Data processing: software development – installation – and managem – Software program development tool – Testing or debugging
Reexamination Certificate
2000-03-31
2004-05-25
Zhen, Wei (Department: 2122)
Data processing: software development, installation, and managem
Software program development tool
Testing or debugging
Reexamination Certificate
active
06742177
ABSTRACT:
CROSS-REFERENCE TO RELATED APPLICATIONS
Not Applicable
BACKGROUND OF THE INVENTION
1. Field of the Invention
Broadly this invention relates to software and programming and more particularly relates to the field of using commercial debuggers for tamper-resistant software modules.
2. Description of the Related Art
Programs or the sequences of instructions suitable for processing for computer hardware continue to grow larger and become more complicated. Advancements in both processor speeds and storage capacity have almost doubled every two years. Most programs are written in human readable formats using a text editor. Examples of programming languages include C/C++, Fortran, Basic, Ada, Cobol, Basic, Pascal and assemblers. Source code is compiled into object code, sometimes referred to the “before” and “after” versions of a computer program. The object code file contains a sequence of instructions that the processor can understand but that is difficult for a human to read or modify. For this reason and because even debugged programs often need some later enhancement, the source code is the most permanent form of the program.
A text editor is a computer programs that lets a user enter, change, store, and usually print text. Text editors can be used to enter program language source code. Typically, a text editor provides an “empty” display screen (or “scrollable page”) with a fixed-line length and visible line numbers. A developer can then fill the lines in with text, line by line. Special command line lets you move to a new page, scroll forward or backward, make global changes in the program, save the program, and perform other actions. After saving a program, the developer can then print it or display it. Before printing or displaying it, you may be able to format it for some specific output device or class of output device. A popular text editor in IBM's large or mainframe computers is called XEDIT. In UNIX systems, the two most commonly used text editors are Emacs and vi. In personal computer systems, wordprocessors are more common than text editors. However, there are variations of mainframe and UNIX text editors that are provided for use on personal computers. An example is KEDIT, which is basically XEDIT for Windows.
Once the source code is written with a text editor, the source code is compiled into object code. In some system the object code is linked to a relocatable address space with other object modules.
Almost without exception, most very early version of programs has errors or “bugs” and the developer is faced with the task of debugging. The process of debugging starts with the locating and fixing or bypassing bugs (errors) in computer program code or the engineering. To debug a program is to start with a problem, isolate the source of the problem, and then fix it. A developer of a program that does not know how to fix the problem may learn enough about the problem to be able to avoid it until it is permanently fixed. When someone says they've debugged a program or “worked the bugs out” of a program, they imply that they fixed it so that the bugs no longer exist.
Debugging is a necessary process in almost any new software or hardware development process, whether a commercial product or an enterprise or personal application program. For complex products, debugging is done as the result of the unit test for the smallest unit of a system, again at component test when parts are brought together, again at system test when the product is used with other existing products, and again during customer beta testing, when users try the product out in a real world situation. Because most computer programs and many programmed hardware devices contain thousands of lines of code, almost any new product is likely to contain a few bugs. Invariably, the bugs in the functions that get most use are found and fixed first. An early version of a program that has lots of bugs is referred to as “buggy.”
Debugging tools help identify coding errors at various development stages.
FIG. 1
is a block diagram of at software development GUI
108
with an application in both source
106
and object
102
form running on a computer hardware platform
102
. Some programming language packages include a facility for checking the code for errors as it is being written. A class of symbolic debuggers such as Microsoft Visual C++, IBM's Visual Age, Delphi Compilers and other debuggers exist that enable developer to step through their source code as the code is being executed. Developers can watch variables, set breakpoints and modify the contents of processor registers.
There exists a class of programs that are caller “secure” or “tamper-resistant.” A tamper resistant program module is a module which is written in an environment to deter the unauthorized access to program module. Such “tamper-resistant” modules are used where sensitive steps are performed during programming execution. One example of the use of “tamper-resistant” programs is the decoding of security keys in a private-public key or symmetric key environment or the processing of any sensitive information such as financial information.
Tamper-resistant software technology is a method to deter unauthorized entry into a computer software application by a hacker. Typically a hacker wants to understand and/or modify the software to remove the restrictions on the usage. In practicality, no computer program exists that cannot be hacked; that is why tamper-resistant software is not called “tamper-proof.” But the amount of effort required to hack a tamper-resistance protected application usually deters most hackers because the effort is not worth the possible gain.
One type of tamper-resistant software technology is from IBM. One product this code was introduced is in the IBM think pad model 770 laptop computer. Here, the tamper-resistant software was used to protect the DVD movie player in the computer. Digital Content Provider(s) such as Hollywood studios, concerned about the advent of digital movies and the ease at which perfect copies can be made, have insisted that movies on DVD disc(s) contain copy protection mechanisms. IBM's tamper-resistant software made it difficult to circumvent these copy protection mechanisms. This is a very typical application for tamper-resistant software; the software is used to enforce rules on the usage of some protected type of sensitive information content.
IBM's tamper-resistant software puts several types of obstacles in the path of the attacker. First, it contains techniques to defeat, or at least reduce the effectiveness of, the standard software tools that the hacker uses: debuggers and dissassemblers. Second it contains self-integrity checking, so that single modifications, or even small handfuls of modifications, will be detected and cause incorrect operation. Finally, it contains obfuscating to mislead hackers regarding its true operation. The latter technique is largely ad hoc, but the first two build upon well-known tools in cryptography: encryption and digital signatures.
The use of tamper-resistant software although very useful, makes the use of debugging tools nonfunctional in finding errors in applications that call tamper-resistant modules. The debugging of applications that call tamper-resistance modules without the use of symbolic debuggers is extremely difficult. Accordingly, a need exists for a method to enable developers of applications that use tamper-resistant applications to step through API calls to tamper-resistant modules from a calling program and receive any status sent that are sent back from the API to the debugger.
SUMMARY OF THE INVENTION
According to one aspect of the invention, a method to debug application interface calls made to a tamper-resistant software module is disclosed. The method includes using a client-server socket connection to communicate through an intermediate software module with an intermediate function call. An application being symbolically debugged with a function call into the tamper-resistant software module is ha
Cagle Stephen B.
Dorak, Jr. John J.
Spagna Richard L.
Gibbons Jon A.
Gutman Bongini & Bianco P.L.
Shofi David M.
Zhen Wei
LandOfFree
Method and system for secure debugging of a secure software... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for secure debugging of a secure software..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for secure debugging of a secure software... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3211238