DYNAMIC GENERATION OF INTEGRITY MANIFEST FOR RUN-TIME VERIFICATION OF SOFTWARE PROGRAM
First Claim
Patent Images
1. An apparatus comprising:
- a memory protection module to create a protected partition in a memory to store an image of a software agent; and
a manifest generation feature to generate an integrity manifest for the software agent from the image of the software agent, the integrity manifest including a relocation fix-up to indicate an offset value to redirect an operation within the software agent to a particular physical memory location, and an expected integrity check value based on the image of the software agent.
1 Assignment
0 Petitions
Accused Products
Abstract
A measurement engine generates an integrity manifest for a software program and uses it to perform active platform observation. The integrity manifest indicates an integrity check value for a section of the program'"'"'s code. The measurement engine computes a comparison value on the program'"'"'s image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program'"'"'s image is determined to be modified, and appropriate remedial action may be triggered.
105 Citations
20 Claims
-
1. An apparatus comprising:
-
a memory protection module to create a protected partition in a memory to store an image of a software agent; and a manifest generation feature to generate an integrity manifest for the software agent from the image of the software agent, the integrity manifest including a relocation fix-up to indicate an offset value to redirect an operation within the software agent to a particular physical memory location, and an expected integrity check value based on the image of the software agent. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
loading a section of a software program into a protected partition of memory in a system; generating, on the system, an integrity manifest for the software program, the integrity manifest including a relocation fix-up value and an expected integrity check value; storing, on the system, the integrity manifest; computing, during execution of the software program on the system, a measured integrity check value on the section of the software program; and comparing the measured integrity check value to the expected integrity check value; and determining that the section of the software program has been modified if the generated integrity check value and the expected value do not match. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a memory; a memory protection module to create a protected partition in the memory to store an image of a software agent; and a manifest generation feature to generate an integrity manifest for the software agent from the image of the software agent, the integrity manifest including a relocation fix-up to indicate an offset value to redirect an operation within the software agent to a particular physical memory location, and an expected integrity check value based on the image of the software agent. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification