Adaptive integrity verification of software and authorization of memory access
First Claim
Patent Images
1. A method for integrity verification of memory access operations between virtualized execution environments in a computing system, the method comprising:
- identifying a memory access operation, wherein the memory access operation involves memory access attempted by a source software component to memory associated with a destination software component, and wherein the source software component operates in one of an execution environment or a secure execution environment and the destination software component operates in the other of the execution environment or the secure execution environment;
intercepting the memory access operation, in response to the identified memory access operation attempting access to a memory location of the secure execution environment or attempting access from the secure execution environment to a memory location of the execution environment;
performing integrity verification of the source software component and authorization of the memory access operation; and
allowing the memory access operation to be performed in response to successful verification of the source software component and successful authorization of the memory access operation.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are described herein that discuss how a computing platform executing a virtualized environment, in one example, can be integrity verified adaptively and on demand. This may occur at initial runtime, as well as during continued operations, and allows the platform user to install software from various vendors without sacrificing the integrity measurement and therefore the trustworthiness of the platform.
-
Citations
24 Claims
-
1. A method for integrity verification of memory access operations between virtualized execution environments in a computing system, the method comprising:
-
identifying a memory access operation, wherein the memory access operation involves memory access attempted by a source software component to memory associated with a destination software component, and wherein the source software component operates in one of an execution environment or a secure execution environment and the destination software component operates in the other of the execution environment or the secure execution environment; intercepting the memory access operation, in response to the identified memory access operation attempting access to a memory location of the secure execution environment or attempting access from the secure execution environment to a memory location of the execution environment; performing integrity verification of the source software component and authorization of the memory access operation; and allowing the memory access operation to be performed in response to successful verification of the source software component and successful authorization of the memory access operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing system, comprising:
-
at least one processor; a first virtual processor implemented with instructions executing via the at least one processor; a second virtual processor implemented with instructions executing via the at least one processor; and an integrity verification agent implemented with instructions executing via the at least one processor, the integrity verification agent adapted to perform verification of memory access operations between the first virtual processor and the second virtual processor, the integrity verification agent to perform operations comprising; identifying a memory access operation, wherein the memory access operation involves memory access attempted by a source software component to memory associated with a destination software component, and wherein the source software component operates in one of an execution environment or a secure execution environment and the destination software component operates in the other of the execution environment or the secure execution environment; intercepting the memory access operation, in response to the identified memory access operation attempting access to a memory location of the secure execution environment or attempting access from the secure execution environment to a memory location of the execution environment; performing integrity verification of the source software component and authorization of the memory access operation; and allowing the memory access operation to be performed in response to successful verification of the source software component and successful authorization of the memory access operation. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. At least one non-transitory machine readable storage medium, comprising a plurality of instructions adapted for integrity verification of memory access operations between virtualized execution environments, wherein the instructions, responsive to being executed with processor circuitry of a computing machine, cause the processor circuitry to perform integrity verification operations comprising:
-
identifying a memory access operation, wherein the memory access operation involves memory access attempted by a source software component to memory associated with a destination software component, and wherein the source software component operates in one of an execution environment or a secure execution environment and the destination software component operates in the other of the execution environment or the secure execution environment; intercepting the memory access operation, in response to the identified memory access operation attempting access to a memory location of the secure execution environment or attempting access from the secure execution environment to a memory location of the execution environment; performing integrity verification of the source software component and authorization of the memory access operation; and allowing the memory access operation to be performed in response to successful verification of the source software component and successful authorization of the memory access operation. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification