Portion-level in-memory module authentication

US 20050198051A1
Filed: 03/05/2004
Published: 09/08/2005
Est. Priority Date: 03/05/2004
Status: Active Grant

First Claim

Patent Images

1. A method of verifying the integrity of a software module partially or fully loaded into memory of a computing environment for execution, where module-level verification exists for said software module, comprising:

verifying that said software module to be loaded has not been tampered with by using said module-level verification;

creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory; and

using one of said portion-level verifications to verify a portion of said software module as loaded into memory.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by storing hashes of smaller portions of the module (e.g. page-level hashes) as they should look when loaded into memory for execution. After an initial authentication is completed, hashes of smaller portions of the module are stored. These hashes consist of the portion of memory as modified by changes which would be made by the operating system loader operating normally. Thus, the hashes can be used to verify that the portion as loaded into memory for execution is 1) a correct copy of the portion of the software module, 2) correctly modified for execution by the processor, and 3) not tampered with since loading. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually re-verified, in order to ensure that no changes have been made in the module.

90 Citations

View as Search Results

25 Claims

1. A method of verifying the integrity of a software module partially or fully loaded into memory of a computing environment for execution, where module-level verification exists for said software module, comprising:
- verifying that said software module to be loaded has not been tampered with by using said module-level verification;
  
  creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory; and
  
  using one of said portion-level verifications to verify a portion of said software module as loaded into memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, where said portion-level verifications are page-level verifications.
  - 3. The method of claim 1, where said module-level verification comprises a stored module-level hash for said software module, and where said step of verifying that said software module being loaded has not been tampered with comprises:
    - copying said software module into memory;
      
      hashing specific portions of said in-memory copy of said software module resulting in a computed module-level hash; and
      
      comparing said computed module-level hash to said stored module-level hash.
  - 4. The method of claim 1, where said step of using one of said portion-level verifications to verify a portion of said software module as loaded into memory comprises:
    - loading at least part of said software module into memory for execution; and
      
      verifying at least two portions of said software module as loaded into memory using said portion-level verifications.
  - 5. The method of claim 4, where said step of verifying at least two portions of said software module occurs before said software module is executed.
  - 6. The method of claim 1, where said step of using one of said portion-level verifications to verify a portion of said software module as loaded into memory comprises:
    - maintaining a hot list of specific portions of said software module; and
      
      verifying each portion on said hot list using said portion-level verifications.
  - 7. The method of claim 1, where said step of using one of said portion-level verifications to verify a portion of said software module as loaded into memory comprises:
    - verifying at least one portion of said software module containing code related to security functionality before said security functionality is utilized.
  - 8. The method of claim 1, where said creation of at least two portion-level verifications comprises, for each portion-level verification:
    - modifying said portion of said software module to be verified to comprise all loading changes that would be implemented by a loader in loading said portion of said software module; and
      
      hashing said modified portion.
  - 9. The method of claim 1, where said step of using one of said portion-level verifications to verify a portion of said software module as loaded into memory comprises:
    - periodically verifying a selected portion from among said at least two portions of said software module.
  - 10. The method of claim 9, where said selected portion is selected randomly from said at least two portions.
  - 11. The method of claim 9, where said periodic verification occurs according to a tunable parameter.
  - 12. The method of claim 9, where said selected portion is selected based on a factor selected from among the following:
    - inclusion of said selected portion on a hot list;
      
      the time elapsed since the portion was last verified; and
      
      whether the portion had previously been verified.
  - 13. At least one of an operating system, a computer readable medium having stored thereon a plurality of computer-executable instructions, a co-processing device, a computing device, and a modulated data signal carrying computer executable instructions for performing the method of claim 1.

14. A module verifier for verifying the integrity of a software module partially or fully loaded into memory of a computing environment for execution, where module-level verification exists for said software module, comprising:
- module-level verification for verifying that said software module being loaded has not been tampered with by using said module-level verification;
  
  portion-level verification creator for creating at least two portion-level verifications, each of said portion-level verifications allowing verification of a portion of said software module as loaded into memory; and
  
  portion-level verification for using one of said portion-level verifications to verify a portion of said software module as loaded into memory.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The module verifier of claim 14, where said portion-level verifications are page-level verifications.
  - 16. The module verifier of claim 14, where said module-level verification comprises:
    - memory for storing a copy of said software module;
      
      hasher for hashing specific portions of said in-memory copy of said software module resulting in a computed module-level hash; and
      
      comparator for comparing said computed module-level hash to said stored module-level hash.
  - 17. The module verifier of claim 14, where portion level-verification comprises:
    - a loader for loading at least part of said software module into memory for execution; and
      
      a portion verifier for verifying at least two portions of said software module as loaded into memory using said portion-level verifications.
  - 18. The module verifier of claim 17, where said portion verifier verifies said portions of said software module before said software module is executed.
  - 19. The module verifier of claim 14, where portion-level verification comprises:
    - storage for storing a hot list of specific portions of said software module; and
      
      hot list page verifier for verifying each portion on said hot list using said portion-level verifications.
  - 20. The module verifier of claim 14, where portion-level verification comprises:
    - secure function verifier for verifying at least one portion of said software module containing code related to security functionality before said security functionality is utilized.
  - 21. The module verifier of claim 14, where said portion-level verification creator comprises:
    - a modifier for modifying each portion of said software module to be verified to comprise all loading changes that would be implemented by a loader in loading said portion of said software module; and
      
      a hasher for hashing said modified portion.
  - 22. The module verifier of claim 14, where portion-level verification comprises:
    - a periodic verifier for periodically verifying a selected portion from among said at least two portions of said software module.
  - 23. The module verifier of claim 22, where said selected portion is selected randomly from said at least two portions.
  - 24. The module verifier of claim 22, where said periodic verification occurs according to a tunable parameter.
  - 25. The module verifier of claim 22, where said selected portion is selected based on a factor selected from among the following:
    - inclusion of said selected portion on a hot list;
      
      the time elapsed since the portion was last verified; and
      
      whether the portion had previously been verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Marr, Michael David, Brender, Scott A.

Granted Patent

US 7,831,838 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 2221/2125 Just-in-time application of...

Portion-level in-memory module authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

90 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Portion-level in-memory module authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links