METHOD AND SYSTEM FOR MEASURING STATUS AND STATE OF REMOTELY EXECUTING PROGRAMS

US 20080235372A1
Filed: 06/02/2008
Published: 09/25/2008
Est. Priority Date: 12/12/2003
Status: Active Grant

First Claim

Patent Images

1. A method for evaluating a server execution environment comprising the steps of:

selecting one or more parts of a server environment to measure;

measuring the one or more parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part;

aggregating the unique fingerprints by an aggregation function to create an aggregated value; and

sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing attestation and/or integrity of a server execution environment are described. One or more parts of a server environment are selected for measurement. The one or more parts in a server execution environment are measured, and the measurements result in a unique fingerprint for each respective selected part. The unique fingerprints are aggregated by an aggregation function to create an aggregated value, which is determinative of running programs in the server environment. A measurement parameter may include the unique fingerprints, the aggregated value or a base system value and may be sent over a network interface to indicate the server environment status or state.

Citations

35 Claims

1. A method for evaluating a server execution environment comprising the steps of:
- selecting one or more parts of a server environment to measure;
  
  measuring the one or more parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part;
  
  aggregating the unique fingerprints by an aggregation function to create an aggregated value; and
  
  sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, further comprising the step of loading one or more executable programs into a server memory to create the server execution environment.
  - 3. The method as recited in claim 2, wherein the executable programs include one or more execution parameters to be measured in the measuring step.
  - 4. The method as recited in claim 1, further comprising the step of storing the aggregated value in a secure location.
  - 5. The method as recited in claim 1, wherein the measurement parameters include a base system measure and the method further comprises the step of employing the base system measure determined from a set of firmware and base operating system parameters of the server.
  - 6. The method as recited in claim 5, wherein the step of sending a measurement parameter includes sending at least one of the unique fingerprints, the aggregated value and the base system measure over the network interface to indicate a system status or state.
  - 7. The method as recited in claim 1, further comprising the step of challenging the server environment from a remote system to determine a list of programs running in the server environment.
  - 8. The method as recited in claim 1, further comprising the step of challenging the server environment from a remote system to determine if the server environment is secure for performing a transaction.
  - 9. The method as recited in claim 1, wherein the aggregated value includes information regarding an accumulation of events from boot up of the server execution environment.
  - 10. The method as recited in claim 1, wherein the step of measuring includes loading code into a system only if a measurement value of the system is member of a given set of measurement values.
  - 11. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for providing attestation of a server execution environment, as recited in claim 1.

12. A method for providing attestation in a server execution environment, comprising the steps of:
- measuring one or more parts of a server execution environment such that measurements are taken which result in a unique fingerprint for each respective selected part;
  
  wherein the step of measuring further comprises the step of;
  
  measuring code as the code is being loaded if the code was not measured before or a measurement entry of the code is marked to have possibly changed since a last measurement;
  
  aggregating the unique fingerprints by an aggregation function to create an aggregated value;
  
  sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 13. The method as recited in claim 12, wherein the step of measuring code includes loading code into a system only if a measurement value of code to be loaded is a member of a given set of measurement values.
  - 14. The method as recited in claim 12, wherein the step of measuring code further comprises the step of:
    - if an earlier measurement exists for the code and a new measurement is different, marking the earlier measurement as changed and adding the new measurement to a list.
  - 15. The method as recited in claim 12, further comprising the step of tracking changes in the code to avoid unnecessary measurements of the same code and to prevent multiple measurements for entries of the same code from being stored.
  - 16. The method as recited in claim 12, wherein the step of measuring code further comprises the step of:
    - if an earlier measurement exists and a new measurement is the same as the earlier measurement, ignoring the new measurement and marking the earlier measurement entry as unchanged.
  - 17. The method as recited in claim 12, further comprising the step of loading one or more executable programs into a server memory to create the server execution environment.
  - 18. The method as recited in claim 17, wherein the executable programs include one or more execution parameters to be measured in the measuring one or more parts of a server execution environment step.
  - 19. The method as recited in claim 12, further comprising the step of storing the aggregated value in a secure location.
  - 20. The method as recited in claim 12, wherein the measurement parameters include a base system measure and the method further comprises the step of employing the base system measure determined from a set of firmware and base operating system parameters of the server.
  - 21. The method as recited in claim 20, wherein the step of sending a measurement parameter includes sending at least one of the unique fingerprints, the aggregated value and the base system measure over the network interface to indicate a system status or state.
  - 22. The method as recited in claim 12, further comprising the step of challenging the server environment from a remote system to determine a list of programs running in the server environment.
  - 23. The method as recited in claim 12, further comprising the step of challenging the server environment from a remote system to determine if the server environment is secure for performing a transaction.
  - 24. The method as recited in claim 12, wherein the aggregated value includes information regarding an accumulation of events from boot up of the server execution environment.
  - 25. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for providing attestation of a server execution environment, as recited in claim 12.

26. An attestation/integrity system for network environments, comprising:
- a server execution environment including one or more running programs, the server execution environment including one or more parts which are subject to measurement;
  
  a measurement agent which measures the one or more parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part;
  
  an aggregation function which aggregates the unique fingerprints to create an aggregated value; and
  
  a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value which is sent over a network interface to indicate a system status or state of the server environment.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 27. The system as recited in claim 26, wherein the server environment includes one or more executable programs loaded into a server to create the server execution environment.
  - 28. The system as recited in claim 27, wherein the executable programs include one or more execution parameters to be measured by the measuring agent.
  - 29. The system as recited in claim 26, further comprising a secure location for storing the aggregated value.
  - 30. The system as recited in claim 26, wherein the measurement parameter includes a base system measure determined from a set of firmware and base operating system parameters of the server execution environment.
  - 31. The method as recited in claim 30, wherein the measurement parameter includes at least one of the unique fingerprints, the aggregated value and the base system measure.
  - 32. The system as recited in claim 26, further comprising a challenger remotely disposed from the server execution environment, the challenger capable of requesting and receiving a list of programs running in the server environment during runtime of the server execution environment.
  - 33. The system as recited in claim 26, further comprising a challenger remotely disposed from the server execution environment, the challenger capable of determining if the server execution environment is secure for performing a transaction by requesting the measurement parameter.
  - 34. The system as recited in claim 26, wherein the aggregated value includes information regarding an accumulation of events from boot up of the server execution environment.
  - 35. The method as recited in claim 26, wherein the system only loads code when a measurement value of the code is member of a given set of measurement values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Leendert Peter Van Doorn, Reiner Sailer, Xiaolan Zhang
Original Assignee
Leendert Peter Van Doorn, Reiner Sailer, Xiaolan Zhang
Inventors
Sailer, Reiner, van Doorn, Leendert Peter, Zhang, Xiaolan

Granted Patent

US 7,882,221 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/224
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

METHOD AND SYSTEM FOR MEASURING STATUS AND STATE OF REMOTELY EXECUTING PROGRAMS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR MEASURING STATUS AND STATE OF REMOTELY EXECUTING PROGRAMS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links