Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020109049 - PROTECTING SENSITIVE DATA IN A SOFTWARE PROGRAM

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]

CLAIMS

1. A computer implemented method of generating code to protect sensitive data used by a program, the method being implemented by one or more processors associated with a memory, the method comprising:

partitioning a program into a plurality of code blocks;

registering each code block of the plurality of code blocks in a code register using a code index, the code index being an entry in the code register for a given code block indicating current properties of the given code block, the current properties including a current code location of the code block in the memory; and

registering each of one or more references that are accessed by the given code block or that access the given code block in a reference register using a reference index, the reference index being an entry in the reference register for a given reference,

wherein the method comprises, during runtime execution of the program:

moving at least one of the plurality of code blocks from a first code location in the memory to a respective second code location in the memory, such that the moved code block is accessible from the second code location after it is moved, the second code location being different to the first code location;

updating the code index of the moved code block to indicate the second code location; and

updating the one or more reference indices for the moved code block based on updated current properties of the code index of the moved code block.

2. The method as claimed in claim 1 wherein the one or more references for the given code block is comprised in a data block associated with the code block, and the reference index of each of the one or more references is comprised in or associated with a data index for the data block, the data index indicating current properties of the data block, including a current location of the data block in the memory, and wherein the data index is registered in a data register.

3. The method as claimed in claim 2 wherein more than one data blocks are associated with the given code block and at least one of the more than one data blocks is associated with one or more other code blocks of the plurality of code block for the program.

4. The method as claimed in any one of the preceding claims wherein the one or more references for the given code block include at least one of data objects, data

structures, variables, control flow instructions or function pointers, and wherein the one or more references include sensitive data.

5. The method as claimed in any one of the preceding claims wherein each code block of the plurality of code blocks is a basic block representing a portion of the program that is executable at runtime without relying on other parts of the program for its execution.

6. The method as claimed in claim 5 wherein each a code block is an extended basic block, EBB, comprising a plurality of consecutive basic blocks with the last basic block ending in an unconditional branch or jump instruction.

7. The method as claimed in claim 6 wherein one or more control flow instructions or function pointers that are in the one or more references for the EBB are adapted to the second code location after the EBB is moved to the second location by adding a jump table at the end of the EBB.

8. The method as claimed in any one of the preceding claims further comprising: during runtime execution of the program,

moving a data block associated with a code block of the program from a first data location in the memory to a second data location in the memory, such that the data block is accessible from the second data location in the memory after it is moved, wherein the second data location is different to the first data location, and wherein the first and second data locations are different to the first and second code locations in the memory; updating the data index of the moved data block to indicate the second data location; and

updating the one or more reference indices in or associated with the data block based on the current properties of the data index of the data block;

wherein optionally, the method further comprises:

modifying a portion of code within a code block, when one or more data blocks that are accessed by the code block is moved.

9. The method as claimed in claim 8 wherein the data register for the program comprises:

a location registry for associating each data location in the memory that contains a data block with an entry in a type registry, wherein the data locations are obtained from the data index of each data block in the program;

a type registry comprising a size and data type of each reference in each data block, number of control flow instructions or function pointers for each data type and an offset in program for each control flow instruction or function pointer for a data type; and a global reference registry comprising an index of all code blocks in the program that reference global data or variables.

10 The method as claimed in any one of the preceding claims wherein moving a code block among the plurality of code block, and/or a data block associated with the code block in the program during runtime execution includes, copying the code block and/or data block to its respective second code location or second data location in the memory from an original location in the memory for the code block and the data block.

1 1. The method as claimed in any one of the preceding claims wherein moving a code block among the plurality of code blocks and/or a data block associated with the code block during runtime execution of the program occurs periodically or randomly or a combination of both, and wherein the moving includes further moving the code block and/or data block to one or more distinct subsequent locations in the memory, each subsequent location being randomly selected and/or assigned at runtime.

12. The method as claimed in any one of the preceding claims comprising:

generating or obtaining metadata for moving each code block and/or each data block in the program; and

moving the metadata from a first metadata location in the memory to a second metadata location in the memory during runtime execution of the program.

13. A computer implemented method of generating code to protect sensitive data used by a program, the method being implemented by one or more processors associated with a memory, the method comprising:

partitioning a program into a plurality of code blocks; and

registering each of one or more references that are accessed by a given code block among the plurality of code blocks or that access the given code block, in a reference register using a reference index, the reference index being an entry in the reference register for a given reference among the one or more references, wherein the one or more references for the given code block is comprised in a data block associated with the given code block, and wherein the reference index of each of the one or more references is comprised in, or associated with a data index for the data block, the data index indicating current properties of the data block, the current properties including a current location of the data block in the memory, and wherein the data index is an entry in a data register;

wherein the method comprises, during runtime execution of the program:

moving the data block associated with the given code block from a first data location in the memory to a second data location in the memory, such that the data block is accessible from the second data location in the memory after it is moved, wherein the second data location is different to the first data location; updating the data index of the moved data block to indicate the second data location; and

updating the one or more reference indices in or associated with the moved data block based on the current properties of the data index of the data block.

14. The method as claimed in claim 13 further comprising

registering each code block of the plurality of code blocks in a code register using a code index, the code index being an entry in the code register for a given code block indicating current properties of the given code block, the current properties including a current code location of the code block in the memory;

wherein the method comprises, during runtime execution of the program:

moving at least one of the plurality of code blocks from a first code location in the memory to a respective second code location in the memory, such that the moved code block is accessible from the second code location after it is moved, the second code location being different to the first code location, and wherein the first and second data locations are different to the first and second code locations in the memory;

updating the code index of the moved code block to indicate the second code location; and

updating the one or more reference indices for the moved code block based on updated current properties of the code index of the moved code block.

15. A computing device or system including at least one processor associated with a memory and/or a transitory or non-transitory medium for storing data and programming instructions, wherein the processor is configured to execute the programming instructions to implement the method as claimed in any one of the preceding claims.