Methods and apparatus for hierarchical system validation

US 20050138402A1
Filed: 12/23/2003
Published: 06/23/2005
Est. Priority Date: 12/23/2003
Status: Abandoned Application

First Claim

Patent Images

1. A data security system, comprising:

a memory;

a security tool stored within the memory;

a validation agent stored within the memory;

a first processor operatively coupled to the memory, the first processor being programmed to use the security tool to prevent unauthorized access to the memory and programmed to use the validation agent to monitor the integrity of the security tool;

a second processor programmed to directly access the memory and to monitor the integrity of the validation agent; and

a data bus operatively coupled to the first and second processors, the data bus being arranged to allow the second processor to directly access the validation agent.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data security system includes a memory, a security tool stored within the memory and a validation agent stored within the memory. A first processor is operatively coupled to the memory and programmed to use the security tool to prevent unauthorized access to the memory and programmed to use the validation agent to monitor the integrity of the security tool. A second processor is programmed to directly access the memory and to monitor the integrity of the validation agent. A data bus is operatively coupled to the first and second processors and arranged to allow the second processor to directly access the validation agent. If the validation agent is compromised, the second processor causes the first processor to communicatively decouple from a network. If the security tool is compromised, the second processor causes the first processor to decouple from a network.

93 Citations

View as Search Results

39 Claims

1. A data security system, comprising:
- a memory;
  
  a security tool stored within the memory;
  
  a validation agent stored within the memory;
  
  a first processor operatively coupled to the memory, the first processor being programmed to use the security tool to prevent unauthorized access to the memory and programmed to use the validation agent to monitor the integrity of the security tool;
  
  a second processor programmed to directly access the memory and to monitor the integrity of the validation agent; and
  
  a data bus operatively coupled to the first and second processors, the data bus being arranged to allow the second processor to directly access the validation agent.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A data security system as described in claim 1, wherein the first processor is communicatively coupled to a network, and wherein the second processor is programmed to cause the first processor to communicatively decouple from the network if the validation agent is compromised.
  - 3. A data security system as described in claim 1, wherein the first processor is communicatively coupled to a network, and wherein the second processor is programmed to cause the first processor to communicatively decouple from the network if the security tool is compromised.
  - 4. A data security system as described in claim 1, wherein the security tool comprises a firewall.
  - 5. A data security system as described in claim 1, wherein the validation agent comprises an intrusion detection system.
  - 6. A data security system as described in claim 1, wherein the bus is adapted to allow the second processor to access the memory via direct memory access.
  - 7. A data security system as described in claim 1, wherein the first processor is communicatively coupled to a network, the data security system further comprising a characteristic unique to an uncompromised version of the security tool stored within the memory, wherein the first processor is programmed to cause the validation agent to compare the stored security tool characteristic to a characteristic of a run-time image of the security tool, and wherein the first processor is programmed to communicatively decouple from the network if the stored security tool characteristic does not match the run-time security tool characteristic.
  - 8. A data security system as described in claim 1, wherein the first processor is communicatively coupled to a network, the data security system further comprising a characteristic unique to an uncompromised version of the validation agent stored within the memory, wherein the second processor is programmed to compare the stored validation agent characteristic to a characteristic of a run-time image of the validation agent, and wherein the second processor is programmed to communicatively decouple the first processor from the network if the stored validation agent characteristic does not match the run-time validation agent characteristic.
  - 9. A data security system as described in claim 8, wherein the run-time image comprises a run-time code image of the validation agent.
  - 10. A data security system as described in claim 8, wherein the run-time image comprises a run-time data image of the validation agent.
  - 11. A data security system as described in claim 1, wherein a network interface controller comprises the second processor.
  - 12. A data security system as described in claim 1, wherein a local area network on motherboard (LOM) comprises the second processor.
  - 13. A data security system as described in claim 1, wherein a system chipset comprises the second processor.
  - 14. A data security system as described in claim 1, wherein the second processor is communicatively coupled to a server comprising a third processor, the third processor being programmed to receive data relating to the security tool, the third processor being programmed to determine a characteristic unique to an uncompromised version of the security tool from the data relating to security tool, the third processor being programmed to send the security tool characteristic to the memory.
  - 15. A data security system as described in claim 1, wherein the second processor is communicatively coupled to a server comprising a third processor, wherein the second processor is programmed to cause the server to be alerted of a security breach if the first processor is communicatively decoupled from a network.
  - 16. A data security system as described in claim 1, wherein the first processor is programmed to maintain an unfragmented and contiguous view of the security tool in a virtual memory;
    - and wherein the first processor is programmed to provide the validation agent with access to the virtual memory to view the security tool.
  - 17. A data security system as described in claim 1, wherein the first processor is programmed to maintain an unfragmented and contiguous view of the validation agent in a physical memory;
    - and wherein the second processor is programmed to access the physical memory to view the validation agent.

18. A method of monitoring the integrity of security components comprising:
- causing a first processor to execute a validation agent to compare a characteristic of an uncompromised version of a security tool stored in a memory to a characteristic of a run-time image of the security tool;
  
  causing a second processor to compare a characteristic of an uncompromised version of the validation agent stored in the memory to a characteristic of a run-time image of the validation agent;
  
  communicatively decoupling the first processor from a network if the stored security tool characteristic does not match the run-time security tool characteristic; and
  
  communicatively decoupling the first processor from the network if the stored validation agent characteristic does not match the run-time validation agent characteristic.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. A method of monitoring the integrity of security components as described in claim 18, wherein causing the first processor to execute the validation agent to compare a characteristic of an uncompromised version of the security tool to a characteristic of a run-time image of the security tool comprises causing the first processor to execute the validation agent to compare a characteristic of an uncompromised version of the security tool to a characteristic of a run-time code image of the security tool.
  - 20. A method of monitoring the integrity of security components as described in claim 18, wherein causing the first processor to execute the validation agent to compare a characteristic of an uncompromised version of a security tool to a characteristic of a run-time image of the security tool comprises causing the first processor to execute the validation agent to compare a characteristic of an uncompromised version of a security tool to a characteristic of a run-time data image of the security tool.
  - 21. A method of monitoring the integrity of security components as described in claim 18, wherein causing the second processor to compare a characteristic of an uncompromised version of the validation agent to a characteristic of a run-time image of the validation agent comprises causing the first processor to compare a characteristic of an uncompromised version of the validation agent to a characteristic of a run-time code image of the validation agent.
  - 22. A method of monitoring the integrity of security components as described in claim 18, wherein causing the second processor to compare a characteristic of an uncompromised version of the validation agent to a characteristic of a run-time image of the validation agent comprises causing the first processor to compare a characteristic of an uncompromised version of the validation agent to a characteristic of a run-time data image of the validation agent.
  - 23. A method of monitoring the integrity of a security component as described in claim 18, further comprising:
    - causing the second processor to directly access the memory; and
      
      retrieving the stored validation agent characteristic and the run-time validation agent characteristic from the memory.
  - 24. A method of monitoring the integrity of security components as described in claim 18, further comprising:
    - transmitting data relating to information regarding an uncompromised version the security tool to a remote network computer operatively coupled to the network;
      
      receiving voucher data from the remote network computer, the voucher data relating to the security tool characteristics developed from the data relating to the information regarding an uncompromised version of the security tool; and
      
      storing the data relating to the security tool characteristics in the memory.
  - 25. A method of monitoring the integrity of security components as described in claim 18, further comprising alerting a remote network computer of a security breach if the first processor is communicatively decoupled from a network.
  - 26. A method of monitoring the integrity of security components as described in claim 18 further comprising:
    - causing the first processor to maintain an unfragmented and contiguous view of the security tool ins a virtual memory; and
      
      causing the first processor to provide the validation agent with access to the virtual memory to view the security tool.
  - 27. A method of monitoring the integrity of security components as described in claim 18 further comprising causing the first processor to maintain an unfragmented and contiguous view of the validation agent in a physical memory;
    - and causing the second processor to access the physical memory to view the validation agent.

28. An article of manufacture comprising:
- a computer readable memory;
  
  a first routine stored on the computer readable memory and adapted to be executed on a first processor operatively coupled to a bus to monitor the integrity of a security tool adapted to be executed on the first processor, a second routine stored on the computer readable memory and adapted to be executed on a second processor operatively coupled to the bus to monitor the integrity of the first routine; and
  
  a third routine stored on the computer readable memory and adapted to be executed by the second processor to communicatively decouple the first processor from a network if the second routine determines the first routine has been compromised.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 29. An article of manufacture as described in claim 28, further comprising a fourth routine stored on the computer readable medium and adapted to be executed on the second processor to communicatively decouple the first processor from a network if the first routine determines the security tool has been compromised.
  - 30. An article of manufacture as described in claim 29, further comprising a fourth routine stored on the computer readable medium and adapted to be executed on the second processor to alert a remote network computer of a security breach if the first processor is communicatively decoupled from the network.
  - 31. An article of manufacture as described in claim 28, wherein the first routine is adapted to be executed on the first processor to compare a characteristic unique to an uncompromised version of the security tool to a characteristic of a run-time image of the security tool.
  - 32. An article of manufacture as described in claim 28, wherein the second routine is adapted to be executed on the second processor to compare a characteristic unique to an uncompromised version of the first routine to a characteristic of a run-time image of the first routine.
  - 33. An article of manufacture as described in claim 28, further comprises:
    - a fourth routine stored on the computer readable medium and adapted to be executed on the first processor to transmit data relating to information regarding an uncompromised version of the security tool to a remote network computer;
      
      a fifth routine stored on the computer readable medium and adapted to be executed on the first processor to receive voucher data from the remote network computer, the voucher data relating to characteristics unique to the uncompromised version of the security tool developed from the data relating to the information regarding an uncompromised version of the security tool; and
      
      a sixth routine stored on the computer readable medium and adapted to be executed on the first processor to store the security tool characteristics.
  - 34. An article of manufacture as described in claim 28, wherein the security tool comprises a firewall.
  - 35. An article of manufacture as described in claim 28 wherein the second and third routines are adapted to be executed on a processor of a network interface controller.
  - 36. An article of manufacture as described-in claim 28, wherein the second and third routines are adapted to be executed on a processor of a local area network on motherboard (LOM).
  - 37. An article of manufacture as described in claim 28, wherein the second and third routines are adapted to be executed on a processor of a system chipset.
  - 38. An article of manufacture as described in claim 28, further comprising:
    - a fourth routine stored on the computer readable medium and adapted to be executed on the first processor to maintain an unfragmented and contiguous view of the security tool in a virtual memory; and
      
      a fifth routine stored on the computer readable medium and adapted to be executed on the first processor to provide the validation agent with access to the virtual memory to view the security tool.
  - 39. An article of manufacture as described in claim 28, further comprising:
    - a fourth routine stored on the computer readable medium and adapted to be executed on the first processor to maintain an unfragmented and contiguous view of the validation agent in a physical memory; and
      
      a fifth routine stored on the computer readable medium and adapted to be executed on the second processor to access the physical memory to view the validation agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Durham, David M., Yoon, Jeonghee M.

Application Number

US10/744,990
Publication Number

US 20050138402A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

H04L 63/1408 by monitoring network traff...

Methods and apparatus for hierarchical system validation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for hierarchical system validation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links