METHOD AND SYSTEM FOR MEASURING STATUS AND STATE OF REMOTELY EXECUTING PROGRAMS
First Claim
1. A method for evaluating a server execution environment comprising the steps of:
- selecting one or more parts of a server environment to measure;
measuring the one or more parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part;
aggregating the unique fingerprints by an aggregation function to create an aggregated value; and
sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing attestation and/or integrity of a server execution environment are described. One or more parts of a server environment are selected for measurement. The one or more parts in a server execution environment are measured, and the measurements result in a unique fingerprint for each respective selected part. The unique fingerprints are aggregated by an aggregation function to create an aggregated value, which is determinative of running programs in the server environment. A measurement parameter may include the unique fingerprints, the aggregated value or a base system value and may be sent over a network interface to indicate the server environment status or state.
-
Citations
35 Claims
-
1. A method for evaluating a server execution environment comprising the steps of:
-
selecting one or more parts of a server environment to measure; measuring the one or more parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part; aggregating the unique fingerprints by an aggregation function to create an aggregated value; and sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for providing attestation in a server execution environment, comprising the steps of:
-
measuring one or more parts of a server execution environment such that measurements are taken which result in a unique fingerprint for each respective selected part;
wherein the step of measuring further comprises the step of;measuring code as the code is being loaded if the code was not measured before or a measurement entry of the code is marked to have possibly changed since a last measurement; aggregating the unique fingerprints by an aggregation function to create an aggregated value; sending a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value over a network interface to indicate a system status or state. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. An attestation/integrity system for network environments, comprising:
-
a server execution environment including one or more running programs, the server execution environment including one or more parts which are subject to measurement; a measurement agent which measures the one or more parts in a server execution environment, the measurements resulting in a unique fingerprint for each respective selected part; an aggregation function which aggregates the unique fingerprints to create an aggregated value; and a measurement parameter which includes at least one of the unique fingerprints, and the aggregated value which is sent over a network interface to indicate a system status or state of the server environment. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification