Search

US-12625929-B2 - Storing watermarks in a software image

US12625929B2US 12625929 B2US12625929 B2US 12625929B2US-12625929-B2

Abstract

One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded.

Inventors

  • Douglas Max Grover
  • Michael F. Angelo

Assignees

  • MICRO FOCUS LLC

Dates

Publication Date
20260512
Application Date
20230324

Claims (20)

  1. 1 . A system comprising: a microprocessor; and a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that, when executed by the microprocessor, cause the microprocessor to: identify one or more unused locations in a software image; generate a first watermark based on at least part of the software image; store the first watermark separately from the software image; subdivide the first watermark into plural first watermark portions comprising different first and second watermark portions; place the first watermark portion in a first unused location and the different second watermark portion in a different second unused location to produce a watermarked software image; receive a request to load the watermarked software image; in response to receiving the request to load the watermarked software image: generate a second watermark using at least the first and second unused locations in the watermarked software image; and compare the first watermark stored separately from the software image to the second watermark; in response to the first watermark matching the second watermark, load the software image; and in response to the first watermark not matching the second watermark, not loading the software image.
  2. 2 . The system of claim 1 , wherein at least one of the first and second unused locations in the software image are overwritten when the software image is loaded and/or executed and wherein the first watermark comprises one or more of a forward hash of the software image, a reverse hash of the software image, a transparent bit code, and based on a record or pointer that determines that a layout of the software image has not changed.
  3. 3 . The system of claim 1 , wherein the first watermark is assigned based on a tenant basis in a cloud service based on one or more of a type of virtual machine, container, application, an administration, and a type of service provided by the software image.
  4. 4 . The system of claim 1 , wherein the microprocessor determines, based on one or more rules, a specific type of watermark to be generated, the specific type of watermark comprising one or more of a forward hash of the software image, a reverse hash of the software image, a transparent bit code, and based on a record or pointer associated with a layout of the software image, the first watermark being the determined specific type of watermark, and wherein the different first and second watermark portions comprise two or more of: one or more hashes, one or more checksums, one or more cyclic redundancy checks, one or more random numbers, one or more encrypted hashes, one or more encrypted checksums, one or more encrypted cyclic redundancy checks, one or more transparent bit codes, and one or more tokens of one or more hashes.
  5. 5 . The system of claim 1 , wherein the first watermark is used to track legitimate changes of the software image through a software image life cycle and wherein the first watermark comprises one or more of format, types of service, hash values of elements, hash values of configuration, size, layout index into a virtual environment, associated blocks, and block pointers.
  6. 6 . The system of claim 1 , wherein the first watermark changes and is updated each time after the software image is unloaded.
  7. 7 . The system of claim 1 , wherein an order of the first and second unused locations is dynamically determined based on a random number and/or a number for first and second unused locations is determined based on the random number.
  8. 8 . The system of claim 7 , wherein different portions of the random number and/or number map to the first and second unused locations.
  9. 9 . The system of claim 1 , wherein the first and second unused locations comprise at least one of: storage space that is marked as a bad block, a protected memory location, and space that is in a file structure as an added set of bits.
  10. 10 . The system of claim 1 , wherein the first and second unused locations comprise one or more of a memory location within the software image that is not used or not initially used by the software image and comprise an uninitialized location that is overwritten when the software image is loaded and/or executed, and wherein the first and second unused locations comprise one or more of white space of the software image, non-initialized data segment, stack space, heap space, and padding.
  11. 11 . The system of claim 1 , wherein in response to receiving the request to load the software image further comprises at least one of: validating a load sequence of the software image, wherein the first watermark is based on the load sequence of the software image; hashing the software image to generate a first hash of the software image and comparing the first hash of the software image to the first watermark, wherein the first watermark is a second hash of the software image; generating a first checksum and/or a first cyclic redundancy check of the software image and comparing the first checksum and/or the first cyclic redundancy check to the first watermark, wherein the first watermark is a second checksum of the software image and/or a second cyclic redundancy check of the software image; looking up the first hash of the software image based on a token and comparing the first hash to the second hash of the software image, wherein the token is the first watermark; determining an execution order of the software image and comparing the execution order of the software image to the first watermark, wherein the first watermark is based on the execution order of the software image; determining locations of files used by the software image and comparing the locations of the files used by the software image to the first watermark, wherein the first watermark is based on the locations of the files used by the software image; and unsigning the first watermark, wherein the first watermark is signed using a digital signature.
  12. 12 . A method comprising: identifying, by a microprocessor, one or more unused locations in a software image; determining, by the microprocessor based on one or more rules, a specific type of watermark to be generated, the specific type of watermark comprising one or more of a forward hash of the software image, a reverse hash of the software image, a transparent bit code, and based on a record or pointer associated with a layout of the software image; generating, by the microprocessor, a first watermark based on at least part of the software image, the first watermark being the determined specific type of watermark; storing, by the microprocessor, the first watermark separately from the software image; subdividing, by the microprocessor, the first watermark into plural first watermark portions comprising different first and second watermark portions; placing, by the microprocessor, the first watermark portion in a first unused location and the different second watermark portion in a different second unused location to produce a watermarked software image; receiving, by the microprocessor, a request to load the watermarked software image; in response to receiving the request to load the watermarked software image: generating, by the microprocessor, a second watermark using at least the first and second unused locations in the watermarked software image; and comparing, by the microprocessor, the first watermark stored separately from the software image to the second watermark; in response to the first watermark matching the second watermark, loading, by the microprocessor, the software image; and in response to the first watermark not matching the second watermark, not loading the software image.
  13. 13 . The method of claim 12 , wherein at least one of the first and second unused locations in the software image are overwritten when the software image is loaded and/or executed and wherein the first watermark comprises one or more of a forward hash of the software image, a reverse hash of the software image, a transparent bit code, and based on a record or pointer that determines that a layout of the software image has not changed.
  14. 14 . The method of claim 12 , wherein the first watermark is assigned based on a tenant basis in a cloud service based on one or more of a type of virtual machine, container, application, an administration, and a type of service provided by the software image.
  15. 15 . The method of claim 12 , wherein an order of the first and second unused locations is dynamically determined based on a random number and/or a number for the first and second unused locations is determined based on the random number.
  16. 16 . The method of claim 15 , wherein different portions of the random number and/or number map to the first and second unused locations and wherein the first watermark comprises one or more of format, types of service, hash values of elements, hash values of configuration, size, layout index into a virtual environment, associated blocks, and block pointers.
  17. 17 . The method of claim 12 , wherein the different first and second watermark portions comprise two or more of: one or more hashes, one or more checksums, one or more cyclic redundancy checks, one or more random numbers, one or more encrypted hashes, one or more encrypted checksums, one or more encrypted cyclic redundancy checks, one or more transparent bit codes, and one or more tokens of one or more hashes.
  18. 18 . The method of claim 12 , wherein the first and second unused locations comprise at least one of: storage space that is marked as a bad block, a protected memory location, and space that is in a file structure as an added set of bits.
  19. 19 . The method of claim 12 , wherein the first and second unused locations comprise one or more of a memory location within the software image that is not used or not initially used by the software image and comprise an uninitialized location that is overwritten when the software image is loaded and/or executed, and wherein the first and second unused locations comprise one or more of white space of the software image, non-initialized data segment, stack space, heap space, and padding and wherein in response to receiving the request to load the software image further comprises at least one of: validating a load sequence of the software image, wherein the first watermark is based on the load sequence of the software image; hashing the software image to generate a first hash of the software image and comparing the first hash of the software image to the first watermark, wherein the first watermark is a second hash of the software image; generating a first checksum and/or a first cyclic redundancy check of the software image and comparing the first checksum and/or the first cyclic redundancy check to the first watermark, wherein the first watermark is a second checksum of the software image and/or a second cyclic redundancy check of the software image; looking up the first hash of the software image based on a token and comparing the first hash to a second hash of the software image, wherein the token is the first watermark; determining an execution order of the software image and comparing the execution order of the software image to the first watermark, wherein the first watermark is based on the execution order of the software image; determining locations of files used by the software image and comparing the locations of the files used by the software image to the first watermark, wherein the first watermark is based on the locations of the files used by the software image; and unsigning the first watermark, wherein the first watermark is signed using a digital signature.
  20. 20 . A non-transient computer readable medium having stored thereon instructions that cause a processor to execute a method, the method comprising instructions to: identify one or more unused locations in a software image; determine, based on one or more rules, a specific type of watermark to be generated, the specific type of watermark comprising one or more of a forward hash of the software image, a reverse hash of the software image, a transparent bit code, and based on a record or pointer associated with a layout of the software image; generate a first watermark based on at least part of the software image, the first watermark being the determined specific type of watermark; store the first watermark in a separate location from the software image; subdivide the first watermark into plural first watermark portions comprising different first and second watermark portions; place the first watermark portion in a first unused location and the different second watermark portion in a different second unused location to produce a watermarked software image; receive a request to load the watermarked software image; in response to receiving the request to load the watermarked software image: generate a second watermark using at least the first and second unused locations in the watermarked software image; and compare the first watermark stored in a separate location from the software image to the second watermark; in response to the first watermark matching the second watermark, load the software image; and in response to the first watermark not matching the second watermark, not loading the software image.

Description

FIELD The disclosure relates generally to protection of software images and particularly to the protection of software images from tampering using watermarks. BACKGROUND One of the problems with containers/Virtual Machines (VMs)/software applications is that their images can be compromised. For example, someone may insert malware into an existing virtual machine image. When the image is loaded, the malware then becomes active. There are currently several solutions to solve this, such as, using a hash to validate the container/VM image, using mirror images, and encrypting the container/VM image. While these solutions do provide a significant benefit, malicious parties have still been able to defeat these solutions. What is needed is a solution that is not obvious to a malicious party and/or can be used in conjunction with these solutions to provide enhanced container/VM image protection. SUMMARY These and other needs are addressed by the various embodiments and configurations of the present disclosure. The present disclosure can provide a number of advantages depending on the particular configuration. These and other advantages will be apparent from the disclosure contained herein. One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded. The phrases “at least one”, “one or more”, “or,” and “and/or” are open-ended expressions that are both conjunctive and disjunctive in operation. For example, each of the expressions “at least one of A, B and C”, “at least one of A, B, or C”, “one or more of A. B. and C”, “one or more of A, B, or C”, “A, B, and/or C”, and “A, B, or C” means A alone, B alone, C alone, A and B together, A and C together, B and C together, or A, B and C together. The term “a” or “an” entity refers to one or more of that entity. As such, the terms “a” (or “an”). “one or more” and “at least one” can be used interchangeably herein. It is also to be noted that the terms “comprising,” “including”, and “having” can be used interchangeably. The term “automatic” and variations thereof, as used herein, refers to any process or operation, which is typically continuous or semi-continuous, done without material human input when the process or operation is performed. However, a process or operation can be automatic, even though performance of the process or operation uses material or immaterial human input, if the input is received before performance of the process or operation. Human input is deemed to be material if such input influences how the process or operation will be performed. Human input that consents to the performance of the process or operation is not deemed to be “material.” Aspects of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain or store a program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein