Identity based behavior measurement architecture
First Claim
Patent Images
1. An apparatus, comprising:
- a memory; and
a processor executing;
instructions for a behavior measurement architecture (BMA) derived from an integrity measurement architecture (IMA), which is executed using an identity model to express a deterministic measurement value representative of behavior of an endpoint device of a group of service-providing network endpoints or a platform of the group of service-providing network endpoints hosted on the endpoint device; and
instructions for a security supervisor provided by the BMA and implemented through a daemon or an operating system program, which are executed to;
generate a unique identity for the endpoint device based on the identity model including a hash function, wherein the deterministic measurement value includes the unique identity for the endpoint device;
verify behavior of the endpoint device or the platform using the unique identity;
uphold a pre-defined behavioral state of the endpoint device or the platform and support execution of application instructions stored in memory of the endpoint device using the unique identity; and
execute a pre-determined action, via itself or a device derived from the security supervisor, when a behavior of the endpoint device or the platform is inconsistent with the pre-defined behavioral state of the endpoint device or the platform, according the unique identity of the endpoint device.
1 Assignment
0 Petitions
Accused Products
Abstract
An Identity Based Behavior Measurement Architecture (such as the BMA) and related technologies are described herein. In an exemplary embodiment, the BMA can be derived from an IMA and use an identity model to express a deterministic measurement value for platform behavior.
-
Citations
20 Claims
-
1. An apparatus, comprising:
-
a memory; and a processor executing; instructions for a behavior measurement architecture (BMA) derived from an integrity measurement architecture (IMA), which is executed using an identity model to express a deterministic measurement value representative of behavior of an endpoint device of a group of service-providing network endpoints or a platform of the group of service-providing network endpoints hosted on the endpoint device; and instructions for a security supervisor provided by the BMA and implemented through a daemon or an operating system program, which are executed to; generate a unique identity for the endpoint device based on the identity model including a hash function, wherein the deterministic measurement value includes the unique identity for the endpoint device; verify behavior of the endpoint device or the platform using the unique identity; uphold a pre-defined behavioral state of the endpoint device or the platform and support execution of application instructions stored in memory of the endpoint device using the unique identity; and execute a pre-determined action, via itself or a device derived from the security supervisor, when a behavior of the endpoint device or the platform is inconsistent with the pre-defined behavioral state of the endpoint device or the platform, according the unique identity of the endpoint device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus, comprising:
-
a memory configured to contain an operating system kernel, a security bootloader, and a security supervisor program; and a processor configured to execute; the operating system kernel to initiate a launch sequence and compile the launch sequence into a kernel image that maintains integrity of the launch sequence; the security bootloader to initialize a system identity and root filesystem after launch of the kernel; and the security supervisor program, which is launched after launch of the security bootloader, to; host applications or execution environments with documented system behavior, the applications or execution environments including a native binaries environment, a virtual machine environment, or a container environment; use an anonymous key agreement protocol that allows at least two endpoint devices to establish a shared secret over an insecure channel using a key exchange; generate a unique identity for at least one of the endpoint devices based on an identity model including a hash function; generate a key for the key exchange through key scheduling based on the generated unique identity and an epoch associated with a period of the key exchange; verify behavior of the endpoint devices or a platform running on the endpoint devices against a respective pre-defined behavioral state for each one of the endpoint devices or the platform; and execute a pre-determined action when a behavior of at least one of the endpoint devices or the platform is inconsistent with the respective pre-defined behavioral state.
-
-
20. A method, comprising:
-
initiating a launch sequence and compiling the launch sequence into a kernel image that maintains integrity of the launch sequence; initializing a system identity and root filesystem; and after compiling the launch sequence and initializing the system identity and root filesystem, the method further comprising; hosting, by a security supervisor, applications or execution environments with documented system behavior, the applications or execution environments including a native binaries environment, a virtual machine environment, or a container environment; using an anonymous key agreement protocol that allows at least two endpoint devices to establish a shared secret over an insecure channel using a key exchange; generating a unique identity for at least one of the endpoint devices based on an identity model including a hash function; generating a key for the key exchange through key scheduling based on the generated unique identity and an epoch associated with a period of the key exchange; verifying behavior of the endpoint devices or a platform running on the endpoint devices against a respective pre-defined behavioral state for each one of the endpoint devices or the platform; and executing a pre-determined action when a behavior of at least one of the endpoint devices or the platform is inconsistent with the respective pre-defined behavioral state.
-
Specification