Portion-level in-memory module authentication
First Claim
1. A method of verifying the integrity of a software module partially or fully loaded into memory of a computing environment for execution, where module-level verification exists for said software module, comprising:
- verifying that said software module to be loaded has not been tampered with by using said module-level verification;
creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory; and
using one of said portion-level verifications to verify a portion of said software module as loaded into memory.
2 Assignments
0 Petitions
Accused Products
Abstract
Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by storing hashes of smaller portions of the module (e.g. page-level hashes) as they should look when loaded into memory for execution. After an initial authentication is completed, hashes of smaller portions of the module are stored. These hashes consist of the portion of memory as modified by changes which would be made by the operating system loader operating normally. Thus, the hashes can be used to verify that the portion as loaded into memory for execution is 1) a correct copy of the portion of the software module, 2) correctly modified for execution by the processor, and 3) not tampered with since loading. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually re-verified, in order to ensure that no changes have been made in the module.
90 Citations
25 Claims
-
1. A method of verifying the integrity of a software module partially or fully loaded into memory of a computing environment for execution, where module-level verification exists for said software module, comprising:
-
verifying that said software module to be loaded has not been tampered with by using said module-level verification;
creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory; and
using one of said portion-level verifications to verify a portion of said software module as loaded into memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A module verifier for verifying the integrity of a software module partially or fully loaded into memory of a computing environment for execution, where module-level verification exists for said software module, comprising:
-
module-level verification for verifying that said software module being loaded has not been tampered with by using said module-level verification;
portion-level verification creator for creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory; and
portion-level verification for using one of said portion-level verifications to verify a portion of said software module as loaded into memory. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification