1. Field of the Invention
The present invention relates generally to systems and methods for maintaining security of computer systems and, more particularly, to a system providing methodology for securing a multiple module system.
2. Description of the Background Art
The first computers were largely stand-alone units with no direct connection to other computers or computer networks. Data exchanges between computers were mainly accomplished by exchanging magnetic or optical media such as floppy disks. Over time, more and more computers were connected to each other using Local Area Networks or “LANs”. In both cases, maintaining security and controlling what information a computer user could access was relatively simple because the overall computing environment was limited and clearly defined.
With the ever-increasing popularity of the Internet, however, more and more computers are connected to larger networks. Providing access to vast stores of information, the Internet is typically accessed by users through Web “browsers” (e.g., Microsoft® Internet Explorer or Netscape® Navigator) or other Internet applications. Browsers and other Internet applications include the ability to access a URL (Uniform Resource Locator) or “Web” site. In the last several years, the Internet has become pervasive and is used not only by corporations, but also by a large number of small business and individual users for a wide range of purposes.
As more and more computers are now connected to the Internet, either directly (e.g., over a dial-up or broadband connection with an Internet Service Provider or “ISP”) or through a gateway between a LAN and the Internet, a whole new set of challenges face LAN administrators and individual users alike: these previously closed computing environments are now open to a worldwide network of computer systems. A particular set of challenges involves attacks by perpetrators (hackers) capable of damaging the local computer systems, misusing those systems, and/or stealing proprietary data and programs.
The software industry has, in response, introduced a number of products and technologies to address and minimize these threats, including “firewalls”, proxy servers, and similar technologies—all designed to keep malicious users (e.g., hackers) from penetrating a computer system or corporate network. Firewalls are applications that intercept the data traffic at the gateway to a Wide Area Network (“WAN”) and check the data packets (i.e., Internet Protocol packets or “IP packets”) being exchanged for suspicious or unwanted activities.
Another security measure that has been utilized by many users is to install an end point security (or personal firewall) product on a computer system to control traffic into and out of the system. An end point security product can regulate all traffic into and out of a particular computer. For example, an end point security product may permit specific “trusted” applications to access the Internet while denying access to other applications on a user's computer. To a large extent, restricting access to “trusted” applications is an effective security method. However, despite the effectiveness of end point security products, issues remain in protecting the computer system against attack by malicious users and applications.
One particular problem is protecting the end point security product itself against attack by a malicious individual, organization, or application. Generally, an end point security product, like almost any other modern software program, comprises a number of different components (or modules) which are contained in multiple files. For example, a given software product may contain 20 or more component executable files (e.g., dynamic link libraries or .exe files). These components are typically installed and operate on one or more client (or server) computing devices which run operating systems such as the Microsoft Windows operating system.
Considerable information is available (e.g., published specifications) describing how to develop and implement a software program comprised of multiple component modules or files. For example, a wide range of information is available as to how to develop and implement programs for the Windows operating system environment (or “Win32”). Similarly, details about how program components are to communicate with each other are also readily available and well known. Moreover, tools are currently available from a number of vendors for analyzing a given program and determining how components of the program communicate with each other.
These tools and publicly available information make it easier for developers to develop and implement interoperable programs for a given environment (e.g., the Windows environment). Unfortunately, they also make it easier for a hacker to analyze (or reverse engineer) a given program consisting of multiple components (or modules) and intercept internal communications between the individual components of a given program. For example, a first module or component of an end point security program may have an interface to a particular function that is called by a second component (e.g., a user interface module or component) in order to shut down the program. If an attacker is able to identify this interface, the attacker may be able to send commands to shut down the security program using the identified interface. After shutting down the security program, the attacker may then have full access to and control of the computing system previously protected by the security program.
A solution is required that will obscure and “harden” internal program interfaces (e.g., of an end point security program) to make it more difficult for a malicious user or application to use these interfaces as a means to attack the program. Obscuring the interfaces makes it more difficult for a perpetrator to determine what to attack. Hardening the interface provides an additional measure of security in making it more difficult for the perpetrator (attacker) to actually use the interface to call a given function or component.
Existing solutions are available for obscuring program interfaces of a newly developed program in order to better secure the program against attack. However, these existing solutions are generally inappropriate for use with an existing program as they typically require extensive modifications to be made to the underlying program source code. This is undesirable for several reasons. Making source code modifications to a program may cause errors to be introduced into the program. Also, it may require considerable effort to modify the program in this fashion. In addition, even if one is willing to make these modifications to the underlying program, this approach only obscures interfaces and generally does not serve to harden program interfaces against attack.
What is required is a solution that will both obscure and harden internal program interfaces in order to make it more difficult for a malicious user or application to attack a program using these internal interfaces. Implementation of the solution should not require extensive rewrites to the source code of the program. Ideally, the solution should also provide protection from an attacker attempting to intercept calls made by a program to the underlying operating system on which it is running as a means for attacking the program. The present invention provides a solution for these and other needs.