Portion-level in-memory module authentication
First Claim
1. A method of verifying the integrity of a software module where at least one portion of said software module is loaded into memory of a computing environment for execution, comprising:
- for a specific portion from among said at least one portion of said software module, retrieving corresponding portion-level verification data, said portion-level verification data allowing verification of said specific portion of said software module; and
using said corresponding portion-level verification data to verify said specific portion of said software module as loaded into memory.
2 Assignments
0 Petitions
Accused Products
Abstract
Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by using pre-computed portion-level verification data for portions of the module smaller than the whole (e.g. at the page-level). A portion of the module as loaded into memory for execution can be verified. Pre-computed portion-level verification data is retrieved from storage and used to verify the loaded portions of the executable. Verification data may be, for example, a digitally signed hash of the portion. Where the operating system loader has modified the portion for execution, the modifications are reversed, removing any changes performed by the operating system. If the portion has not been tampered, this will return the portion to its original pre-loaded state. This version is then used to determine validity using the pre-computed portion-level verification. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually reverified, in order to ensure that no malicious changes have been made in the module.
-
Citations
41 Claims
-
1. A method of verifying the integrity of a software module where at least one portion of said software module is loaded into memory of a computing environment for execution, comprising:
-
for a specific portion from among said at least one portion of said software module, retrieving corresponding portion-level verification data, said portion-level verification data allowing verification of said specific portion of said software module; and
using said corresponding portion-level verification data to verify said specific portion of said software module as loaded into memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of verifying the integrity of a software module where at least one portion of said software module is loaded into memory of a computing environment for execution, comprising:
-
identifying at least two portions of said software module;
for each of said at least two portions of said software module, creating corresponding portion-level verification data; and
storing said portion-level verification data. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A module verifier for verifying the integrity of a software module where at least one portion of said software module is loaded into memory of a computing environment for execution, comprising:
-
portion-level verification data retrieval for, for a specific portion from among said at least one portion of said software module, retrieving corresponding portion-level verification data, said portion-level verification data allowing verification of said specific portion of said software module; and
portion-level verifier for using said corresponding portion-level verification data to verify said specific portion of said software module as loaded into memory. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A portion-level verification initiator for verifying the integrity of a software module where at least one portion of said software module is loaded into memory of a computing environment for execution, comprising:
-
a portion-level verification creator for, for each of said at least two portions of said software module, creating corresponding portion-level verification data; and
storage for storing said portion-level verification data. - View Dependent Claims (38, 39, 40, 41)
-
Specification