Demonstrating integrity of a compartment of a compartmented operating system

US 20020194493A1
Filed: 06/07/2002
Published: 12/19/2002
Est. Priority Date: 11/28/2000
Status: Active Grant

First Claim

Patent Images

1. A method for demonstrating integrity of an operating system compartment in a computing platform having a trusted device, comprising the steps of:

(a) providing a host operating system;

(b) confirming a status of the host operating system using the trusted device;

(c) providing a compartment of the host operating system; and

(d) confirming a status of the compartment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing platform 20 runs a compartmented operating system 22 and includes a trusted device 23 for forming an integrity metric which a user can interrogate to confirm integrity of the operating system. Also, the integrity of an individual compartment 24 is verified by examining status information for that compartment including, for example, the identity of any open network connections, the identity of any running processes, and the status of a section of file space allocated to that compartment 24. Hence, the integrity of an individual compartment 24 of the compartmented operating system 22 can be demonstrated.

Citations

21 Claims

1. A method for demonstrating integrity of an operating system compartment in a computing platform having a trusted device, comprising the steps of:
- (a) providing a host operating system;
  
  (b) confirming a status of the host operating system using the trusted device;
  
  (c) providing a compartment of the host operating system; and
  
  (d) confirming a status of the compartment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the step (d) comprises comparing a current state of the compartment against an expected state.
  - 3. The method of claim 2, comprising providing a status metric representing the current state of the compartment.
  - 4. The method of claim 3, comprising providing the status metric from the trusted device of the computing platform.
  - 5. The method of claim 2, wherein the step (d) comprises providing information about the current state of the compartment, including information about any one or more of (i) a section of file space allocated to the compartment;
    - (ii) any processes allocated to the compartment;
      
      or (iii) any communication interfaces allocated to the compartment.
  - 6. The method of claim 5, wherein the step (d) comprises any one or more of:
    - confirming that the compartment has access only to an expected section of file space;
      
      confirming that the allocated section of file space is in an expected condition;
      
      confirming that only an expected process or processes are allocated to the compartment; and
      
      confirming that only an expected communication interface or communication interfaces are allocated to the compartment.
  - 7. The method of claim 6, comprising confirming for each process allocated to the compartment that only an expected Inter-Process Communication channel or channels are open.

8. A method for use in a computing platform having a trusted device, the method comprising the steps of:
- (a) providing a host operating system;
  
  (b) verifying a status of the host operating system by comparing an integrity metric formed by the trusted device against an integrity metric in a previously formed certificate;
  
  (c) providing a compartment of the host operating system; and
  
  (d) verifying a status of the compartment by comparing a status metric formed by the trusted device against a status metric in a previously formed certificate.
- View Dependent Claims (9)
- - 9. The method of claim 8, wherein the status metric includes information about any one or more of (i) a section of file space allocated to the compartment;
    - (ii) any processes allocated to the compartment;
      
      (iii) any IPC channels open to the allocated processes;
      
      or (iv) any communication interfaces allocated to the compartment.

10. A computing platform, comprising:
- a host operating system;
  
  at least one compartment provided by the host operating system;
  
  a trusted device arranged to confirm a status of the host operating system; and
  
  a status unit arranged to confirm a status of the compartment.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 19)
- - 11. The computing platform of claim 10, wherein the trusted device forms an integrity metric of the host operating system to be compared against an expected status.
  - 12. The computing platform of claim 10, wherein the status unit comprises at least one of the host operating system or the trusted device.
  - 13. The computing platform of claim 10, wherein the status unit provides a current status of the compartment to be compared against an expected status.
  - 14. The computing platform of claim 13, wherein the status unit provides a status metric.
  - 15. The computing platform of claim 13, wherein the current status identifies any one or more of (i) a section of file space allocated to the compartment, (ii) any processes allocated to the compartment, (iii) any IPC channels open for any process allocated to the compartment, or (iv) any communication interfaces allocated to the compartment.
  - 16. The computing platform of claim 15, wherein the status unit confirms a condition of the section of file space allocated to the compartment.
  - 17. The computing platform of claim 16, wherein the condition of the section of file space allocated to the compartment is used to determine whether the section of file space has been corrupted.
  - 19. The computing platform of claim 18, wherein the status metric includes information about any one or more of (i) a section of file space allocated to the compartment;
    - (ii) any processes allocated to the compartment;
      
      or (iii) any communication interfaces allocated to the compartment.

18. A computing platform, comprising:
- a host operating system;
  
  a compartment provided by the host operating system; and
  
  a trusted device arranged to obtain an integrity metric of the host operating system for comparison against an integrity metric in a previously formed certificate, and arranged to obtain a status metric of the compartment for comparison against a status metric in a previously formed certificate.

20. A trusted device for use in a computing platform providing a host operating system having at least one compartment, the trusted device comprising:
- means arranged in use to obtain an integrity metric of the host operating system for comparison against an integrity metric in a previously formed certificate; and
  
  means arranged in use to obtain a status metric of the compartment for comparison against a status metric in a previously formed certificate.
- View Dependent Claims (21)
- - 21. The trusted device of claim 20, wherein the status metric includes information about any one or more of (i) a section of file space allocated to the compartment;
    - (ii) any processes allocated to the compartment;
      
      (iii) any IPC channels open to the allocated processes;
      
      or (iv) any communication interfaces allocated to the compartment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Company (HP Inc.)
Inventors
Dalton, Christopher I.

Granted Patent

US 9,633,206 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/57   Certifying or maintaining t...

G06F 2211/009   Trust

G06F 2221/2105   Dual mode as a secondary as...

Demonstrating integrity of a compartment of a compartmented operating system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Demonstrating integrity of a compartment of a compartmented operating system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links