Signed Manifest for Run-Time Verification of Software Program Identity and Integrity

US 20110231668A1
Filed: 05/27/2011
Published: 09/22/2011
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1-13. -13. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A measurement engine performs active platform observation. A program includes an integrity manifest to indicate an integrity check value for a section of the program'"'"'s source code. The measurement engine computes a comparison value on the program'"'"'s image in memory and determines if the comparison value matches the expected integrity check value. If the values do not match, the program'"'"'s image is determined to be modified, and appropriate remedial action can be triggered. The integrity manifest can include a secure signature to verify the validity of the integrity manifest.

Citations

28 Claims

1-13. -13. (canceled)

14. An article of manufacture comprising a machine accessible medium having content to provide instructions which, when executed, result in the performance of operations including:
- loading a known good integrity check value into a memory local to a measurement engine;
  
  computing an algorithm on a portion of an agent in a system memory to generate an integrity check value for the agent in system memory;
  
  comparing the generated integrity check value with the known good integrity check value to determine if the integrity check values match; and
  
  reporting an error condition if the integrity check values do not match.
- View Dependent Claims (15, 16, 17)
- - 15. An article of manufacture according to claim 14, further comprising the content to provide instructions to result in:
    - determining for a dynamically assigned address referenced within the agent a memory address offset as applied to the dynamically assigned address in conjunction with loading the agent into the system memory;
      
      wherein computing the algorithm to generate the integrity check value on the portion of the agent comprises reversing the offset to determine a pre-offset value for the dynamically assigned address referenced within the agent, and computing the algorithm on the portion of the agent with the pre-offset value.
  - 16. An article of manufacture according to claim 15, wherein the dynamically assigned address referenced within the agent comprises a dynamically addressed function call.
  - 17. An article of manufacture according to claim 14, further comprising the content to provide instructions to result in:
    - halting execution of the software program if the generated integrity check value and the expected value do not match.

18. An apparatus comprising:
- a memory with an image of a software agent having an integrity manifest, the integrity manifest including a relocation fix-up to indicate an offset value to redirect an operation within the software agent to a particular physical memory location, and an identity test value derived from the source code of the software agent;
  
  a processor coupled to the memory to execute the software agent; and
  
  an active management module coupled to the memory to derive an additional identity test value from the image of the software agent in memory, compare the identity test value derived from the image in memory to the identity test value derived from the source code, and indicate an agent identification failure if the identity test values do not match.
- View Dependent Claims (19, 20, 21, 22)
- - 19. An apparatus according to claim 18, wherein the software agent comprises one of:
    - a device driver, an operating system invariant, or a security module.
  - 20. An apparatus according to claim 19, wherein the operating system invariant comprises one of:
    - a loader or a symbol table.
  - 21. An apparatus according to claim 19, wherein the security module comprises one of:
    - a software firewall, an intrusion detection system, or an antivirus program.
  - 22. An apparatus according to claim 18, the active management module coupled to the memory comprising a service processor of the active management module having a direct memory access interface to the memory.

23. A system comprising:
- a memory having instructions thereon to implement a software program, the software program having an integrity manifest with a relocation fix-up including a physical memory offset value, and an integrity check value representing the result of a cryptographic hash of a section of the software program source code from which the instructions come;
  
  a service processor coupled to the memory to compare a cryptographic hash of a section of the instructions corresponding to the section of the software program source code to the integrity check value to determine if the instructions in the memory are altered from the source code, and indicate if the instructions in the memory are altered;
  
  a network interface coupled to the service processor having an out-of-band communication channel between the service processor and a remote administrator; and
  
  a twisted pair communication line coupled to the network interface to transmit the indication of whether the instructions in the memory are altered.
- View Dependent Claims (24, 25)
- - 24. A system according to claim 23, wherein the physical memory offset value comprises the actual physical memory offset applied to function calls within the source code when the software program was loaded into the memory, and wherein to compare the cryptographic hash of the section of the instructions to the integrity check value further comprises reverting the address of the function calls to the (pre-offset memory address prior to performing the cryptographic hash on the section of instructions.
  - 25. A system according to claim 24, further comprising the service processor to store the result of the cryptographic hash on the section of the instructions as the integrity check value for a subsequent comparison.

26. A method comprising:
- generating an integrity cheek value on a section of a software program; and
  
  storing the generated integrity check value with the software program to be used as an expected value to verify an image of the software program as loaded into a system memory.
- View Dependent Claims (27, 28)
- - 27. A method according to claim 26, further comprising signing the integrity check value with a hash function based at least in part on a cryptographic key, the result of the hash to be stored with the integrity check value with the software program.
  - 28. A method according to claim 26, further comprising:
    - generating a test integrity check value on a section of the software program loaded from a storage into the system memory;
      
      comparing the generated test integrity check value to the expected value; and
      
      determining that the section of the software program has been modified if the generated integrity check value and the expected value do not match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Grewal, Karanvir "Ken", Schluessler, Travis, Cox, George, Durham, David

Granted Patent

US 8,601,273 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/187
CPC Class Codes

G06F 21/54   by adding security routines...

H04L 2209/60   Digital content management,...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 9/004   for fault attacks

H04L 9/3236   using cryptographic hash fu...

Signed Manifest for Run-Time Verification of Software Program Identity and Integrity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Signed Manifest for Run-Time Verification of Software Program Identity and Integrity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links