Dynamically obfuscated javascript
Uloženo v:
| Název: | Dynamically obfuscated javascript |
|---|---|
| Patent Number: | 8,683,452 |
| Datum vydání: | March 25, 2014 |
| Appl. No: | 12/974756 |
| Application Filed: | December 21, 2010 |
| Abstrakt: | An improved technique of providing computer code to a set of client computers is disclosed. In the improved technique, a set of files is generated, each file in the set of files including computer code configured to be read by an interpreter on each client computer, the computer code in each file including a set of functions, each function in the set of functions having a name, the name of a function in the set of functions in a first file in the set of files differing from the name of a corresponding function in the set of functions in a second file in the set of files, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer. |
| Inventors: | Hodgman, Roy (Wenham, MA, US); Mizrach, Ofer (Tel Aviv, IL); Mann, Ofri (Hamaapil, IL); Vaystikh, Alex (Hod Hasharon, IL) |
| Assignees: | EMC Corporation (Hopkinton, MA, US) |
| Claim: | 1. A method of providing computer code to a set of client computers, each client computer in the set of client computers having an interpreter capable of producing a set of computer instructions from the computer code, the method comprising: generating, by a server connected to each client computer over a network, a set of files, each file in the set of files including computer code configured to be read by the interpreter on each client computer, the computer code in each file including a set of functions, each function in the set of functions having a name, the name of a function in the set of functions in a first file in the set of files differing from the name of a corresponding function in the set of functions in a second file in the set of files, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer; receiving, by the server and from a first client computer in the set of client computers over the network, a first request to access the computer code in the first file; sending, by the server, the first file to the first client computer over the network upon receiving the first request; receiving, by the server and from a second client computer in the set of client computers over the network, a second request to access the computer code in the second file; sending, by the server, the second file to the second client computer over the network upon receiving the second request; wherein the interpreter is part of a web browser on each client computer; and wherein receiving includes receiving a request through a website loaded onto memory on a client computer, the request originating in response to input-driven events on the client computer; wherein the functionally equivalent sets of computer instructions are configured to report the existence of malware on each client computer to the server; and wherein sending the second file to the second client computer includes: examining a report on the existence of malware on the second client computer; and if malware is found on the second client computer, checking, prior to sending the second file, the content of the second file to ensure there are predetermined differences between the computer code in the second file and the computer code in the first file, wherein the server, the first client computer and the second client computer are distinct. |
| Claim: | 2. A method as in claim 1 , wherein generating further includes having each file in the set of files further include a set of variables, each variable in the set of variables having a name, the name of a variable in the set of variables in a first file in the set of files differing from the name of a corresponding variable in the set of variables in a second file in the set of files, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer. |
| Claim: | 3. A method as in claim 2 , wherein the set of files form a sequence of files; and wherein the method further comprises receiving an additional request from a client computer from the set of client computers and, in response to the additional request, sending in a round robin fashion the next file in the sequence of files to the client computer from which the additional request was received. |
| Claim: | 4. A method as in claim 3 , wherein generating further includes inserting, in the second file, additional computer code containing variables from the set of variables and functions from the set of functions, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer. |
| Claim: | 5. A method as in claim 4 , wherein generating further includes inserting, in the second file, additional computer code containing variables from another set of variables different from the set of variables and functions from another set of functions different from the set of functions, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer. |
| Claim: | 6. A method as in claim 1 , wherein the server is an institutional server which is in communication with an intermediary server and contains a master file containing computer code; wherein generating further includes: sending the master file to the intermediary server; and generating the set of files on the intermediary server; wherein sending further includes sending, from the intermediary server, a file from the set of files to the institutional server upon the institutional server receiving a request for access to the computer code. |
| Claim: | 7. A method as in claim 6 , wherein generating further includes generating a new set of files after a fixed time interval has elapsed since a previous set of files was generated. |
| Claim: | 8. A method as in claim 7 , wherein generating further includes: generating, by the intermediary server, a token value from a seed value stored on the intermediary server; and generating, based on the value of the token, a file to be included in the set of files. |
| Claim: | 9. A method as in claim 1 , wherein the report on the existence of the malware on the second client computer includes a report on an existence of a rogue process attempting to modify the second file; and wherein the method further comprises: automatically generating a new second file, the new second file having names of functions and variables and a structure of computer code that differ from the names of the functions and the variables and a structure of the computer code of the second file. |
| Claim: | 10. A method as in claim 1 , wherein each function of the set of functions is configured to pass a set of parameters, each parameter of the set of parameters having a name, the name of a parameter the set of parameters passed by that function in a first file in the set of files differing from the name of a corresponding parameter of the set of parameters passed by that function; and wherein the method further comprises: for each parameter passed by a function of the set of functions, translating the name of that parameter back to a usable parameter. |
| Claim: | 11. A system for providing computer code to a set of client computers, each client computer in the set of client computers having an interpreter capable of producing a set of computer instructions from the computer code, the system comprising a server, the server including: a network interface coupled to a network; a memory; and a processor coupled to the memory, the processor configured to: generate a set of files, each file in the set of files including computer code configured to be read by the interpreter on each client computer, the computer code in each file including a set of functions, each function in the set of functions having a name, the name of a function in the set of functions in a first file in the set of files differing from the name of a corresponding function in the set of functions in a second file in the set of files, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer; receive from a first client computer a first request to access the computer code in the first file; send the first file to the first client computer over the network upon receiving the first request; receive from a second client computer a second request to access the computer code in the second file; send the second file to the second client computer over the network upon receiving the second request; wherein the interpreter is part of a web browser on each client computer; and wherein receiving includes receiving a request through a website loaded onto memory on a client computer, the request originating in response to input-driven events on the client computer; wherein the functionally equivalent sets of computer instructions are configured to report the existence of malware on each client computer to the server; and wherein sending the second file to the second client computer includes: examining a report on the existence of malware on the second client computer; and if malware is found on the second client computer, checking, prior to sending the second file, the content of the second file to ensure there are predetermined differences between the computer code in the second file and the computer code in the first file, wherein the server, the first client computer and the second client computer are distinct. |
| Claim: | 12. A system as in claim 11 , wherein the server is an institutional server which is in communication with an intermediary server and contains a master file containing computer code; wherein generating further includes: sending the master file to the intermediary server; and generating the set of files on the intermediary server; wherein sending further includes sending, from the intermediary server, a file from the set of files to the institutional server upon the institutional server receiving a request for access to the computer code. |
| Claim: | 13. A system as in claim 12 , wherein generating further includes generating a new set of files after a fixed time interval has elapsed since a previous set of files was generated. |
| Claim: | 14. A system as in claim 13 , wherein generating further includes: generating a token value from a seed value stored on the intermediary server; and generating, based on the value of the token, a file to be included in the set of files. |
| Claim: | 15. A computer program product having a non-transitory computer readable storage medium which stores a server code to provide computer code to a set of client computers, each client computer in the set of client computers having an interpreter capable of producing a set of computer instructions from the computer code, the server code including a set of server instructions to: generate a set of files, each file in the set of files including computer code configured to be read by the interpreter on each client computer, the computer code in each file including a set of functions, each function in the set of functions having a name, the name of a function in the set of functions in a first file in the set of files differing from the name of a corresponding function in the set of functions in a second file in the set of files, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer; receive from a first client computer a first request to access the computer code in the first file; send the first file to the first client computer over the network upon receiving the first request; receive from a second client computer a second request to access the computer code in the second file; send the second file to the second client computer over the network upon receiving the second request; wherein the interpreter is part of a web browser on each client computer; and wherein receiving includes receiving a request through a website loaded onto memory on a client computer, the request originating in response to input-driven events on the client computer; wherein the functionally equivalent sets of computer instructions are configured to report the existence of malware on each client computer to the server; and wherein sending the second file to the second client computer includes: examining a report on the existence of malware on the second client computer; and if malware is found on the second client computer, checking, prior to sending the second file, the content of the second file to ensure there are predetermined differences between the computer code in the second file and the computer code in the first file, wherein the server, the first client computer and the second client computer are distinct. |
| Claim: | 16. A computer program product as in claim 15 , wherein generating further includes having each file in the set of files further include a set of variables, each variable in the set of variables having a name, the name of a variable in the set of variables in a first file in the set of files differing from the name of a corresponding variable in the set of variables in a second file in the set of files, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer. |
| Claim: | 17. A computer program product as in claim 16 , wherein the set of files form a sequence of files; and wherein the method further comprises receiving an additional request from a client computer from the set of client computers and, in response to the additional request, sending in a round robin fashion the next file in the sequence of files to the client computer from which the additional request was received. |
| Claim: | 18. A computer program product as in claim 17 , wherein generating further includes inserting, in the second file, additional computer code containing variables from the set of variables and functions from the set of functions, the computer code in the first file and the computer code in the second file being constructed and arranged to produce functionally equivalent sets of computer instructions when run through the interpreter on each client computer. |
| Current U.S. Class: | 717/136 |
| Patent References Cited: | 6463538 October 2002 Elteto 7506177 March 2009 Chow et al. 7620987 November 2009 Shelest et al. 7774831 August 2010 Kuznetsov et al. 7779394 August 2010 Homing et al. 8020152 September 2011 Wadsworth et al. 2004/0103404 May 2004 Naumovich et al. 2004/0236957 November 2004 Durand et al. 2006/0005250 January 2006 Chu et al. 2006/0225036 October 2006 Pandit et al. 2006/0265689 November 2006 Kuznetsov et al. 2007/0169023 July 2007 Bera 2007/0240222 October 2007 Tuvell et al. 2009/0119515 May 2009 Nicolson et al. 2010/0180346 July 2010 Nicolson et al. 2010/0313188 December 2010 Asipov et al. 2012/0116896 May 2012 Holloway et al. |
| Other References: | Making a hack proof game in Javascript, Stackoverflow, Jul. 2, 2010, 6 pages, [retrieved on Jun. 23, 2013], Retrieved from the Internet: Mishra, P., Taxonomy of Uniqueness Transformations, Department of Computer Science, San Jose State University, Dec. 2003, 110 pages, [retrieved on Jun. 24, 2013], Retrieved from the Internet: Method for a JavaScript Obfuscator, IBM Technical Disclosure Bulletin, Feb. 1, 2002, 4 pages, [retrieved on Jun. 20, 2013], Retrieved from the Internet: Van Gundy, M., Towards a More Trustworthy Online Experience, Department of Computer Science, University of California, Davis, May 25, 2010, 62 pages, [retrieved on Jun. 20, 2013], Retrieved from the Internet: Jiang, X., et al., RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization, CERIAS Tech Report 2005-78, 2007, 21 pages, [retrieved on Jun. 20, 2013], Retrieved from the Internet: |
| Assistant Examiner: | St Leger, Geoffrey |
| Primary Examiner: | Dao, Thuy |
| Attorney, Agent or Firm: | BainwoodHuang |
| Přístupové číslo: | edspgr.08683452 |
| Databáze: | USPTO Patent Grants |
Buďte první, kdo okomentuje tento záznam!