1. Field
The present invention relates generally to content protection and digital rights management and, more specifically, to deterring debugger attacks on software.
2. Description
The personal computer (PC) platform is an open and accessible computer architecture. However, the openness of the PC means that it is a fundamentally insecure computing platform. Both the hardware and software can be accessed for observation and modification. This openness allows malicious users and programs to observe and to modify executing code, perhaps with the aid of software tools such as debuggers and system diagnostic tools. Despite these risks, there are classes of operations that must be performed securely on the fundamentally insecure PC platform. These are applications where the basic integrity of the operation must be assumed, or at least verified, to be reliable. Examples of such operations include financial transactions and other electronic commerce, unattended access authorization, and digital content management.
For content providers, countering the threat of digital piracy on the PC requires new software that is resistant to attacks by a malicious user. In this scenario, the malicious user may wish to tamper with or replace particular components of the software in order to gain unauthorized access to digital content or to make unauthorized reproductions. A cryptosystem based on cryptographic methods employed in conjunction with the software may be used to help protect the content owner's rights. Content may be encrypted to provide some measure of protection, but the software creating and accessing cryptographic keys and the software accessing the decrypted content during playback are still vulnerable to attack.
Attackers may attempt to use debuggers to “single step” the software accessing valued content. In some instances, the debugger may set a breakpoint in the software to stop execution at the selected breakpoint. The debugger may then be used to examine data being operated on by the software. The debugger may also cause the execution of successive individual instructions, thereby allowing continued examination of program data. Although some techniques are known for deterring such activity, additional methods are desired in order to further improve the security of the system.