As computers have become more widely used and more pervasively networked, information, privacy, and financial losses, etc., due to information security breaches have dramatically increased as well. According to a Mar. 12, 2001 survey press release, published by the Computer Security Institute, eighty-five percent of 538 respondents, primarily large corporations and government agencies, detected computer security breaches in the preceding year. (http://www.gocsi.com/prelea.sub-.--000321.htm, incorporated herein by reference.) Sixty-four percent of the same respondents confirmed financial losses due to computer breaches, with thirty-five percent of 186 respondents being capable of quantifying their losses as totaling $377,828,700. By comparison, the losses from 249 respondents in 2000 totalled $265,589,940, with the average annual total over the prior three year period being $120,240,180. This trend illustrates that the threat of computer crime and other electronic information security breaches continues to grow with financial loss exposure also increasing.
As in previous years, the most serious financial losses have occurred from theft of information (34 respondents reporting $151,230,100) and fraud (21 respondents reporting $92,935,500). Notably, those respondents that cited their Internet connections as a frequent point of attack rose from 59% in 2000 to 70% in 2001. Some examples of security breaches and cyber crimes on the rise are: system penetration from external sources (40% of respondents); denial of service attacks (38%); employee abuse of Internet access privileges, for example downloading pirated software or inappropriate use of email systems (91%); and computer virus attacks (94%).
Many advances have been made in recent years in the field of computer information security. Most of these security countermeasure technologies have employed computer software to: identify authorized users of a system; protect against virus infection; encrypt/decrypt data streams; prevent unauthorized registration and/or use of pirated software applications; and block malicious or surreptitious communications originating from a particular source. Unauthorized access to a particular computer system, however, may often be obtained by exploiting various security flaws present in the program code of the countermeasure software itself. Additionally, unauthorized access may also occur with the theft of user identification and password information.
With respect to the unauthorized and illegal reproduction of computer software, one of the most prevalent problems is that the software applications can be reverse engineered with decompiling tools. Decompilers are essentially software applications that examine other compiled software applications in order to reconstruct the original source code. For commercial software applications offered for sale, decompilation and reverse engineering is often prohibited by software license agreements. Decompilers, however, are freely available for a variety of platforms. Generally, a decompiler works by analyzing the byte code of software and making educated guesses about the source code that created it. Most decompilers also provide additional debugging information, which can help the decompiler generate a more accurate representation of the original source code. If the software employs code routines for protecting itself against unauthorized use, such as with the aid of serial numbers, hardware locks, locking to floppy disks or CD's, time-limited license expiration, etc., the code fragments can be decompiled, analyzed, modified and recompiled to produce a new version of the software application in which the security code routine has been defeated and is no longer capable of preventing unauthorized use. The modified software application is thereafter unprotected and may be duplicated and distributed ad infinitum for illegal, royalty-free use, for example, over the internet as what is known to those skilled in the art of software piracy as “warez”.
Several debugging tools, such as, for example, NUMEGA.RTM. SOFTICE.RTM., are readily available for this purpose. (http://www.numega.com/drivercentral/components/si_driver.shtml). A debugging tool, more commonly known as a “debugger”, is a software development program that allows the user to debug and troubleshoot computer code as the application is being developed. Generally, the debugger acts to interrupt the CPU in order to watch each individual instruction as it arrives for processing and execution. For example, a debugger may be used to analyze and determine precisely which code fragment in a compiled application is responsible for interrogating whether a valid serial number has been provided in order to permit an authorized user to execute the program application. Once the serial number interrogation code fragment is located by the debugger, it becomes rather simple to decompile the code fragment to determine the characteristics that a valid serial number key must have in order to permit program execution access. For example, for any serial number interrogation code fragment and any valid serial number, the operation of the code fragment on a valid serial number s permits user access (1=True; therefore, allow access) as given by: s=1 and the operation of the interrogation code fragment on an invalid serial number x denies user access (0=False; therefore, deny access) as given by: x=0. Given the code fragment, an inverse function .sup.−1 may be derived such that: 1iC^−1Ri=isii=1nC^si=n, wherein, any operation of the inverse function .sup.−1 upon a random seed R.sub.i generates a random and valid serial number s.sub.i. Moreover, an algorithm may be deduced from the inverse function of the code fragment .sup.−1 to generate a stand-alone application capable of generating multiple random, yet valid, serial numbers. Alternatively, the interrogation code fragment may be removed altogether and the program recompiled to a version which no longer has an interrogation code routine and that looks for a serial number prior to permitting the user to execute the application.
Another representative software security weakness involves the MICROSOFT.RTM. WINDOWS.RTM. Application Programming Interface (API). For example, when the user displays a webpage requesting that the user login, there may be a textbox provided for the username and another textbox for the password. Using the WINDOWS.RTM. API, another application can continuously or periodically request the contents of the textboxes, even if the webpage display subroutine passes asterisk characters to obscure that content. Such an application can be designed to run in the background and would be generally undetectable to the average user.
Yet another exploitable software security vulnerability involves the logging of user keystrokes. In these types of breaches, an application can monitor the data originating from the operating system's keyboard device driver routines to look for username, password or other sensitive data and store and/or transmit the data for future use. Additionally, keyboards, like most electronic devices, generally emit electromagnetic radiation of particular frequencies which propagate away from the keyboard in all directions. Someone monitoring these frequencies at a distance can analyze the signals to determine which keys on the keyboard have been depressed.
The “cut and paste” feature of many operating systems also presents a security problem. Each time the cut-and-paste feature is used, for example, in MICROSOFT.RTM. WINDOWS.RTM., another application can interrogate the clipboard and make copies of the contents. There are many other examples of exploiting software security flaws that involve other mechanisms, such as digital wallets/passports, web browser cookies, etc. Often, a computer virus is selected as a transport mechanism for depositing these malicious applications onto a target computer system.
There is a need, therefore, within the electronic information security art, to more effectively counter the exploitation of security flaws in software applications during the execution of the application code. There is also a need to more effectively prevent (1) unauthorized duplication and distribution of software applications and (2) the capturing of identification, password and/or other data that might be used, inter alia, to gain access to a particular computer system.