公开(公告)号：US09721120B2

公开(公告)日：2017-08-01

申请号：US13893463

申请日：2013-05-14

Applicant: Apple Inc.

Inventor： Jon McLachlan ,  Julien Lerouge ,  Daniel F. Reynaud ,  Eric D. Laspe

IPC: G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00 ,  G06F21/62 ,  G06F21/12

CPC classification number: G06F21/629 ,  G06F21/125

Abstract: An obfuscated program can be configured to resist attacks in which an attacker directly calls a non-entry function by verifying that an execution path to the function is an authorized execution path. To detect an unauthorized execution order, a secret value is embedded in each function along an authorized execution path. At runtime, the secrets are combined to generate a runtime representation of the execution path, and the runtime representation is verified against an expected value. To perform the verification, a verification polynomial is evaluated using the runtime representation as input. A verification value result of zero means the execution path is an authorized execution path.

公开(公告)号：US20140344924A1

公开(公告)日：2014-11-20

申请号：US13893463

申请日：2013-05-14

Applicant: APPLE INC.

Inventor： Jon McLachlan ,  Julien Lerouge ,  Daniel F. Reynaud ,  Eric D. Laspe

IPC: G06F21/54

CPC classification number: G06F21/629 ,  G06F21/125

Abstract: An obfuscated program can be configured to resist attacks in which an attacker directly calls a non-entry function by verifying that an execution path to the function is an authorized execution path. To detect an unauthorized execution order, a secret value is embedded in each function along an authorized execution path. At runtime, the secrets are combined to generate a runtime representation of the execution path, and the runtime representation is verified against an expected value. To perform the verification, a verification polynomial is evaluated using the runtime representation as input. A verification value result of zero means the execution path is an authorized execution path.

Abstract translation: 可以配置一个混淆程序，以抵御攻击者通过验证到该功能的执行路径是授权的执行路径直接调用非入口功能的攻击。 为了检测未经授权的执行顺序，秘密值被嵌入在沿着授权的执行路径的每个功能中。 在运行时，组合秘密以生成执行路径的运行时表示，并根据预期值验证运行时间表示。 为了执行验证，使用运行时表示作为输入来评估验证多项式。 验证值结果为零表示执行路径是授权的执行路径。

公开(公告)号：US20130138973A1

公开(公告)日：2013-05-30

申请号：US13748184

申请日：2013-01-23

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Mathieu Ciet ,  Jon McLachlan

IPC: G06F21/14

CPC classification number: G06F21/14 ,  G06F8/51 ,  H04L9/002 ,  H04L9/3013 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/16

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.

Abstract translation: 本文公开的是基于离散对数来混淆数据的系统，计算机实现的方法和计算机可读存储介质。 实施该方法的系统识别源代码中的明确值，基于清除值和离散对数，用源代码替换变换值，并更新引用清除值的源代码部分，使得 与变换值的交互提供与清除值的交互相同的结果。 这种离散对数方法可以在三个变体中实现。 第一个变体模糊了循环中的一些或全部清除值。 第二个变体在一个过程中模糊数据。 第三个变体模糊数据指针，包括表和数组。 第三个变体也保留了使用指针算术的能力。

公开(公告)号：US08495390B2

公开(公告)日：2013-07-23

申请号：US13748184

申请日：2013-01-23

Applicant: Apple Inc.

Inventor： Augustin J. Farrugia ,  Benoit Chevallier-Mames ,  Mathiew Ciet ,  Jon McLachlan

IPC: G06F11/30 ,  G06F12/14 ,  H04K1/00 ,  H04L9/00 ,  H04L9/28

CPC classification number: G06F21/14 ,  G06F8/51 ,  H04L9/002 ,  H04L9/3013 ,  H04L2209/046 ,  H04L2209/08 ,  H04L2209/16

Abstract: Disclosed herein are systems, computer-implemented methods, and computer-readable storage media for obfuscating data based on a discrete logarithm. A system practicing the method identifies a clear value in source code, replaces the clear value in the source code with a transformed value based on the clear value and a discrete logarithm, and updates portions of the source code that refer to the clear value such that interactions with the transformed value provide a same result as interactions with the clear value. This discrete logarithm approach can be implemented in three variations. The first variation obfuscates some or all of the clear values in loops. The second variation obfuscates data in a process. The third variation obfuscates data pointers, including tables and arrays. The third variation also preserves the ability to use pointer arithmetic.