Manifest-based trusted agent management in a trusted operating system environment

US 20050278477A1
Filed: 08/18/2005
Published: 12/15/2005
Est. Priority Date: 11/16/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving a request to execute a process;

setting up a memory space for the process;

accessing a manifest corresponding to the process; and

limiting which of a plurality of binaries can be executed in the memory space based on indicators, of the binaries, that are included in the manifest.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Manifest-based trusted agent management in a trusted operating system environment includes receiving a request to execute a process is received and setting up a virtual memory space for the process. Additionally, a manifest corresponding to the process is accessed, and which of a plurality of binaries can be executed in the virtual memory space is limited based on indicators, of the binaries, that are included in the manifest.

104 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a request to execute a process;
  
  setting up a memory space for the process;
  
  accessing a manifest corresponding to the process; and
  
  limiting which of a plurality of binaries can be executed in the memory space based on indicators, of the binaries, that are included in the manifest.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. A method as recited in claim 1, wherein the manifest includes both a list of a first set of indicators of binaries that can be executed in the memory space and a list of a second set of indicators of binaries that cannot be executed in the memory space.
  - 3. A method as recited in claim 1, further comprising receiving, with the request, the manifest.
  - 4. A method as recited in claim 1, wherein limiting which of a plurality of binaries can be executed in the memory space comprises:
    - loading a set of binaries into the memory space;
      
      checking whether each binary in the set is consistent with the manifest; and
      
      not allowing any of the binaries in the set to be executed unless all binaries in the set are consistent with the manifest.
  - 5. A method as recited in claim 4, wherein checking whether each binary in the set is consistent with the manifest comprises checking, for each binary, whether a certificate or a certificate hash corresponding to the binary is included in a list of authorized binaries and is not included in a list of non-authorized binaries.
  - 6. A method as recited in claim 4, wherein limiting which of a plurality of binaries can be executed in the memory space further comprises:
    - allowing the binaries in the set to be executed if all binaries in the set are consistent with the manifest;
      
      receiving a request to load an additional binary into the memory space;
      
      checking whether the additional binary is consistent with the manifest; and
      
      allowing the additional binary to be loaded into the memory space and executed if it is consistent with the manifest, otherwise not loading the additional binary into the memory space.
  - 7. A method as recited in claim 1, wherein limiting which of a plurality of binaries can be executed in the memory space comprises, for each of the plurality of binaries:
    - checking whether the binary is consistent with the manifest;
      
      loading the binary into the memory space if the binary is consistent with the manifest; and
      
      not loading the binary into the memory space if the binary is inconsistent with the manifest.
  - 8. A method as recited in claim 7, wherein checking whether the binary is consistent with the manifest comprises checking whether a certificate or a certificate hash corresponding to the binary is included in a list of authorized binaries and is not included in a list of non-authorized binaries.
  - 9. A method as recited in claim 7, wherein limiting which of a plurality of binaries can be executed in the memory space further comprises:
    - receiving a request to load an additional binary into the memory space;
      
      checking whether the additional binary is consistent with the manifest; and
      
      allowing the additional binary to be loaded into the memory space and executed if it is consistent with the manifest, otherwise not loading the additional binary into the memory space.
  - 10. A method as recited in claim 1, wherein memory space comprises a virtual memory space.
  - 11. A method as recited in claim 1, wherein the manifest comprises data indicating whether a particular one or more binaries can be loaded into the memory space for the process.
  - 12. A method as recited in claim 1, wherein the manifest comprises:
    - a first portion including data representing a unique identifier of the process;
      
      a second portion including data indicating whether a particular one or more binaries can be loaded into the memory space for the process;
      
      a third portion derived from the data in both the first portion and the second portion by generating a digital signature over the first and second portions;
      
      a fourth portion that includes data representing a list of one or more export statements that allow a secret associated with the process to be exported to another process; and
      
      a fifth portion that includes data representing a set of properties corresponding to the manifest.
  - 13. A method as recited in claim 1, further comprising:
    - receiving, from the process, a request to securely store a secret, wherein the request includes, the secret, a public key of a public-private key pair of a party that generated a manifest for the process, an identifier of the party, and a set of one or more versions of the manifest that should be allowed to retrieve the secret; and
      
      having the secret encrypted.
  - 14. A method as recited in claim 1, further comprising:
    - receiving, from the process, a request to securely store a secret, wherein the request includes, the secret, and an identifier of one or more manifests that should be allowed to retrieve the secret; and
      
      having the secret encrypted.
  - 15. A method as recited in claim 1, further comprising:
    - receiving, from the process, a request to retrieve a secret securely stored by a previous process;
      
      comparing the manifest identifier of the requesting process to a collection of one or more manifest identifiers with which the secret was originally sealed; and
      
      determining whether to reveal the secret to the process based at least in part on whether the manifest identifier of the requesting process and one of the collection of manifest identifiers are the same.
  - 16. A method as recited in claim 1, further comprising:
    - receiving encrypted data;
      
      decrypting the data;
      
      identifying a plurality of conditions in the data;
      
      checking whether the manifest satisfies all of the plurality of conditions; and
      
      allowing the process to retrieve a secret in the encrypted data only if the manifest satisfies all of the plurality of conditions.
  - 17. A method as recited in claim 1, further comprising:
    - receiving encrypted data;
      
      decrypting the data;
      
      identifying one or more conditions in the data;
      
      checking whether the data satisfies the one or more conditions; and
      
      allowing the process to retrieve a secret in the encrypted data only if the data satisfies the one or more conditions.
  - 18. A method as recited in claim 1, further comprising:
    - receiving, from the process, a request to generate a digitally signed statement; and
      
      generating a digitally signed statement including an identifier of the manifest corresponding to the process.

19. One or more computer readable media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to:
- set up a virtual memory space for a trusted application process;
  
  obtain a manifest corresponding to the trusted application process;
  
  identify, from the manifest, a plurality of binary indicators; and
  
  restrict which of multiple binaries can be executed in the virtual memory space based on the plurality of binary indictors.
- View Dependent Claims (20)
- - 20. One or more computer readable media as recited in claim 19, wherein the instructions that cause the one or more processors to restrict which of multiple binaries can be executed in the virtual memory space cause the one or more processors to:
    - load a set of binaries into the virtual memory space;
      
      check whether each binary in the set is consistent with the manifest; and
      
      not allow any of the binaries in the set to be executed unless all binaries in the set are consistent with the manifest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Simon, Daniel R., England, Paul, Peinado, Marcus, Benaloh, Josh D.

Application Number

US11/207,081
Publication Number

US 20050278477A1
Time in Patent Office

Days
Field of Search
US Class Current

711/100
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 21/57   Certifying or maintaining t...

Manifest-based trusted agent management in a trusted operating system environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

104 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Manifest-based trusted agent management in a trusted operating system environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links