Peer integrity checking system
First Claim
Patent Images
1. A method comprising:
- generating a database that contains file properties for a set of valid system files for a non-compromised operating system of a host computer;
storing the database in a distributed manner throughout a peer-to-peer (P2P) network of nodes using a distributed hash table to select the nodes of the P2P network such that two or more nodes of the P2P network store different portions of the database; and
performing, by a first node of the P2P network, an integrity check of a second node of the P2P network to detect whether a system file of an operating system currently executing on the second node of the P2P network has been compromised by;
outputting, by the first node, a challenge to the second node of the P2P network requesting file properties of the system files for the operating system currently executing on the second node,accessing, by the first node and using the distributed hash table, the database distributed throughout the P2P network to retrieve the file properties of the valid system files from the database,receiving, by the first node, the file properties of the system files for the operating system currently executing on the second node,comparing, by the first node, the file properties of the system files of the operating system currently executing on the second node to the file properties retrieved from the database distributed throughout the P2P network,determining, by the first node, that the system files for the operating system currently executing on the second node have been compromised, andinitiating, by the first node, a counter-measure on the second node.
1 Assignment
0 Petitions
Accused Products
Abstract
A distributed file integrity checking system is described. The described peer integrity checking system (PICS) may negate an attack by storing a properties database amongst nodes of a peer-to-peer network of hosts, some or all of which co-operate to protect and watch over each other.
-
Citations
11 Claims
-
1. A method comprising:
-
generating a database that contains file properties for a set of valid system files for a non-compromised operating system of a host computer; storing the database in a distributed manner throughout a peer-to-peer (P2P) network of nodes using a distributed hash table to select the nodes of the P2P network such that two or more nodes of the P2P network store different portions of the database; and performing, by a first node of the P2P network, an integrity check of a second node of the P2P network to detect whether a system file of an operating system currently executing on the second node of the P2P network has been compromised by; outputting, by the first node, a challenge to the second node of the P2P network requesting file properties of the system files for the operating system currently executing on the second node, accessing, by the first node and using the distributed hash table, the database distributed throughout the P2P network to retrieve the file properties of the valid system files from the database, receiving, by the first node, the file properties of the system files for the operating system currently executing on the second node, comparing, by the first node, the file properties of the system files of the operating system currently executing on the second node to the file properties retrieved from the database distributed throughout the P2P network, determining, by the first node, that the system files for the operating system currently executing on the second node have been compromised, and initiating, by the first node, a counter-measure on the second node. - View Dependent Claims (2, 3, 4)
-
-
5. A system comprising:
-
a communications network; a plurality of peer nodes coupled by the communications network to form a peer-to-peer (P2P) network, wherein each of the peer nodes includes a local storage area, and wherein a first node of the P2P network comprises; a microprocessor; a distributed hash table service executing on the microprocessor that is configured to apply a distributed hash table to provide a lookup service to identify locations for objects within the local storage areas of the peer nodes, generate a database that contains file properties for a set of valid system files for a non-compromised operating system of a host computer, and store the database in a distributed manner throughout the P2P network two or more nodes of the P2P network store different portions of the database; and an integrity checker software executing on the microprocessor that is configured to perform an integrity check of a second node of the P2P network to detect whether a system file of an operating system currently executing on the second node of the P2P network has been compromised by; outputting a challenge to the second node of the P2P network requesting file properties of the system files for the operating system currently executing on the second node; accessing, using the distributed hash table, the database distributed throughout the P2P network to retrieve the file properties of the valid system files from the database; receiving the file properties of the system files for the operating system currently executing on the second node; comparing the file properties of the system files of the operating system currently executing on the second node to the file properties retrieved from the database distributed throughout the P2P network; determining that the system files for the operating system currently executing on the second node have been compromised; and initiating a counter-measure on the second node. - View Dependent Claims (6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium comprising instructions that, when executed, cause a processor of a first node of a peer-to-peer (P2P) network to:
-
generate a database that contains file properties for a set of valid system files for a non-compromised operating system of a host computer; store the database in a distributed manner throughout the P2P network of nodes using a distributed hash table to select the nodes of the P2P network such that two or more nodes of the P2P network store different portions of the database; and perform an integrity check of a second node of the P2P network to detect whether a system file of an operating system currently executing on the second node of the P2P network has been compromised by; outputting a challenge to the second node of the P2P network requesting file properties of the system files for the operating system currently executing on the second node; accessing, using the distributed hash table, the database distributed throughout the P2P network to retrieve the file properties of the valid system files from the database; receiving the file properties of the system files for the operating system currently executing on the second node; comparing the file properties of the system files of the operating system currently executing on the second node to the file properties retrieved from the database distributed throughout the P2P network; determining that the system files for the operating system currently executing on the second node have been compromised; and initiating a counter-measure on the second node. - View Dependent Claims (10, 11)
-
Specification