Method of monitoring the performance of computer programs in accordance with their intended purpose

 

The invention relates to a method of monitoring the performance of computer programs in accordance with their intended purpose. The technical result is to protect their software from illegal manipulations when they are executed. The method is to provide a mass storage device protection unavailable outside the system, performing controlled by a computer program, the obstacle overwrite return addresses, the obstacle mistakenly use the saved return addresses and mistakenly overwritten the return address. 9 C. p. F.-ly, 2 Il.

The invention relates to a method, a particular umbrella term p. 1 formulas of the invention, i.e. a method of monitoring the performance of computer programs in accordance with their intended purpose.

Enabling execution of a computer program in accordance with its purpose is an ongoing goal that is achieved increasingly through the use of various measures.

While earlier the main reason of improper execution of the computer program were invalid failures in the hardware and programming errors, currently intentional manipulation when running the program the program may, for example, to skip certain parts of the program, whereby you can, for example, to bypass the check prior to confirmation of the right of access.

This can be a serious problem in the cards with integrated circuits (IC), though not exclusively in this area, because from one side of the card with IP are increasingly spreading in areas where protection is required for the ongoing operations (e.g., access control, financial transactions, and so on), and on the other hand these cards, due to their inherent properties are not under constant supervision or the supervision and can easily be subject to attempts of illegal manipulation.

If already using a variety of measures to protect the likelihood that such illegal actions will be successful is very low. However, these situations cannot be ruled out completely.

Therefore, the basis of the present invention lies in the task of creating a control method provided for execution of the computer program with which intentional wrongful manipulation program execution will practically be excluded.

This problem is solved in the invention due to heresies the return address, stored for later use, and/or the use of misspelled or overwritten the return address as the return address is prohibited.

Practical implementation stages of the method can be implemented in many ways. In the simplest case, when the function is called or otherwise, requiring the memorization of the return address, is remembered not the actual return address, and the additional security information, which can detect whether another saved return address, and therefore cannot be overwritten, and/or whether the saved return address is initially stored the return address or return address that you want to remember.

In the first mentioned case, i.e. when implementing protection against overwriting the return address, the security information may include, for example, from the recognition of write protection in the form of bits of write protection or other similar means, which is set by writing the return address and reset after applying the recorded return address as the return address.

In the second mentioned case, i.e. when implementing protection use the return address, the security information may include, for example, from sobstvennaja information record is stored in the field memory, which preferably is not possible external access; "normal" storing the return address can be accessed in the usual way in the so-called stack (stack (store) memory).

If before each attempt to write to the stack to see if the recordable area using a bit of protection account as a region with write protection, you can prevent overwriting of data, which is used as the return address.

If you check, in the alternative, or in addition, whether used as the return address data originally stored or memorized the return address, it is possible to prevent after saving the return address changed (by illegal manipulation) data were used as the return address.

In both cases, in order to prevent further attempts of illegal manipulation, to interrupt the current execution of the program, and/or to reset the system running the program, and/or to produce an alarm, and/or delete data relating to the protection and/or to take other protective measures.

This way you can ensure that intentional manipulation.

Thereby found a way through which can largely exclude intentional manipulation, affecting the progress of the program.

Preferred embodiments of the invention are presented in the dependent claims.

The invention is illustrated below in the embodiments illustrated by the drawings, which shows the following.

Fig. 1 is a schematic representation of a fragment of a system for implementing protection use the return address.

Fig. 2 is a schematic representation, clearly explaining the protection against overwriting the return address and the modified protection use the return address.

It is shown in Fig.1 the fragment system is a system that ensures the execution of the computer program, which can fully or partially executed on the microprocessor, microcontroller, signal processor, or another similar tool.

Shown in the drawing, the fragment is designed to control part of the system related to the return address.

The return address must write, for example, if the executable program contains a procedure call to the function. When calling a function (for example, if the command LCALL tion) to the field, in which is stored a program for the function, which must now be carried out; - executes the corresponding program called function; - return in memory, how was the transition for functions called by the program.

The last named address, i.e. the address which should continue program execution after execution of the called function program, mentioned is a return address.

In order for the device that executes a computer program, knew where it must make a transition after the function, you need an intermediate memory return address.

It should be noted that the function calls are not the only events that require the storage of the return address. Storing the return address is required, for example, when interrupts (software interrupt) or when changing tasks in a multitasking system. Storing the return address is usually in the so-called stack or stack storage device. Similar to the stack shown in Fig.1 and denoted by reference number 1. The logic block 2 stack produces, including the so-called stack pointer, which indicates the partial about the AK more detailed description may not operate.

In the stack 1 can be stored not only the return address, but also any other data (contents of the registers, local variables, etc). Present explanations are, however, essentially exceptional way to manipulate the return addresses.

If necessary, as in the case of command LCALL, remember in the stack 1, the return address, it is provided by the logic unit 2 of the stack.

Unlike conventional systems, the proposed system is loaded or to be loaded return address in addition, security information is stored in another memory. This memory, referred to as memory protection, in Fig.1 indicated by the reference character 3. For memory protection 3 provides a logic block 4 memory protection, by which it is controlled, just as is the case for the stack 1 is controlled by the logic unit 2 of the stack.

Memory protection 3, in contrast to the stack 1, does not work on effects that are external to the system that executes this computer program. I.e., the recorded data is protected from deliberate manipulation, in any case, from such manipulation, which could be implemented with justifiable costs.

The logic block 4 memory protection, as opposed to logic block 2 scican. As a variant, provision could also be made to the logic block 4 memory protection has been triggered in response to other events (in addition to external commands for procedures read and write).

If the program flow reaches the moment when it should be returned to the previously stored the return address, as in the case of, for example, team RET, then the required return address can be obtained by the appropriate reading of the stack 1. Before applying the obtained data as the return address check identical whether the received data to the return address stored in the memory protection 3 as information protection.

For this purpose the block comparison 5, which takes mapped to each other data from the stack 1 and the memory protection 3 and performs the comparison.

If the comparison performed in block comparison 5, it is determined that correlate with each other data are identical, it means that we get from the stack 1 data are initially written to the return address and they were not subjected to manipulation or written incorrectly or in the wrong place or didn't read incorrectly or with incorrect due to errors hardware is and be used as a valid return address. This conclusion is possible because, as mentioned above, a purposeful influence on the contents of the memory protection 3 is almost impossible.

If the comparison performed in block comparison 5, it is determined that the mapped data is not identical, it means that obtained from the stack 1 data with high probability has been manipulation or due to errors in hardware or software failures, have been recorded incorrectly or in the wrong place or read incorrectly or with incorrect places. Regardless of the cause of installed identical stored in stack 1 data cannot be used as the return address, as the result of this would be a deviation from a pre-defined progress. Block compare 5 produces in this case, the NMI signal, which is supplied to the unit NMI logic 6. Block NMI logic 6 provides immediate program termination and/or system reset, the processing of this computer program, and/or the issuance of a warning alarm, and/or erasing data relating to the protection.

Block compare 5 in this example is activated by commands, such as, for example, to the E. other times the unit of comparison remains in an inactive state.

By means of the described measures, you can ensure that, subject to the execution of the program can be executed only in the case when no error is detected in the return address.

The example described with reference to Fig.1, can be considered as a practical implementation of the protection application the return address requested if necessary.

Is not necessarily required that the information protection provided for the respective return addresses, represented the actual return address. Alternatively, it may be provided that the protection applies only to the selected part of the return address or data representing or characterizing the return address in any other way. Block compare 5 in such cases, of course, would be replaced by the device data mapping, modified according to specific conditions.

An alternative implementation of the control procedures of progress described below in example protection from overwriting the return address, illustrated by means of Fig. 2.

In Fig. 2 shows a memory which is divided into a first area of a memory in the form of a stack 11a and the second memory in the form of memory protection 11b.

Stack 11a corresponds to the display protection 11b recorded other information protection different from the one used in memory protection 3.

As in the case of a memory protection 3 memory protection 11b does not react on impact outside of the device, executing computer controlled program. I.e., in this embodiment, monitoring the progress of the program it is impossible to manipulate the information stored in memory protection, at least with reasonable cost, the security Information stored in the memory protection 11b consists of bit protection account, which is set to "1" when the contents of the corresponding region of the stack cannot be overwritten and set to "0" when the content of the corresponding region of the stack to be overwritten If, as in the case of command LCALL, stack 11a we need to write the return address, it is provided in the usual way.

In addition, in the region memory protection 11b, is set in accordance with the area of the stack, which contains the return address is written to "1" to thereby indicate that the corresponding region of the stack cannot be overwritten.

In this example, the stack 11a is divided into areas covering 8 bits, and each 8-bit field is set in accordance with bits of security entries recorded in 3U protection 11b. If you believe that working with 16-bit adresinden the return address. The return address consists of some of the highest eight bits (RSN) and part of the lower eight bits (PCL). As for the scope stack containing the bits of the RSN, and the stack area containing PCL bits that corresponds to "1" as information protection or bits of write protection of the Relevant security information or security bits entries are set to "0" when the data stored in the corresponding area of the stack used as the return address each time you try to write data to the stack (to overwrite the stored data) information security (bits of security records) corresponding to the area of the stack, which tend to overwrite, is evaluated to determine whether the record stack at this place.

If the corresponding security information or the corresponding bit protection is set to "1", then the entry in the stack at this location is not allowed; and an attempt to record qualifies as attempted manipulation of the recorded data or the failure of hardware or software. If the corresponding security information or the corresponding bit protection is set to "0", the entry in the stack at that place are allowed.

The decision on the admissibility of the record a certain area of the stack is checked using schema Prue input signals are bits of security records corresponding to the recorded area of the stack, and the signal "zapiska", indicating the attempt of recording, and the signal "zapis stack" can take the value 1 if there is an attempt to record, and the value "0" in the absence of write attempts. The output signal "deystvitelnoe record schema And 12 indicates whether intentional entry of the corresponding area of the stack ("deistvitelnosti" = "0") or it is not allowed ("deistvitelnosti" = "0"). The output signal "deistvitelnosti" circuits And 12 can be used as the output signal NMI block compare 5 in Fig. 1 in order for the program to immediately interrupt and/or reset the system on which the program runs, and/or to generate a warning signal, and/or delete data relating to the protection.

In addition to the protection of overwriting the return address, in the system of Fig. 2 may be introduced to protect the use of the return address, the modified compared to the implementation in Fig. 1. This additional protection mechanism is that the data read from the stack before use as the return address are checked on the subject, whether they are generally the return address. It may be prescribed for the information of protect the ITA or bits of security records related to the read area of the stack is set to "1" data is stored in the corresponding area of the stack represent the return address.

The prerequisite for this is, of course, that the security information or security bits account for the data representing the return address, for example, in connection with the command CALL or other recorded in the stack 11a data are set to "1".

This additional protection mechanism is implemented in accordance with the shown in Fig. 2, with schema And 13. On the schema And 13 as the input signals are bits of security entries corresponding to the recorded area of the stack, and the signal "scitamineae" indicating the purpose of the data being read, and the signal "scitamineae" can take the value "1" if, as, for example, in the case of RET, provides for the application of the return address, and the signal "scitamineae" can take the value "0" when applying for another purpose. The output signal "deystvitelnost.glavnoe" circuits And 13 indicates whether the application requested data as the return address ("deystvitelnoe read" = "1") or not allowed ("deystvitelnoe read" = "0"). If the request addresses edstam signal deystvitelnost.glavnoe" = "0" classified as unresolved, it can be interpreted as an attempt at manipulation or failure of hardware or software and may be an incentive to apply appropriate protection measures. These measures can provide an immediate interrupt execution of a program, and/or reset the system on which the program runs, and/or the production of a warning signal, and/or erasing data relating to the protection.

As described above, information protection, protected from external access, consists of one bit of the write protection. Needless to say that may be used instead of the code can consist of any number of bits to any value, by which not only the return address, and any other protected data are subjected to a special treatment to protect them from illegal manipulations and errors.

Memory protection, which stores various information protection, as mentioned above, is a mass storage device is not accessible from the outside. It is preferably embedded in the device, which is controlled by a computer program, i.e., typically, a microprocessor, microcontroller or signal processor, where it is particularly well protected from dostupa or a signal processor (e.g., in the form of hidden or shadow stack) is relatively simple. This requires only appropriate modifications of the kernel.

The use of the method described above does not require significant changes in the hardware or in software. In particular, the stack can be used as usual.

Thus, a method of monitoring execution of a computer program in accordance with its purpose, with which in a simple way and without changing the software, you can eliminate the possibility of deliberate wrongful manipulation program execution, and partly to exclude mistakes of hardware and software.

Claims

1. The way to control the execution of computer programs in accordance with their intended purpose, namely, that provide a storage device (storage) protection, and as the memory protection use memory that is not available outside the system, performing controlled by a computer program, and prevent overwriting return addresses, saved for later use, and prevent the use of incorrectly stored return addresses and mistakenly the use by assessing information security which is generated by storing the return addresses, and remembering information protection memory protection.

2. The method according to p. 1, characterized in that as the memory protection of the used memory, available in one of the funds provided for the execution of the said computer program selected from the group including microprocessors, microcontrollers or processors of signals.

3. The method according to p. 1, characterized in that the quality of the information protection use proper return address or represent its data.

4. The method according to p. 3, wherein the comparing stored data with security information and allow the use of saved data as the return address only if it is determined that the security information is stored data.

5. The method according to p. 4, characterized in that in the case when the request data representing a return address, it was found that information security is not the data received in response to the request, performing at least one of the following operations: immediate interrupt execution of the program, reset the system executing the computer program, the production of alarms and erasing data associated with C the form IDs protection records pointing to the protection of records.

7. The method according to p. 6, characterized in that forbid overwriting memory locations identified by the sid of the account as write-protected.

8. The method according to p. 7, characterized in that if you try to overwrite areas of memory is installed, the corresponding security information recording write-protected, then perform at least one of the following operations: immediate interrupt execution of the program, reset the system executing the computer program, the production of alarms and erasing data associated with protection.

9. The method according to p. 6, characterized in that it includes permission to verify the information protection and use of stored data as the return address, only if it is determined that the security information indicates that the write protection before using the stored data as the return address.

10. The method according to p. 9, characterized in that if a request for data representing the return address, it was found that information security does not indicate protection records, perform at least one of the following operations: immediate interrupt execution of the computer program, system reset, done the Oh.

 

Same patents:

The invention relates to the field of optical recording and reproducing video and/or audio data, in particular to the recording medium for storing identification information of the manufacturer of the recording device, changing the contents of the recording media

The invention relates to a device and method for authentication of the content of the memory

The invention relates to the processing unit and method for accessing a memory having multiple memory cells for storing data values

The invention relates to protected memory, in particular memory, providing multiple layers of protection for areas of application

The invention relates to systems for protection against illegal use of the software product

The invention relates to the field of protection against unauthorized access to information stored in the personal computer, and can be used in automated systems for handling confidential information-based personal computers

The invention relates to systems of information protection, such as technical documentation, placed in storage, and retrieval of information

The invention relates to a device for the protection of information in computer, and particularly to a device for the destruction of information when there is a risk of its diversion, which is carried out on the basis of a signal of an unauthorized attempt to access, and the user at his request

The invention relates to the field of information security and is designed to protect against unauthorized distortion of each support information document

The invention relates to information management systems and is designed for collecting information, missions and develop control signals weapons systems and technical means, in particular, naval weapons and weapons shore-based

FIELD: physics; measurements.

SUBSTANCE: invention pertains to computer technology. The technical outcome is the provision for failure-proof operation of software with protection from accidental and intentional interference. The method involves starting-up the controlled software when the computer is started. A symmetric encryption key is generated for interaction with the control module and the controlled software in response to the initialisation signal, obtained at the initial stat-up of the software. The control module is linked to the identifier of the controlled software. The set of controlled sub-systems and the expected intensity (dynamic) of obtaining warning signals from the controlled sub-systems, during operation of the software, the intensity (dynamic) of obtaining warning signals from the controlled sub-systems on a cryptographic channel is monitored through the control module. In case of inconsistency of the real intensity (dynamic) with the expected, the computer is restarted.

EFFECT: provision for failure-proof operation of software with protection from accidental and intentional interference.

FIELD: information technologies.

SUBSTANCE: invention is related to mechanisms for automatic generation of code, which tests possibilities of test computer system relative to modeling of message exchange scheme. Computer system of code generation uses definition of message exchange scheme for generation of modeling code. For each status, in which definition of message exchange scheme permits transfer of permissible messages, a code for this status is generated, which at least models transfer of permissible transfer message. For each status, in which definition of message exchange scheme permits reception of permissible messages, code is generated for this status, which models reception of permissible reception message. If transfer or reception of message results in transition between messages, code is generated, which causes appropriate transition between conditions in scheme of message exchange.

EFFECT: provision of mechanism for automatic generation of code, which tests resources of test computer system relative to modeling of message exchange scheme.

30 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: system and method of verifying system-wide activity results applied to an application and for providing the anticipated state of an application in any time or upon request are proposed, in which a verification monitor determines the anticipated and current state of the application. The test case which supports data exchange with the verification monitor carries out an activity and the verification monitor compares the anticipated to the current state of the application.

EFFECT: easier application testing.

33 cl, 5 dwg

FIELD: information technology.

SUBSTANCE: proposed is a system and a method for separating execution modes and test examples and for combining execution modes into an execution mode manager which contains or communicates with an execution mode library. The method involves selection of an execution mode for executing a step or an action in a test example, and sending this execution mode to the test example for execution. Also the system and the method enable application of global and local assignment of weight coefficients to the execution mode selection process and enable repeated execution of the test example with previously executed modes.

EFFECT: easier software testing.

31 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: systems and methodologies are provided to integrate antivirus AV connected program (programs) as part of elements storage. Semantics for operation of AV connected program (programs) is provided by relational storage of elements, by application of metadata component and scanning component related to storage of elements. Metadata component may provide for value of signature related to storage of elements, which may represent time of data scanning and result for each scanned element. Scanning element may provide for formation of elements queue into storage of data in synchronous and/or asynchronous mode both for scanning and for cleaning by means of AV connected program provided by supplier.

EFFECT: improved reliability of antivirus protection.

29 cl, 14 dwg

FIELD: information technology.

SUBSTANCE: in a device for controlling access to memory in a computer system at least with two execution units there is buffer memory, specifically cache memory, as well as switching apparatus and comparison apparatus, whereby switching is carried out between a high-efficiency mode and a comparison mode. In the comparison mode, access to buffer memory is closed for all execution units and in the high-efficiency mode access to buffer memory is open to at least one execution unit.

EFFECT: possibility of switching in a switched multiprocessor system between a high-efficiency mode and a comparison mode.

13 cl, 8 dwg

FIELD: information technologies.

SUBSTANCE: invention comprises virtual machines monitor (VMM), equipment of inbuilt computer system, remote routing/profiling system, displaying routing/profiling information and controlling process of routing/profiling of routing/profiling VM, having commands to generate routing/profiling calls from remote routing/profiling system, initiating generation of routing/profiling calls in VMM, receiving routing/profiling information from routed/profiled VMM via VMM and sending this information into remote routing/profiling system, routed/profiled, generating routing/profiling calls, which provide for installation of routing and profiling points in specified addresses of memory, with the possibility of notification of routing/profiling VM on received data, and also with the possibility to receive routing/profiling information from routed/profiled VM, VM.

EFFECT: improved accuracy of systems of transparent routing and profiling of inbuilt virtualised computer systems.

10 cl, 3 dwg

FIELD: information technology.

SUBSTANCE: terminal related information is transmitted from the terminal during initial activation of the basic application to a terminal. The basic application includes general commerce related presentation components. An identification module then identifies the version of the user interface and the service provider associated with general commerce related presentation components. The terminal related information is received in a configured server system in which alternative application information for the terminal is extracted based on the terminal related information. This alternative application information is transmitted back to the terminal and the user interface of the basic application is changed as defined by the alternative application information.

EFFECT: possibility of dynamic setup, modification or configuration of a basic application which constantly located on a terminal.

29 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: in one versions, the processor has an indicator of the current instruction set processing mode, data storage which is configured to store the indicator of the target instruction set processing mode, an execution unit which is configured to execute instructions according to the current instruction set processing mode, and a comparator circuit which is configured to compare the current instruction set processing mode with and the target instruction set processing mode when executing each instruction and indicate whether the current instruction set processing mode corresponds to the target instruction set processing mode.

EFFECT: high efficiency of debugging instructions in a processor.

28 cl, 3 dwg, 2 tbl

FIELD: information technologies.

SUBSTANCE: system structure additionally comprises groups that consist of information storage and conversion units and implement generation of a list of requirements for the selected level of control of unavailability of undeclared capabilities, selects necessary automated facilities, selects and optimises the list of design errors that require inspection, evaluates the necessary qualification requirements of experts to control unavailability of undeclared capabilities in the analysed software, detects and evaluates complexity of bypassing facilities of program code protection against analysis applied in the analysed software, forecasts and optimises the list of possible standard interactions of the analysed software with outside program environment of functioning, forecasts and optimises the list of external directed undeclared impacts for the analysed software.

EFFECT: more accurate assessment of scope of works to control unavailability of undeclared capabilities in software.

2 dwg

Up!