Methods and apparatus for hierarchical system validation
First Claim
1. A data security system, comprising:
- a memory;
a security tool stored within the memory;
a validation agent stored within the memory;
a first processor operatively coupled to the memory, the first processor being programmed to use the security tool to prevent unauthorized access to the memory and programmed to use the validation agent to monitor the integrity of the security tool;
a second processor programmed to directly access the memory and to monitor the integrity of the validation agent; and
a data bus operatively coupled to the first and second processors, the data bus being arranged to allow the second processor to directly access the validation agent.
2 Assignments
0 Petitions
Accused Products
Abstract
A data security system includes a memory, a security tool stored within the memory and a validation agent stored within the memory. A first processor is operatively coupled to the memory and programmed to use the security tool to prevent unauthorized access to the memory and programmed to use the validation agent to monitor the integrity of the security tool. A second processor is programmed to directly access the memory and to monitor the integrity of the validation agent. A data bus is operatively coupled to the first and second processors and arranged to allow the second processor to directly access the validation agent. If the validation agent is compromised, the second processor causes the first processor to communicatively decouple from a network. If the security tool is compromised, the second processor causes the first processor to decouple from a network.
93 Citations
39 Claims
-
1. A data security system, comprising:
-
a memory;
a security tool stored within the memory;
a validation agent stored within the memory;
a first processor operatively coupled to the memory, the first processor being programmed to use the security tool to prevent unauthorized access to the memory and programmed to use the validation agent to monitor the integrity of the security tool;
a second processor programmed to directly access the memory and to monitor the integrity of the validation agent; and
a data bus operatively coupled to the first and second processors, the data bus being arranged to allow the second processor to directly access the validation agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of monitoring the integrity of security components comprising:
-
causing a first processor to execute a validation agent to compare a characteristic of an uncompromised version of a security tool stored in a memory to a characteristic of a run-time image of the security tool;
causing a second processor to compare a characteristic of an uncompromised version of the validation agent stored in the memory to a characteristic of a run-time image of the validation agent;
communicatively decoupling the first processor from a network if the stored security tool characteristic does not match the run-time security tool characteristic; and
communicatively decoupling the first processor from the network if the stored validation agent characteristic does not match the run-time validation agent characteristic. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An article of manufacture comprising:
-
a computer readable memory;
a first routine stored on the computer readable memory and adapted to be executed on a first processor operatively coupled to a bus to monitor the integrity of a security tool adapted to be executed on the first processor, a second routine stored on the computer readable memory and adapted to be executed on a second processor operatively coupled to the bus to monitor the integrity of the first routine; and
a third routine stored on the computer readable memory and adapted to be executed by the second processor to communicatively decouple the first processor from a network if the second routine determines the first routine has been compromised. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification