Dynamic measurement of an operating system in a virtualized system

US 20080059726A1
Filed: 08/31/2006
Published: 03/06/2008
Est. Priority Date: 08/31/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

accessing a dirty bitmap associated with an operating system execution, the dirty bitmap comprising an indication of memory locations that have been modified since a previous access;

analyzing the dirty bitmap to determine one or more memory locations associated with the operating system to measure; and

measuring the determined memory locations to produce measurements of the memory locations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and media for dynamic measurement of operating systems in a virtualized system are disclosed. Some embodiments may include accessing a dirty bitmap associated with an operating system executing in a virtualized system where the dirty bitmap may include an indication of memory locations that have been modified since a previous access. Embodiments may also include analyzing the dirty bitmap to determine one or more memory locations associated with the operating system to measure and measuring the determined memory locations to produce measurements of the memory locations. Embodiments may also include performing an action based on the measurements of the memory locations. Other embodiments are disclosed and claimed.

Citations

29 Claims

1. A method comprising:
- accessing a dirty bitmap associated with an operating system execution, the dirty bitmap comprising an indication of memory locations that have been modified since a previous access;
  
  analyzing the dirty bitmap to determine one or more memory locations associated with the operating system to measure; and
  
  measuring the determined memory locations to produce measurements of the memory locations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising initializing a measurement agent for the operating system.
  - 3. The method of claim 1, further comprising placing the operating system in a dirty logging mode.
  - 4. The method of claim 1, further comprising determining a known good state for the operating system.
  - 5. The method of claim 1, further comprising performing an action based on the measurements of the memory locations.
  - 6. The method of claim 4, wherein measuring the determined memory locations to produce measurements of the memory location comprises comparing the memory locations to the determined known good state.
  - 7. The method of claim 1, wherein the one or more memory locations comprise one or more memory pages.
  - 8. The method of claim 1, wherein measuring the determined memory locations to produce measurements of the memory location comprises measuring memory locations related to the determined memory locations in addition to the determined memory locations.
  - 9. The method of claim 1, wherein measuring the determined memory locations to produce measurements of the memory location comprises suspending execution of the operating system to complete measurement of the memory locations.
  - 10. The method of claim 1, wherein performing an action based on the measurements of the memory locations comprises one or more of halting execution of the operating system, generating a notification associated with the measurements, and logging an indication of the measurements.

11. An article comprising a machine-readable medium that contains instructions, which when executed by a processing platform, cause said processing platform to perform operations comprising:
- accessing a dirty bitmap associated with an operating system executing in a virtualized system, the dirty bitmap comprising an indication of memory locations that have been modified since a previous access;
  
  analyzing the dirty bitmap to determine one or more memory locations associated with the operating system to measure; and
  
  measuring the determined memory locations to produce measurements of the memory locations.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The machine-accessible medium of claim 11, further comprising initializing a measurement agent for the operating system.
  - 13. The machine-accessible medium of claim 11, further comprising determining a known good state for the operating system.
  - 14. The machine-accessible medium of claim 13, wherein measuring the determined memory locations to produce measurements of the memory location comprises comparing the memory locations to the determined known good state.
  - 15. The machine-accessible medium of claim 11, wherein the one or more memory locations comprise one or more memory pages.
  - 16. The machine-accessible medium of claim 11, wherein measuring the determined memory locations to produce measurements of the memory location comprises measuring memory locations related to the determined memory locations in addition to the determined memory locations.
  - 17. The machine-accessible medium of claim 11, wherein measuring the determined memory locations to produce measurements of the memory location comprises suspending execution of the operating system to complete measurement of the memory locations.
  - 18. The machine-accessible medium of claim 11, wherein performing an action based on the measurements of the memory locations comprises one or more of halting execution of the operating system, generating a notification associated with the measurements, and logging an indication of the measurements.

19. A virtual machine environment system, comprising:
- a virtual machine monitor (VMM);
  
  a first virtual machine, the first virtual machine comprising a guest operating system; and
  
  a measurement agent to iteratively measure memory associated with the guest operating system, the measurement agent comprising;
  
  a dirty bitmap analyzer to access and analyze a dirty bitmap associated with the guest operating system to determine one or more memory locations associated with the operating system that have changed since a previous access; and
  
  a measurement module to measure the determined memory locations to produce measurements of the memory locations.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The system of claim 19, further comprising a second virtual machine, and wherein the measurement agent executes on the second virtual machine.
  - 21. The system of claim 19, wherein the measurement agent further comprises an operating system integrity module to perform an action based on the measurements of the memory locations.
  - 22. The system of claim 19, wherein the measurement agent further comprises an VMM interface to facilitate communication between the measurement agent and the virtual machine monitor.
  - 23. The system of claim 19, wherein the measurement module measures the determined memory locations by comparing the memory locations to a known good state.
  - 24. The system of claim 19, wherein the one or more memory locations comprise one or more memory pages.

25. A measurement agent system, comprising:
- a dirty bitmap analyzer to access and analyze a dirty bitmap associated with a guest operating system to determine one or more memory locations associated with the operating system that have changed since a previous access;
  
  a measurement module to measure the determined memory locations to produce measurements of the memory locations; and
  
  an operating system integrity module to perform an action based on the measurements of the memory locations.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The system of claim 25, further comprising a virtual machine monitor (VMM) interface to facilitate communication with a virtual machine monitor.
  - 27. The system of claim 25, wherein the measurement agent system executes on a virtual machine (VM).
  - 28. The system of claim 25, wherein the measurement module measures the determined memory locations by comparing the memory locations to a known good state.
  - 29. The system of claim 25, wherein the one or more memory locations comprise one or more memory pages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Neugebauer, Rolf, Rozas, Carlos

Application Number

US11/513,963
Publication Number

US 20080059726A1
Time in Patent Office

Days
Field of Search
US Class Current

711/156
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 9/45533 Hypervisors; Virtual machin...

Dynamic measurement of an operating system in a virtualized system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic measurement of an operating system in a virtualized system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links