Traditionally, security transformations for a given software module are applied directly to source code. For example, program transformations have been shown to be an effective approach to resistance to reverse engineering and tampering attacks to software. Additionally, the diversification of these security transformations is a further barrier to differential attacks, collusion, and other comparison threats. For example, U.S. Pat. No. 6,594,761, issued Jul. 15, 2003 and U.S. Pat. No. 6,842,862, issued Jan. 11, 2005, describe data flow transform techniques that can be used to protect software; and U.S. Pat. No. 6,779,114, issued Aug. 17, 2004, describes control flow transform techniques that can be used to protect software.
Once the security transformations have been applied, the source files are first processed by a pre-compiler, which does source-to-source security transformations of the software modules, generating transformed source-files that incorporate transformations based on user-determined security decisions. The transformed source-files are then processed by the native compiler, generating object-code. The resulting native object-code (possibly packaged as a static-library) is then immutable as far as the end-user is concerned, and must be processed by a linker to produce either an executable binary, or a dynamic-library. Libraries are integrated into a program by a linker. The output of the linker (specifically, the layout of the software modules in memory) is generated automatically, and is a deterministic function of the input software modules, optimized for runtime performance. If it is desired to modify the memory layout, most linkers require the use of complex metadata, which is generally beyond the scope of any but the most advanced of users.
If the security decisions of the software module need to be revisited, or even if the production of diverse instances of the module is desired, there is no choice but to repeat the steps of pre-compiling, compiling, and linking/loading. This is expensive, both in terms of the build-time involved, but also from a quality assurance perspective. Rebuilding the software module necessitates that the performance (speed, size, etc.) and correctness of the resulting executable/dynamic-library will have to be re-verified.
Therefore, it is desirable to provide an improved method and system for applying security transformations that obviates the need to re-build a software module, such as when security decisions need to be changed, or diverse instances need to be created.