Existing software systems often utilize credential/key-based techniques to ensure the security of data being transferred within the system. For example, one regularly utilized credential/key-based technique is that of data encryption/decryption. In this technique, encryption software executes an algorithm that is designed to encrypt computer data in such a way that the original data cannot be recovered by a program unless that program has the appropriate credential/key. These systems tend to concentrate their security efforts on verifying the credential/key being passed between programs, rather than on verifying the access rights of the programs themselves. In this manner, rogue programs with viable credentials/keys can obtain and decrypt data sought to be protected, thus compromising the security efforts of the system.
Existing computing systems utilize a number of methods to protect against malicious programming attacks and/or data corruption from external sources. For example, one known technique includes the use of anti-virus software. Anti-virus software is a software-based technique that utilizes methods such as signature-based detection, malicious activity detection, and/or a heuristic-based method (e.g., file analysis or file detection) to prevent, detect, and remove malware, including computer viruses, worms, trojan horses, etc. However, a number of drawbacks are associated with utilizing anti-virus software as a means for system protection. For example, users of anti-virus software may have a difficult time understanding the prompts and decisions that the software presents them with. This can lead to a scenario in which a user makes an incorrect decision leading to a system-security breach. Furthermore, anti-virus software is known to detect “false-positives,” meaning that the software characterizes innocent software code (i.e., software programs) and/or data as being malicious. In this circumstance, the anti-virus software will often remove the innocent software code and/or data, thereby seriously hampering the computing system's functionality.
Another technique involves authenticating software code and/or data constants that the system wishes to execute at load-time during a secure boot process. This is may be accomplished, for example, via a signature verification technique as recognized by those having ordinary skill in the art. A load-time authentication technique also suffers from drawbacks. For example, in this technique, the authentication only takes place once, during the secure boot process. Thus, a system utilizing a load-time authentication technique is susceptible to programming attacks and/or data corruption at run-time, where run-time is recognized as being the time period immediately following load-time (i.e., after the secure boot process).
Furthermore, existing computing systems often attempt to protected the integrity of data stored in registers by implementing a credential-based security system. In such a system, access to registers (i.e., locations in memory that can be read/written) is restricted to those functions (i.e., software programs) whose credentials are verified. This verification can be accomplished by logic within the computing system. However, credential-based security systems suffer from a number of drawbacks. For example, credential-based security systems are only capable of enforcing one data-access policy. Specifically, a function with viable credentials will be permitted to access the data within the register while a function without viable credentials will be denied access to the data. Because these systems rely solely on credential-based verification as a mechanism for data access, they are susceptible to a scenario where a rogue function improperly obtains viable credentials and is therefore permitted to access the data sought to be protected. Furthermore, these systems assume that credential-based data access is the appropriate security policy for all types of data sought to be protected. However, it is often desirable to protect different types of data with different access policies.
Known techniques, such as those discussed above, are frequently not suitable for use in digital rights management (DRM) systems. For example, in current DRM system implementations, secure DRM code uses driver code to communicate directly with a GPU. However, this driver code is frequently not secure, allowing a “man-in-the-middle” attack to replace the driver code with arbitrary code which could be used to impersonate the GPU hardware and thus intercept all protected content sent to the GPU, thereby compromising the DRM system.
Thus, a need exists to authenticate programs attempting to access data that has already been secured by means such as encryption.