Abstract: In a general aspect, a computer implemented method can include identifying, in a program code stored in computer memory, a location of a dynamic repair target code section for an assignment to a program variable, a value of which is known only at runtime. The method can also include modifying the program code at the identified location of the dynamic repair target code section to assign an immediate value different from a correct runtime value to the program variable. The method can further include inserting, into the program code in the computer memory, a dynamic repair probe code section that is executed before the dynamic repair target code and, at runtime, modifies the immediate value in the code to contain the correct runtime value when an attack has not occurred.

Abstract: In a general aspect, a method of generating a protected implementation of an algorithm includes: expanding an original source code implementing the algorithm into a single set of real operations; combining each real operation using real data with the real data it uses, to obtain a combination represented in a way which uses an actual real data fragment in a form different from an original form; producing a set of duplicated and mutated decoy operations representing an alternative implementation of the algorithm, applied to decoy data; combining the set of decoy operations with the set of real operations including the combinations, to obtain an implementation where the decoy operations interact with the real operations and the real data processed by the real operations, such that a real data flow of in the implementation is difficult to analyze; and transforming the implementation into a resulting code that can be executed.

Abstract: A computer implemented anti-tamper system employing runtime profiling of software in order to decide where to inject integrity checks into the software, to enable verification of whether or not the software has been tampered with. Runtime profiling and analysis is used to record information about the application, in order to establish the locations and targets of runtime integrity checks in order to optimize protection security, while minimizing the performance penalty and the need for hand configuration.

Abstract: In a general aspect, a computer implemented method can include identifying, in a program code stored in computer memory, a location of a dynamic repair target code section for an assignment to a program variable, a value of which is known only at runtime. The method can also include modifying the program code at the identified location of the dynamic repair target code section to assign an immediate value different from a correct runtime value to the program variable. The method can further include inserting, into the program code in the computer memory, a dynamic repair probe code section that is executed before the dynamic repair target code and, at runtime, modifies the immediate value in the code to contain the correct runtime value when an attack has not occurred.

Abstract: Program code is modified to execute correctly only when code and data memory accesses/fetches are synchronised, i.e. data and code accesses/fetches are routed to identical physical addresses in computer memory. This indirectly defeats the MMU attack, in which code and data memory accesses/fetches to the same logical address are routed to different physical addresses. The program code is modified such that one or more sections of the code (“repair targets”) are deliberately broken so that the program code will not execute correctly, the repair targets being replaced at run time with correct code before the repair targets are executed.

Abstract: In a general aspect, a method of generating a protected implementation of an algorithm includes: expanding an original source code implementing the algorithm into a single set of real operations; combining each real operation using real data with the real data it uses, to obtain a combination represented in a way which uses an actual real data fragment in a form different from an original form; producing a set of duplicated and mutated decoy operations representing an alternative implementation of the algorithm, applied to decoy data; combining the set of decoy operations with the set of real operations including the combinations, to obtain an implementation where the decoy operations interact with the real operations and the real data processed by the real operations, such that a real data flow of in the implementation is difficult to analyze; and transforming the implementation into a resulting code that can be executed.

Abstract: Program code is modified to execute correctly only when code and data memory accesses/fetches are synchronised, i.e. data and code accesses/fetches are routed to identical physical addresses in computer memory. This indirectly defeats the MMU attack, in which code and data memory accesses/fetches to the same logical address are routed to different physical addresses. The program code is modified such that one or more sections of the code (“repair targets”) are deliberately broken so that the program code will not execute correctly, the repair targets being replaced at run time with correct code before the repair targets are executed.

Abstract: A computer implemented anti-tamper system employing runtime profiling of software in order to decide where to inject integrity checks into the software, to enable verification of whether or not the software has been tampered with. Runtime profiling and analysis is used to record information about the application, in order to establish the locations and targets of runtime integrity checks in order to optimise protection security, while minimising the performance penalty and the need for hand configuration.