News Column

Patent Application Titled "Method of Securing Non-Native Code" Published Online

February 13, 2014



By a News Reporter-Staff News Editor at Computer Weekly News -- According to news reporting originating from Washington, D.C., by VerticalNews journalists, a patent application by the inventors Adams, Garney David (Stittsville, CA); Gu, Yuan Xiang (Ottawa, CA); Rong, Jack Jiequn (Ottawa, CA), filed on March 31, 2011, was made available online on January 30, 2014.

The assignee for this patent application is Irdeto B.v.

Reporters obtained the following quote from the background information supplied by the inventors: "Virtual machines and script interpreters are known. Software applications designed for execution by a process virtual machine, or a script interpreter, are shielded from the underlying hardware and operating system of the computing platform on which they run. As such, these applications, which can be referred to as non-native applications, cannot access the security resources provided by the computing platform and, cannot use protective measures available to native applications. Additionally, many established software security and protection techniques, which are designed to protect native code (e.g., machine code), cannot be directly adapted to process non-native applications. Security approaches that provide restricted protection of a computing system (e.g., sandbox security), within which a non-native application can run, may limit this adaptation capability even further. As such, process virtual machines or script interpreters are fundamentally un-trusted and vulnerable to attacks.

"In recent years, tablet computers and smart phones have been the subject of exceptional growth, as have the number of software applications available to them. Many such software applications are non-native applications that have little computing platform dependency. As an example, some applications for tablet computers and smart phones can be loaded, triggered and run within a web browser that cannot provide a native environment and acceptable security.

"Therefore, improvements in protection and security of non-native applications that run on virtual machines and script interpreters are desirable."

In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventors' summary information for this patent application: "In a first aspect, the present disclosure provides a method to secure execution of a non-native application coded in non-native code. The method comprises: modifying the non-native application to obtain a native code function and an application stub, the native code function being executable within a pre-defined trusted module, the pre-defined trusted module having one or more native environment security functions, the application stub having at least one execution dependency dependent on the native code function, the at least one execution dependency including a call to the native code function. The method further comprises packaging the application stub with the native code function.

"The method can further comprise: loading the application stub within a non-native environment; loading the native code function within the pre-defined trusted module; and executing the application stub in the non-native environment, the at least one execution dependency causing the application stub to call the native code function to cause the native code function to be executed within the pre-defined trusted module in accordance with at least one of the one or more native environment security functions.

"The non-native application can include a non-native code function, and modifying the non-native application can include converting the non-native code function into a counterpart native code function.

"The non-native application can includes a non-native code function with a non-native code function functionality; modifying the non-native application can include converting the non-native code function into partial non-native code functions, and installing the partial non-native code functions in the non-native application stub; and the native code function can includes one or more bridge functions to bridge the partial non-native code functions to obtain bridged partial non-native code functions, the bridged partial non-native code functions having a functionality equivalent to that of the non-native code function.

"The non-native application can include a non-native code function with a non-native code function functionality; modifying the non-native application can include converting the non-native code function into partial non-native code functions, installing a first portion of the partial non-native code functions in the non-native application stub, and installing a second portion of the partial non-native code functions in an application library, the application library being encompassed within the pre-defined trusted module; and the native code function can include one or more bridge functions to bridge the first and second portions of the partial non-native code functions to obtain bridged partial non-native code functions, the bridged partial non-native code functions having a functionality equivalent to that of the non-native code function.

"The non-native application can include a non-native code function with a non-native code function functionality; modifying the non-native application can include converting the non-native code function into at least one partial non-native code function and at least one partial native code function, the at least one partial non-native code function being part of the non-native application stub; and the native code function can include one or more bridge functions to bridge the at least one partial non-native code function and the at least one partial native code function to obtain bridged partial native and non-native code functions, the bridged partial native and non-native code functions having a functionality equivalent to that of the non-native code function.

"The non-native application can include a plurality of non-native code functions having an overall functionality; modifying the non-native application can include installing the plurality of non-native code functions in the non-native application stub; and the native code function can include one or more bridge functions to bridge the plurality of non-native code functions to obtain bridged non-native code functions, the bridged non-native code functions having a functionality equivalent to that of the overall functionality of the plurality of non-native code functions.

"The non-native application stub can include a secure loader stub and the one or more native environment security functions can include a secure loader handler function.

"The non-native application stub can include an integrity verification stub and the one or more native environment security functions can include an integrity verification handler function.

"The one or more native environment security functions can include an anti-debug handler.

"The non-native application can include a non-native code function with a non-native code function functionality; and modifying the non-native application can include: converting the non-native code function into partial non-native code functions, the partial non-native code functions having a first portion of partial non-native code functions and a second portion of partial non-native code functions; and installing the first portion of the partial non-native code functions in the non-native application stub; the method can further comprise: encrypting the second portion of the partial non-native code functions to obtain encrypted partial non-native code functions; and installing the encrypted partial non-native code functions in an application library, the application library being encompassed within the pre-defined trusted module, the encrypted partial non-native code functions to be decrypted at run-time to obtain a decrypted second portion of the partial non-native code functions, the decrypted second portion of the partial non-native code functions to be loaded in the non-native environment, the native code function including one or more bridge functions to bridge the first portion of the partial non-native code functions and the decrypted second portion of the partial non-native code functions to obtain bridged partial non-native code functions, the bridged partial non-native code functions having a functionality equivalent to that of the non-native code function.

"The non-native code can includes at least one of Java code, Javascript code, C# code, Actionscript code, and Python code.

"The call to the native code function can be done through a Java Native Interface.

"The call to the native code function can done through a Netscape Plugin Application Programming Interface.

"Other aspects and features of the present disclosure will become apparent to those ordinarily skilled in the art upon review of the following description of specific embodiments of the present disclosure in conjunction with the accompanying figures.

BRIEF DESCRIPTION OF THE DRAWINGS

"Embodiments of the present disclosure will now be described, by way of example only, with reference to the attached Figures, wherein:

"FIG. 1 show a embodiment of a provisioning process flow of the present disclosure.

"FIG. 2 shows a functionality of an interlocking tool embodiment of the present disclosure.

"FIG. 3 shows a runtime representation of an embodiment of the present disclosure.

"FIG. 4 shows a embodiment of software elements, and their interfaces in accordance with the present disclosure.

"FIG. 5 shows a function in a non-native application.

"FIG. 6 shows a runtime representation of an example of partial execution using dynamic loading and bridge execution in accordance with the present disclosure.

"FIG. 7 shows a runtime representation of another example of partial execution using dynamic loading and bridge execution in accordance with the present disclosure.

"FIG. 8 shows a runtime representation of an example of partial execution using trusted function and bridge execution in accordance with the present disclosure.

"FIG. 9 shows two functions in a non-native application.

"FIG. 10 shows a runtime representation of an example of trusted function invocation in accordance with the present disclosure.

"FIG. 11 shows an embodiment of the present disclosure featuring secure loading.

"FIG. 12 shows an embodiment of the present disclosure featuring secure integrity verification.

"FIG. 13 shows an embodiment of the present disclosure featuring an anti-debugging feature."

For more information, see this patent application: Adams, Garney David; Gu, Yuan Xiang; Rong, Jack Jiequn. Method of Securing Non-Native Code. Filed March 31, 2011 and posted January 30, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=65&p=2&f=G&l=50&d=PG01&S1=20140123.PD.&OS=PD/20140123&RS=PD/20140123

Keywords for this news article include: Software, Irdeto B.v..

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Computer Weekly News


Story Tools