variable names, the JAVA Reflection API can only be used with such computer programs or computer program parts (in JAVA one also speaks of "classes") which are not represented by a byte code. Obfuscation are protected.
  • byte code encryption An alternative method for protecting byte code is the so-called "byte code encryption.”
  • the byte code is encrypted using a cryptographic method (algorithm) so that a decompiler does not have a "readable” byte Code finds more. But since an execution instance (operating system or - in the JAVA
  • this method breaks the "platform independence" of the JAVA programming language because the decrypting program together with the encrypted class forms an executable file, called an "executable”, which is platform-dependent “Executable.”
  • Another disadvantage of this method is that so protected Software libraries can only be executed directly and use in a different environment, for example on a web server (as so-called JAVA Applets) is not possible. This is due to the fact that a load instance (eg "JAVA Class Loader”) can not freely access the encrypted classes, so that a dynamic loading of the elements of the software library is not possible or only possible to a limited extent.
  • the method of byte-code obfuscation provides protection against the analysis and reuse of a decompiled computer program and also ensures the platform independence of computer programs such as JAVA classes and JAVA libraries, but because of the change in the Byte codes, on the one hand, limits the scope for debugging and, on the other, prevents the use of language resources, such as the JAVA Reflection API.
  • the byte code restored in byte-code encryption has the same quality and thus the same possibilities (debug capability, reflection API-capability) as the original byte-code, but this method has the disadvantage Affects that the platform independence is broken and the usability of the computer program is limited, for example, by a use as a so-called "JAVA Applet", in which dynamic program parts are reloaded, is hindered or impossible.
  • the object is achieved for the method by the features of independent claim 1 and for the computer program by the features of independent claim 12.
  • the solution provides a method for encrypting and executing a software library, wherein in a first step the software library is encrypted by means of a cryptographic method, in a second step the encrypted software library is transferred to a computer with an execution instance in that a decryption program is transmitted to the computer in a third step, and in a fourth step the encrypted software library is restored by the decryption program, transferred to the execution instance and executed there.
  • a loading instance equipped with a decryption function is used as the decryption program, the loading instance being used for loading elements of the software library into the execution instance.
  • the method steps two and three can also be combined or carried out in the reverse order.
  • the execution entity is supplied with a "full" byte code, which can use methods such as “debugging” or the use of language means such as the "Reflection API.”
  • one encrypted by such a method and executed software library can also be used for applications such as the JAVA applets, whereby the combination of the second and the third method step is particularly advantageous there
  • the method is also advantageously applicable to the programs or computer program products of other programming languages.
  • the solution further provides a computer program product for use in the above methods, wherein the computer program product can be used as a loading unit by an execution instance.
  • the computer program product has a decryption function for decrypting a software library protected by means of a cryptographic method.
  • Such a computer program product may be used by an execution entity, such as a JAVA virtual machine, instead of and in the same manner as a standard.
  • the execution instance receives the same program information (byte code), which is also processed by an unencrypted software library the computer program product can be used platform independent on all computers and operating systems on which such an execution instance is operated.Also, the integration of the decryption function in the Ladeinstanz for increased security, because access to the decrypted byte code is so difficult.
  • the unencrypted charge is transmitted to the computer in compiled form and protected from decompilation before transmission, thereby preventing analysis and manipulation of the decryption function, advantageously providing protection against decomposition of the entire charge, or at least the contained therein decryption function by a
  • the load instance can be addressed in the same way as the default load instance, allowing the execution instance to continue to be used as it is.
  • the charge density can advantageously also be used for loading unencrypted elements from the software library and / or another, either unencrypted or similarly coded, software library, so that mixed encrypted and unencrypted ones can also be used with one and the same charge instance
  • Software libraries can be loaded.
  • the method can be used universally if in each case platform-independent software is used for the software library, for the loading unit and / or for the decryption function. This is especially true if a JAVA library is used for the software library and a JAVA virtual machine is used for the execution instance. At least partially compiled byte code is used for the JAVA library, whereby not only the compiled byte code but also non-compiled resources, for example texts and image information, can be contained in the same software library. If a JAVA class loader is used as the load instance, such protected (encrypted) JAVA classes can be used as software libraries.
  • the single figure shows schematically the method steps for encryption, decryption and execution of a software library.
  • a software library in the JAVA programming language will be considered below with reference to FIG. 1 as an example of the encryption and execution of a software library.
  • This software library consists of several elements, which are combined into one file (".jar-File").
  • the individual elements of the software library are encoded in a first step SIa using a conventional encryption method.
  • all elements of the software library are encrypted.
  • individual elements of the software library can be excluded from the encryption. This is useful, for example, if individual elements, eg multimedia data (audio data, video data), do not need to be protected against reverse engineering and thus an unnecessary amount of computing time would be caused by the encryption and subsequent decryption.
  • the encryption of the software library takes place here on a computer (server) of the manufacturer of the software library.
  • the manufacturer also offers a suitable decryption program, which in the present exemplary embodiment is not only used for the software library encrypted here but can also be used for all software libraries of this manufacturer.
  • the decryption program is also created in the JAVA programming language.
  • JAVA programming language can One and the same decryption program can be used unchanged on different computer platforms, provided that a suitable execution instance, in this case a JAVA virtual machine, is installed on each of these computer platforms.
  • the decryption program with the decryption function is provided only in compiled form in order to avoid the misuse of the source code and thus in the functioning.
  • the decryption program is in this case designed as a load instance, a so-called "class loader” (JAVA class loader), this load instance comprising, on the one hand, the decryption function for restoring the byte code of the encrypted elements of the software library, and secondly, in the same way that the standard class loader from a JAVA virtual machine is used to dynamically load elements of a JAVA software library.
  • class loader JAVA class loader
  • the decrypting program that is, in this case, the embossing function-equipped embossing function
  • this embossing instance will be included in the file in the present embodiment inserted into the elements of the software library - step SIb - and thus de facto a component of the software library.
  • the charge density is protected by the use of an "obfuscator" according to the method of byte code obfuscation, so that the algorithm for decoding can not be reconstructed by decompiling the charge value
  • the software library is a so-called "JAVA applet" which is transmitted to the computer via the Internet and handed over there to the JAVA virtual machine as an execution instance for execution -
  • Virtual-Machine instructs not to use the already pre-installed JAVA class loader ("Default Class Loader"), but to use the class loader included in the new software library Bypassing software components and using other versions of these software components that come with them is provided for the JAVA programming language.
  • the JAVA class loader is now used to feed the JAVA virtual machine software library elements - step S4c. For each element requested, it is checked whether it is an encrypted or an unencrypted element, whereby the access function (JAVA class loader) is used for decryption when accessing an encrypted element - step S4b. During decryption, the byte code of the respective element is completely restored so that the debug information, variable names, function names, etc. contained in the byte code are also restored. In the event of program errors, error messages can be generated which can be transmitted by the computer running to a computer of the manufacturer of the software library and can be evaluated there.
  • the access function JAVA class loader
  • the software library may also be provided with a reference identifying the location of the "appropriate" dummy in which on the computer on which the software library is to be used, the "matching" Ladeinstanz already exists, a re-transmission of Ladeinstanz, for example via the Internet, be avoided. It also does not necessarily need to be uninstalled after use if unencrypted software libraries are used again, because unencrypted software libraries or unencrypted elements are also treated by the load instance in the same way as the standard Load instance of the execution instance (JAVA Virtual Machine).

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

La présente invention concerne un procédé pour coder et exécuter une bibliothèque logicielle, comprenant: une première étape (S1a) au cours de laquelle la bibliothèque logicielle est codée au moyen d'une méthode cryptographique; une deuxième étape (S2) au cours de laquelle la bibliothèque logicielle codée est transmise à un ordinateur avec une instance d'exécution; une troisième étape (S3) au cours de laquelle un programme de décodage est transmis à l'ordinateur; et une quatrième étape (S4a, S4b, S4c) au cours de laquelle la bibliothèque logicielle codée est rétablie par le programme de décodage, transmise à l'instance d'exécution où elle exécutée. Selon l'invention, comme programme de décodage est utilisée une instance de chargement qui est équipée d'une fonction de décodage, l'instance de chargement étant utilisée pour charger des éléments de la bibliothèque logicielle dans l'instance d'exécution.
PCT/EP2005/054909 2004-12-17 2005-09-29 Procede et dispositif pour coder et executer une bibliotheque logicielle WO2006063876A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102004061634.5 2004-12-17
DE200410061634 DE102004061634A1 (de) 2004-12-17 2004-12-17 Verfahren und Vorrichtung zur Verschlüsselung und Ausführung einer Software-Bibliothek

Publications (1)

Publication Number Publication Date
WO2006063876A1 true WO2006063876A1 (fr) 2006-06-22

Family

ID=35500801

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/054909 WO2006063876A1 (fr) 2004-12-17 2005-09-29 Procede et dispositif pour coder et executer une bibliotheque logicielle

Country Status (2)

Country Link
DE (1) DE102004061634A1 (fr)
WO (1) WO2006063876A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102262555A (zh) * 2011-08-22 2011-11-30 迈普通信技术股份有限公司 加载java三方库的不同版本的方法和装置
CN103218551A (zh) * 2013-05-03 2013-07-24 飞天诚信科技股份有限公司 一种保护java程序的方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999041651A2 (fr) * 1998-02-13 1999-08-19 National Computer Board, Acting Through Its R & D Division, The Information Technology Institute Procede servant a proteger un code binaire
DE10105053A1 (de) * 2001-02-05 2002-08-29 Hmd Software Ag Verfahren und Einrichtung zum Übertragen von Programmcodes im Internet
US20040039926A1 (en) * 2000-10-11 2004-02-26 Lambert Martin Richard Methods of providing java tamperproofing

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6134324A (en) * 1991-07-31 2000-10-17 Lsi Logic Corporation Method and system for distributing a plurality of software products, and limiting access thereto
US7346781B2 (en) * 2001-12-06 2008-03-18 Mcafee, Inc. Initiating execution of a computer program from an encrypted version of a computer program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999041651A2 (fr) * 1998-02-13 1999-08-19 National Computer Board, Acting Through Its R & D Division, The Information Technology Institute Procede servant a proteger un code binaire
US20040039926A1 (en) * 2000-10-11 2004-02-26 Lambert Martin Richard Methods of providing java tamperproofing
DE10105053A1 (de) * 2001-02-05 2002-08-29 Hmd Software Ag Verfahren und Einrichtung zum Übertragen von Programmcodes im Internet

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102262555A (zh) * 2011-08-22 2011-11-30 迈普通信技术股份有限公司 加载java三方库的不同版本的方法和装置
CN103218551A (zh) * 2013-05-03 2013-07-24 飞天诚信科技股份有限公司 一种保护java程序的方法
WO2014176950A1 (fr) * 2013-05-03 2014-11-06 飞天诚信科技股份有限公司 Procédé de protection de programmes java
US9665730B2 (en) 2013-05-03 2017-05-30 Feitian Technologies Co., Ltd. Method for protecting java program

Also Published As

Publication number Publication date
DE102004061634A1 (de) 2006-06-29

Similar Documents

Publication Publication Date Title
DE69714752C5 (de) Verwendung einer hohen programmiersprache in einem mikrokontroller
DE102008021567B4 (de) Computersystem mit sicherem Hochlaufmechanismus auf der Grundlage einer Verschlüsselung mit symmetrischem Schlüssel
DE60127310T2 (de) Vorrichtung zum schutz digitaler daten
DE102009041176B4 (de) Compiler-System und Verfahren zum Kompilieren eines Quellencodes zu einem verschlüsselten Maschinensprachcode
DE102012215196A1 (de) Schützen von Anwendungsprogrammen vor zerstörerischer Software oder Malware
EP2193471A1 (fr) Procédé et système pour empêcher l'accès à un code machine d'un dispositif
EP3403214B1 (fr) Procédé et dispositif pour fournir une fonction de sécurité cryptographique pour le fonctionnement d'un appareil
DE102004057490B4 (de) Vorrichtung und Verfahren zum Verarbeiten eines Programmcodes
EP2510475B1 (fr) Dispositif matériel
WO2006063876A1 (fr) Procede et dispositif pour coder et executer une bibliotheque logicielle
EP1636700A1 (fr) Procede de rechargement d'un logiciel dans le secteur d'amor age d'une memoire morte programmable
DE102005046696B4 (de) Verfahren zum Erzeugen von geschütztem Programmcode und Verfahren zum Ausführen von Programmcode eines geschützten Computerprogramms sowie Computerprogrammprodukt
EP2394232B1 (fr) Dispositif et procédé empêchant l'utilisation et/ou la manipulation illicites de logiciels
EP3497606B1 (fr) Chiffrement individuel d'instructions de commande
WO2006119928A1 (fr) Procede pour ajouter une fonctionnalite a un premier module executable de progiciel
EP1318451B1 (fr) Méthode pour exécuter un programme sur un ordinateur
DE102022207883A1 (de) Verfahren zum Programmieren einer speicherprogrammierbaren Steuerung mittels eines ausführbaren Steuerprogramms und speicherprogrammierbare Steuerungsanlage
EP4064090A1 (fr) Fourniture des données à protéger dans un environnement d'exécution sécurisé d'un système de traitement des données
DE10336083A1 (de) Verfahren zur Sicherung von Computerprogrammen gegen unbefugte Mehrfachnutzung
WO2024022830A1 (fr) Procédé de programmation d'un dispositif de commande logique programmable au moyen d'un programme de commande exécutable et système de dispositif de commande logique programmable
WO2024110546A1 (fr) Procédé de chiffrement d'un texte source, procédé de déchiffrement d'un texte source et système de développement
EP1105798A1 (fr) Procede, dispositif et jeu de dispositifs pour la protection de plusieurs programmes et/ou de plusieurs fichiers contre un acces non autorise tente par un processus
AT500519A2 (de) Verfahren zur ausführung interpretierbarer computerprogramme
AT524619A1 (de) Computerimplementiertes Verfahren zum autorisierten Ausführen einer Software, System zur Datenverarbeitung, Computerprogrammprodukt und computerlesbares Speichermedium
DE102017214591A1 (de) Verfahren und Vorrichtung zum Schützen eines Gerätes

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 05807984

Country of ref document: EP

Kind code of ref document: A1